Behind crypto broker accused of aiding ransomware hackers
A cryptocurrency broker that the United States sees as a key cog in the recent ransomware outbreak is legally registered in the Czech Republic, but does not appear to have an office there. It may operate from the tallest skyscraper in Moscow although it is not listed at the address.
Suex OTC last month earned the distinction of being the first digital currency company to be sanctioned by the United States as governments attempt to stem further attacks. And although he denies any involvement in the recent wave of cybercrime, experts say this is a prime example of a dark corner of the industry that has enabled hackers to thrive by empowering them. to launder millions of dollars in illicit digital products, either themselves or through “nested” intermediaries working in an exchange.
Suex OTC is a trading platform that allows cryptocurrency traders to buy and sell digital coins. The virtual currency exchange is accused by the United States of mixing legitimate digital currency transactions with illegal transfers of ransomware gangs, allowing them to launder profits from the type of attacks that have crippled hospitals, businesses, school districts and even a major pipeline on the east coast of the United States. .
The US Treasury Department alleges that Suex played a pivotal role in helping criminal hackers clean up and cash in their loot, mostly Bitcoin paid for by ransomware victims, before converting it into traditional currency.
“There is an illicit belly that has formed in this ecosystem,” said Todd Conklin, adviser to the Assistant Secretary of the Treasury. “We haven’t cleaned up the whole ecosystem yet and we certainly continue to investigate other nested exchanges and mixers, like Suex.”
Since at least 2018, Suex has converted cryptocurrency holdings to cash at physical offices in Moscow, St. Petersburg and possibly the Middle East, according to Chainalysis Inc., a blockchain forensics firm specializing in tracking the movement of digital currencies. whose clients have included US federal agencies. She is legally registered in the Czech Republic but apparently has no office there, according to Chainalysis. At the official address of any house in Prague’s Old Town, there is a clothing and antique store on the ground floor, as well as several residential units and a law firm.
The law firm at the address where Suex is registered specializes in incorporation and corporate governance services. A person from the company who answered a call from Bloomberg denied knowing about Suex and hung up.
According to Chainalysis, the company appears to operate out of Moscow’s 97-story Federation Tower East building. There is no public directory of tenants at the entrance, and the receptionist prohibits entry to anyone who has not been invited. Although Suex’s name is not on the address, according to building management, a company called Art of Web – which has Suex CEO and major shareholder Egor Petukhovsky – is.
Suex’s Petukhovsky did not respond to requests for comment. He denied in a recent Facebook post that he or his company helped launder money for hackers and promised to “stand up for my name in litigation” in the United States.
“I believe in independent justice and hope to return to normal life as soon as possible,” he said. Other Suex officials could not be located for comment.
By adding Suex to the Treasury Department’s list of sanctioned entities, US-based businesses and individuals are prohibited from transacting with them. While these sanctions likely won’t do much to expose Suex to legal authorities halfway around the world, the Biden administration hopes it can deter US-based ransomware victims from paying a ransom quickly. to solve their ordeal.
Brokers like Suex typically don’t build their own software systems to execute cryptocurrency transactions. Instead, these operators trade on third-party crypto exchanges. The Treasury Department declined to identify the exchanges it believed Suex had used, except to say “several.” Regulators around the world have called for tighter enforcement and regulations requiring exchanges to collect data to identify their customers.
Suex has so far received at least $ 160 million in Bitcoin from illicit and high-risk sources since 2018, according to Chainalysis. If correct, this is roughly 40% of Suex’s known transaction history related to hacker activity, including nearly $ 13 million from some of the most infamous ransomware groups: Ryuk and Conti, according to Chainalysis.
Many ransomware groups have been located in Russia and other countries which the United States claims have provided them with a safe haven. At a summit in June, President Joe Biden warned Russian President Vladimir Putin against continued attacks, especially against critical infrastructure. But cybergangs “still operate in the permissive environment they created there,” FBI Deputy Director Paul Abbate said earlier this month.
“Great Value Offers”
What is not clear is to what extent Suex is aware that it is being used to launder money, if it is simply turning a blind eye to illegal behavior by not carefully vetting its customers, or if The United States simply made a mistake in labeling Suex an illicit broker, as its CEO claims. As company management denies any connection to cyber gangs and their illegal activities, Maxim Kurbangaleev, who described himself as Suex’s co-founder on LinkedIn, described how quickly clients can start negotiating “Without the long and tedious sending of documents and without going through endless checks. “
The post, which was provided by blockchain intelligence firm TRM Labs, has since been deleted. It was not clear when Kurbangalev released the statement.
Many services that work with exchanges perform “know your client” checks to verify the identity of clients; Suex doesn’t, said Ari Redbord, head of legal and government affairs at TRM Labs and a former federal prosecutor and treasury official, who described Suex as a “parasitic exchange.”
“The difference between these and Suex is that Suex is part of a shadow crypto economy that thrives on skipping the proper compliance checks,” he said. The sanctions against Suex show that “the US government is going to go after unregulated trade,” Redbord said.
Suex has communicated widely with its clients through the Telegram app and accepted new clients on a referral system from trusted sources, according to TRM. Transactions were only made at Suex offices, where, one ad boasted, customers would be treated with cookies and tea.
Suex “seemed to deal almost exclusively with high value transactions – its minimum acceptable transaction was $ 10,000,” explains TRM. Then Suex executed clients’ trades on other exchanges, possibly without them knowing where Suex was getting the funds.
Warning to facilitators
The US actions against Suex follow other efforts to hold cryptocurrency brokers accountable for illicit activity.
BTC-e was shut down in 2017 after the United States accused Russian national Alexander Vinnik of overseeing a platform used by cybercriminals to move illicit digital goods anonymously and without control. BTC-e reportedly handled Bitcoin linked to the same Russian hacking group involved in hacking Democratic Party emails ahead of the 2016 presidential election, according to blockchain forensics firm Elliptic.
Vinnik was extradited from Greece to France, where he was sentenced in December to five years in a French prison.
Chainalysis data indicates that Suex processed more than $ 50 million in illicit funds on behalf of BTC-e and its users following the BTC-e withdrawal, including some transfers as late as this year.
Law enforcement has long feared that cryptocurrency companies could be used for money laundering and for criminal purposes. But it turns out that most coins can be traced, as all transactions occurring outside of centralized exchanges are recorded on digital ledgers, usually referred to as blockchains. Regulators and law enforcement actively use these services to catch bad actors around the world. Suex was just the last company to get caught.
Despite Suex’s denial, the Treasury Department’s crackdown should, at least temporarily, curtail the illicit pipeline of digital currency transfers, according to Elliptic co-founder Tom Robinson.
“This means one less place for ransomware gangs to cash in their winnings, although there are still plenty of other ways to do it,” he said. “For crypto exchanges, that means making sure they don’t launder the proceeds of crime is even more essential. They now have a real prospect of being cut off from the traditional financial system if they allow their players. “
© 2021 Bloomberg LP
The Luxembourg Times has a new LinkedIn page, follow us here! Get the Luxembourg Times delivered to your inbox twice a day. Sign up here to receive your free newsletters.