logo

US sanctions crypto exchanges used by Russian ransomware gangs

US Treasury

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Cryptex and PM2BTC, two cryptocurrency exchanges that laundered funds from Russian ransomware gangs and other cybercrime groups.

Cryptex (which used the cryptex[.]net domain) reportedly provides financial services to cybercriminals and laundered over $51 million in funds linked to ransomware attacks.

"Cryptex is also associated with over $720 million in transactions to services frequently used by Russia-based ransomware actors and cybercriminals, including fraud shops, mixing services, exchanges lacking KYC programs, and OFAC-designated virtual currency exchange Garantex," the Treasury said.

PM2BTC (who used the now-seized pm2btc[.]me domain) is accused of laundering virtual currency associated with ransomware and other illicit Russian activities. It allegedly facilitates currency-to-ruble conversions through U.S.-sanctioned financial institutions for Russian threat actors while failing to maintain anti-money laundering safeguards.

The Treasury Department linked the crypto exchanges to Sergey Sergeevich Ivanov (also known as Taleon), a Russian money launderer believed to have helped process hundreds of millions of dollars for ransomware actors, initial access brokers, darknet marketplace vendors, and various other threat actors over the last two decades.

"Through various payment processing services, including one that does business under the name 'UAPS,' Ivanov has served as the payment processor for various fraud shops, including OFAC-designated Genesis Market, whose website was taken down by law enforcement in 2023," the Treasury added.

The U.S. Department of State also offers a reward of up to $10 million through its Transnational Organized Crime Rewards Program for any information that could help arrest or convict Ivanov and Timur Shakhmametov, the operator of Jokers Stash, one of the largest and most profitable marketplaces for stolen credit card data and personally identifiable information.

Cryptex domain seizure banner
Cryptex domain seizure banner (BleepingComputer)

These actions are part of a broader coordinated international effort involving U.S. government agencies and foreign law enforcement, in collaboration with Operation Endgame, to disrupt Russian cybercrime services and dismantle financial enablers of transnational organized cybercrime.

As a result of today's sanction, U.S. citizens and organizations are prohibited from engaging in transactions with Ivanov, PM2BTC, or Cryptex. Any U.S.-based assets tied to them will be frozen, and U.S. financial institutions or foreign entities transacting with them will also face penalties.

"The United States and our international partners remain resolute in our commitment to prevent cybercrime facilitators like PM2BTC and Cryptex from operating with impunity," said Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence.

"Treasury, in close coordination with our allies and partners, will continue to use all tools and authorities to disrupt the networks that seek to leverage the virtual assets ecosystem to facilitate their illicit activities."

OFAC has previously sanctioned the Bitpapa, TOEP, and Crypto Explorer crypto exchanges in March 2024 and the Moscow-based cryptocurrency exchange Garantex in April 2022 for working with OFAC-designated Russian dark web markets and banks.

It also designated the Sinbad, Tornado Cash, and Blender.io cryptocurrency mixing services for laundering money for the North Korean Lazarus hacking group.


Free security scan for your website