InfoSecBulletin Cybersecurity for mankind
18 companies in Sweden pretended to be legitimate data centers for AI or other activities, but actually evaded taxes and exploited tax incentives to mine cryptocurrency. The Swedish tax agency Skatteverket is requiring almost 1 billion kronor ($91 million) in extra taxes.
The Swedish Tax Agency audited 21 companies running data centers from 2020 to 2023 to prevent tax system attacks.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
According to the agency’s report, investigators have struggled to identify the individuals using the computers and the nature of the businesses being conducted in almost every instance.
“The companies we have audited have a particular approach to try to conceal that they are engaged in mining, that is, creating new units of cryptocurrencies. The purpose is that they want tax benefits they are not entitled to,” says Patrik Lillqvist, Intelligence Chief at the Swedish Tax Agency.
Decisions regarding tax adjustments amounting to a total of SEK 990 million have been made. This includes SEK 932 million in VAT changes and SEK 58 million in other tax supplements.
Some mining data centers have given incorrect business descriptions to the authorities. They claimed to do VAT-liable operations to get tax advantages using false grounds.
“There is an incentive for unscrupulous actors to conceal their cryptocurrency mining operations and instead claim that they are conducting VAT-liable business activities. In this way, tax revenues disappear from the country in the form of incorrect payments from the state, unpaid output VAT, and unreported crypto assets,” Lillqvist added, reported by cybernews.
The tax authority warned about the risk of money laundering due to the lack of regulatory supervision for mining data centers under the Money Laundering Act.
The tax authority stated that it’s uncertain how much cryptocurrency has been mined and sold, creating a risk of unreported sales causing additional income tax losses.
Higher authorities have reviewed ten decisions. In eight cases, the court rejected the companies’ appeals. In one case, the court partially granted the appeal.
How does the scheme work?
The report explained the scheme. A company is registered in Sweden to run a data center, hiding the fact that its main purpose is cryptocurrency mining. The representatives say the company also sells computing power to customers in other countries.
Another company is set up abroad to make it seem like it is buying services from the Swedish company. The sale of services from Swedish companies to foreign customers falls under VAT rules, allowing deduction and refund of input VAT.
“Through this approach, unscrupulous actors can deduct input VAT under false pretenses. They can also avoid paying output VAT on imported mining computers, which they would have had to pay if they had stated that they were conducting mining operations,” the agency explains.
In Sweden, mining Bitcoin, Monero, or other cryptocurrencies is not subject to reporting. The Tax Agency is unsure if crypto assets and their sales are reported in other countries.
Pretended to sell computing power for AI and graphic films:
Datorhall AB, a company that operates data centers and provides consulting services, has reported to authorities that it also develops high-performance computers. However, an investigation discovered that the company only had one customer, a foreign company with a connection to Datorhall. Additionally, Datorhall exclusively used crypto-mining computers.
Datacenter AB, a company, sells computing power for graphic film creation and AI support. The tax agency obtained web history and chat messages from company representatives, showing that 93% of searches were related to mining, while less than 1% were related to graphic film creation.
“Crypto will be the last word we will ever mention to anyone from day one. We are a data center with operations and computers that customers use for graphic films and artificial intelligence,” a message obtained from one of the Datacenter AB representatives reads.
Source: Cybernews
