42-year-old Nigerian national Bamidele Omotosho has been sentenced to 12 years and seven months in prison for his role in a series of cyber scams that resulted in millions of dollars in losses for U.S. citizens.

Omotosho and his co-conspirators laundered the stolen funds by using prepaid debit cards, depositing them into accounts opened using stolen PII data, and buying cars shipped back to Nigeria to be sold, according to a DOJ press release published on Tuesday.

Between 2017 and 2018, Omotosho conspired with others to purchase stolen credentials and personally identifiable information (including Social Security numbers) on the xDedic dark web cybercrime marketplace, which authorities shut down in January 2019.

The criminals used this information for at least six fraudulent schemes, allowing them to steal over $2 million (the Justice Department estimates over $7.5 million in intended losses).

They also applied for credit cards in identity theft schemes, targeted vulnerable individuals in romance fraud scams, and stole $250,000 from a pharmaceutical company in a business e-mail compromise attack.

One notable incident in which they were involved occurred in June 2017, when they hacked the Employees Retirement System of Texas (ERS) ‘s internet portal, creating fraudulent accounts and redirecting retirement payments meant for legitimate ERS participants into their own bank accounts.

Around the same time, they also breached the networks of multiple U.S. accounting firms, including in the Middle District of Florida and the Western District of Texas, stealing their clients’ personal information and using it to file fraudulent tax returns.

Law enforcement targeting illegal marketplaces

Omotosho was one of 19 suspects charged in January for their involvement in using and running the services of the now-defunct dark web xDedic cybercrime marketplace.

Since then, law enforcement also arrested 23-year-old Rui-Siang Lin, the alleged owner and operator of the Incognito dark web drug market that sold over $100 million worth of narcotics, who could face a mandatory minimum sentence of life in prison if found guilty.

Last year, authorities also seized the Genesis stolen credentials market and arrested 288 dark web drug vendors and buyers following a law enforcement operation codenamed Spector.

In June, the FBI seized the BreachForums hacking forum after arresting its owner, Connor Brian Fitzpatrick (also known as Pompompurin).

In December, an international police operation also led to the arrest of 3,500 cybercriminals and the seizure of over $300 million, while German police seized Kingdom Market, a dark web marketplace selling cybercrime tools, drugs, and fake government IDs.