Blogs > Biz Law Blog

Hack Attack: SEC Charges 18 Individuals and Entities with Microcap “Pump and Dump”

SEC Charges 18 Individuals and Entities with Microcap "Pump and Dump."

Traditional “Pump and Dump” schemes involve stimulating investor interest in low-cost (typically less than $1 per share) stock using press releases, cold calls, and social media advertising to spread false or misleading information about the issuing company. As the U.S. Securities and Exchange Commission (“SEC”) warns on its “” website, “fraudsters typically …[seek] to create a buying frenzy that will ‘pump’ up the price of a stock and then ‘dump’ [i.e. sell] …their own shares at the inflated price.” See my July 25, 2022, blog “Mony a Mickle Maks a Muckle: SEC Charges Foreign Nationals with Two Microcap Frauds,” where the prices of the low-priced stock (generally called “microcap” securities or “penny stock”) were inflated because of undisclosed promotional campaigns, followed by carefully organized selling operations at the peak prices by the miscreants. Now comes a major technological innovation to such a scheme (the “Hack Attack”), where there is only limited need to expend the time, money, or efforts on a promotional campaign to raise the stock price; the retail investors do not have to be induced to actually buy the “dumped” stock.

On Monday, August 15, 2022, the SEC filed a Complaint (the “Complaint”) in the Federal Court for the Northern District of Georgia, Atlanta Division, charging 13 individuals, five entities, and two relief defendants with i) illegally accessing at least 31 retail brokerage accounts in the U.S. in late summer of 2017 and in early 2018; and ii) causing those accounts to purchase the securities of two microcap securities: Lotus Bio-Technology Development Corp., a Nevada corporation based in Port Coquitlam, British Columbia, Canada, after moving from Point Roberts, Washington (“LBTD”); and Good Gaming, Inc., f/k/a HDS International Corp., also a Nevada corporation based in Kennett Square, Pennsylvania (“GG”). The stock of each company is quoted on the OTC Link operated by OTC Markets Group, Inc. For a detailed description of the OTC Market Group, Inc., and the OTC Link, see my Oct. 29, 2020, Blog “Keeping Securities Disclosures in the Pink: Amendments to SEC Rule 15c2-11.” LBTD claimed to be a start-up in a variety of businesses, including low-budget films as well as Chinese organic foods and cannabidiol. GG claimed it was an online gaming company. The SEC’s Aug. 15, 2022, Press Release (the “Press Release”) concerning this case asserts that the actions of the Defendants reaped “more than $1 million in illicit proceeds.”

I noted the Commission’s concerns about cyber security and retail brokerage accounts in my Nov. 19, 2020, blog “Credential Stuffing: Cyber Intrusions Into Client Accounts of Broker/Dealers and Investment Advisors.” That concern was particularly manifested by the SEC’s 2017 establishment of the Crypto Assets and Cyber Unit (the “CAC Unit”) in the Division of Enforcement to deal with the growing number of problems and frauds involving crypto assets and/or cyber activities. The CAC Unit underwent a major increase in personnel on May 3, 2022. The Press Release reports that the SEC investigation of the Hack Attack “is being supervised by [the] Acting Chief of the … [CAC Unit]” (together with another unit in the SEC Division of Enforcement and an SEC Regional Office), underscoring the Commission’s response to threats by digital intruders to retail investors and the American capital markets.

The defendants are a cosmopolitan bunch: of the 13 individuals, seven are Canadian residents (five from British Columbia and two from Alberta), four are British citizens (three of whom reside in the Dominican Republic and the other in British Columbia), and two are residents of Illinois. Of the five entities, two are Wyoming limited liability companies, one is a Nevada entity that reincorporated in Wyoming in March 2019, and two are Nevis entities based in the Dominican Republic. The two relief defendants are a Quebec corporation and an individual resident of either California or Georgia (apparently the Commission could not pin down which location is his legal residence). One of the Alberta, Canada, defendants is Rahim Mohamed (“Mohamed”), a Canadian citizen, who also sometimes resides in the Cayman Islands.  Mohamed owns or controls a brokerage firm in the Cayman Islands, and according to the Complaint, coordinated at least some of the hacks of the retail brokerage accounts. In addition to the “pump and dump” of securities, some of the individual defendants (the Tangs, a husband and wife; and the Wongs, a father and daughter, all from British Columbia) organized the accumulation of shares of LBTD and GG stock, totally failing to file with the Commission either i) the Williams Act disclosure forms disclosing ownership or control of over 5% of a company’s stock; or ii) the insider ownership forms disclosing over 10% of a company’s stock. Mr. Wong is a cousin of Mrs. Tang and is the co-founder, with one of the other individual British Columbia defendants, of a privately-owned Canadian financial advisory firm. Ms. Wong has held a Canadian securities license since 2011 and had worked as a stockbroker for a Panamanian brokerage firm.

The internal transactions among the defendants leading to three major “dumps” (in August 2017, September 2017, and January 2018) of the two microcap securities are disclosed in mind-numbing detail in paragraphs numbered 42 to 151 in over 29 pages of the 55-page Complaint. The SEC investigation of these activities was assisted by 18 other law enforcement and regulatory bodies, as expressly noted in the Press Release. Those bodies are the Financial Industry Regulatory Authority in the U.S.; the Alberta Securities Commission; the Australia Securities and Investment Commission; the British Columbia Securities Commission; the Calgary [Canada] Police Service; the Cayman Islands Monetary Authority; the Dubai Financial Services Authority; the French Autorite des Marches Financiers; the Hong Kong Securities and Futures Commission; the Mauritius Financial Services Commission; the Ontario Securities Commission; the Quebec Autorite des Marches Financiers; the Royal Canadian Mounted Police; the Securities Commission of the Bahamas; the Surete du Quebec; the Superintendencia del Mercado de Valores de la Republica Dominicana; the Swiss Financial Market Supervisory Authority; and the United Kingdom Financial Conduct Authority.

The scope of the investigation bespeaks the impact of the Internet and the resulting “unification” of global capital markets into a single “Agora,” especially for those knowledgeable about brokerage operations, as was clearly the case with the Defendants in this matter. In the press release, the Director of the Commission’s Atlanta Regional Office (which, along with the CAC U and the Commission’s Market Abuse Unit, is supervising this investigation) asserts that the defendants engaged in “a brazen and sophisticated scheme, with hackers using international accounts and dummy accountholders to hide their tracks.” Gurbir S. Grewal, Director of the SEC’s Division of Enforcement (and formerly Attorney General of the State of New Jersey), is quoted in the Press Release as saying:

This case illustrates the critical importance of cybersecurity and of our ongoing efforts to protect retail investors from cyber fraud. The SEC remains committed to rooting out this type of wrongdoing. Investors should also take precautions, including choosing strong passwords, using different passwords for different accounts, and using two-factor authentication when available.

This “Brave New World” of a technology-driven “Agora” must be reasonably and diligently regulated, or the victimized retail Nietzschean “sheep” will revolt against the stock trading wolves, with potential Luddite consequences for our capital markets.

If you have any questions concerning this post or any related matter, please feel free to contact me at