Federal authorities on Wednesday arrested the founder of Bitzlato, a cryptocurrency exchange they said has been a financial haven for Russia-allied criminals involved in ransomware and illicit drug sales on the dark web.
Anatoly Legkodymov, a 40-year-old Russian citizen residing in Shenzhen, China, was arrested by US prosecutors in Miami on Wednesday said. Prosecutors claimed that Bitzlato processed approximately $4.58 billion worth of cryptocurrency transactions under Legkodymov’s supervision and that a “substantial portion of those transactions were proceeds of crime as well as funds destined for criminal transactions.” Bitzlato is known as a Virtual Asset Service Provider (VASP).
Ransomware and cybercrime bazaars – no questions asked
The US Department of Justice took action in cooperation with the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN), which enforces laws prohibiting domestic and international money laundering, terrorist financing and other financial crimes. A key part of the FinCEN agenda is enforcing sanctions against Russian companies, including ransomware groups, associated with that country.
Ransomware groups Bitzlato is said to have worked with include (1) the Russian-language DarkSide, which was responsible for the 2021 Colonial Pipeline cyberattack that caused gas shortages in the US southeast; (2) Phobos, whose ransomware has targeted hospitals; and (3) Conti, which swore allegiance to Russia after its invasion of Ukraine.
“Bitzlato plays a critical role in facilitating transactions for ransomware group Conti and other global ransomware actors, including actors operating out of Russia,” said Himamauli Das, Acting Director of FinCEN wrote. “As a result, FinCEN assesses that Bitzlato serves as a VASP that ultimately enables the profitability of ransomware attacks and, at least in Conti’s case, advances the political and economic destabilization interests of the Russian government.”
Alongside these groups, Das said, Bitzlato also worked with sanctioned cryptocurrency exchanges Chatex and Hydra, a massive cybercrime marketplace that facilitated the sale of more than $5 billion worth of illegal goods and services to about 17 million customers before it was closed last year.
“A significant portion of the cryptocurrency that Hydra received was sent directly from wallets at Bitzlato,” FBI Special Agent Ryan Rogers wrote in one statutory declaration. “Hydra was Bitzlato’s largest counterparty for cryptocurrency transactions, and Bitzlato served as Hydra’s second largest counterparty. Hydra buyers routinely funded their illicit purchases through cryptocurrency accounts hosted at Bitzlato, and sellers of illicit goods and services on the Hydra website routinely transferred their illicit proceeds to Bitzlato accounts.”
The affidavit claimed that Legkodymov was personally aware that his exchange was processing funds from illegal activities. The court document cited the Bitzlato website, which advertised “easy registration without KYC,” using the acronym for a requirement called “know your customer,” which requires financial institutions to know the identity of their customers.
Further evidence was part of a 2019 confiscated chat discussion in which Legkodymov allegedly told a colleague, “All traders are known to be crooks. Trade “drops” etc. They know they all (I think 90%) don’t trade them [identity] Cards.” The colleague is said to have answered “yes”.
Prosecutors also alleged that Bitzlato conducted extensive business with US-based customers and that service workers repeatedly advised users to transfer funds from US-based financial institutions. Legkodymov reportedly managed the business from Miami last year and this year and personally received reports of his website receiving a large number of visits from US-based IP addresses. For example, last August, the founder allegedly received an email reporting 264 million visits from such IP addresses, making the US the fourth-largest source of internet traffic for Bitzlato.
In parallel to the measures taken in the US on Wednesday, French authorities worked with Europol and partners in Spain, Portugal and Cyprus to dismantle Bitzlato’s domain name and digital infrastructure and confiscate Bitzlato’s cryptocurrency.
Legkodymov is accused of running an unlicensed money transfer business. If convicted, he faces a maximum sentence of five years in prison. The Russian was due to appear in court for the first time on Wednesday.
This article was previously published on Source link
