logo

U.S. charges Joker's Stash and Rescator money launderers

U.S. charges Joker's Stash and Rescator money launderers

The U.S. Department of Justice (DoJ) has announced charges against two Russian nationals for operating billion-dollar money laundering services for cybercriminals, including ransomware groups.

The charges involve money laundering, bank fraud, and facilitating websites that sell stolen credit card information and personal data.

The two individuals are Sergey Ivanov, using the alias "Taleon,"and Timur Shakhmametov (a.k.a. "JokerStash" and "Vega").

Ivanov is accused of laundering over $1.15 billion in cryptocurrency via the UAPS, PinPays, and PM2BTC services, while Shakhmametov allegedly operated one of the largest carding markets, "Joker's Stash," which made profits of at least $280 million and up to $1 billion.

According to the DoJ, Shakhmametov promoted Joker's Stash on cybercriminal forums and was involved in bank fraud and money laundering in his role at the card shop.

UAPS and PinPays acted as intermediaries for money transfers and payments, and both were confirmed to have been involved in transactions with carding websites like Rescator.

Rescator allegedly sold data from the infamous Target PoS breach in 2013, when up to 40 million cards and data of about 70 million individuals were stolen.

PM2BTC was a cryptocurrency exchange working primarily with Bitcoin, helping criminals convert between crypto and fiat money without any know-your-customer (KYC) mechanism in place.

The U.S. DoJ says that between July 2013 and August 2024, approximately 32% of all Bitcoin transactions associated with Ivanov's platforms were traced back to criminal activity.

Joker's Stash was a popular, long-running card shop, offering for sale data from around 40 million payment cards every year. The platform operated between 2014 until 2021 when its administrator decided to shut it down.

Even three years after Joker's Stash threw in the towel, law enforcement authorities continued to collect and examine evidence, eventually leading to the person behind it.

This action took place under the same operation that targeted Cryptex, a cryptocurrency exchange that the U.S. Treasury sanctioned yesterday for laundering money from Russian ransomware groups.

The Dutch authorities seized servers hosting PM2BTC and Cryptex, and confiscated cryptocurrency worth over $7 million during the action.

Meanwhile, the U.S. Department of State announced rewards of up to $11 million for information leading to the whereabouts of Ivanov or Shakhmametov.

Last week, law enforcement authorities in Germany seized 47 cryptocurrency exchange platforms hosted in the country and operating in violation of KYC regulations, facilitating money laundering for cybercriminals, including ransomware gangs.

Notable platforms taken down as a result of the operation, codenamed "Final Exchange," include Xchange.cash, 60cek.org, Bankcomat.com, and Banksman.com, which collectively had over 1.2 million accounts and processed over 3.5 million transactions.


Free security scan for your website