US Charges Two Russians Accused of Running Billion-Dollar Money Laundering Schemes

In a significant move against cybercrime, US federal prosecutors have charged two Russian nationals, Sergey Ivanov and Timur Shakhmametov, for their alleged involvement in billion-dollar money laundering operations. These charges are part of a broader crackdown on Russian cybercriminal activities, which have increasingly targeted the US financial system. Ivanov is accused of operating as a professional cyber money-launderer for nearly two decades, while Shakhmametov is believed to have managed Joker’s Stash, a notorious cybercriminal marketplace that profited massively from stolen payment card information. Despite these serious accusations, neither Ivanov nor Shakhmametov is currently in US custody, prompting the State Department to offer a $10 million reward for information leading to their arrest or conviction.

The indictment against Ivanov and Shakhmametov, unsealed in the Eastern District of Virginia, includes charges of bank fraud and money laundering-related crimes. Shakhmametov also faces charges of conspiracy to commit access device fraud due to his alleged access to stolen payment card data. This legal action marks a critical step in the US government’s ongoing efforts to combat cybercrime originating from Russia. The US Treasury Department has also imposed sanctions on Ivanov and Cryptex, a cryptocurrency exchange associated with hundreds of millions of dollars in cybercrime. Deputy US Attorney General Lisa Monaco highlighted the collaborative efforts with Dutch partners to shut down Cryptex and recover millions in cryptocurrency.

The US Secret Service played a crucial role in investigating the case, seizing web domains, and obtaining court orders to seize additional domains linked to other money transfer and laundering services associated with Ivanov. These Russian men are accused of running ‘carding’ websites that sell stolen credit and debit card information, advertising financial information stolen from tens of millions of Americans. Additionally, millions of dollars in ransomware payments and darknet drug sales have allegedly flowed through crypto accounts linked to Ivanov’s services. This comprehensive crackdown comes at a time when Ukrainian President Volodymyr Zelensky is set to meet with President Joe Biden and Vice President Kamala Harris in Washington, DC, to seek further US support against Russia’s ongoing war in Ukraine.

President Biden mentioned the crackdown on the alleged Russian cybercriminals in a statement, reiterating the US’s commitment to combating cybercrime. The State Department also reiterated its call for Russia to take concrete steps to prevent cybercriminals from operating within its jurisdiction. The Associated Press (AP), an independent news organization known for its factual reporting, reported on this government-wide crackdown on cybercrime. The US Treasury sanctioned Sergey Ivanov and Cryptex, highlighting Ivanov’s extensive history of laundering hundreds of millions of dollars for cybercriminals and darknet marketplace vendors over the past 20 years. Ivanov’s collaboration with Shakhmametov, who created Joker’s Stash, further underscores the extensive network of cybercriminal activities they were involved in.

The indictment against Ivanov and Shakhmametov was unsealed by the US Attorney’s Office in Virginia, marking a significant milestone in the fight against cybercrime. Norway’s consideration of building a fence along its border with Russia, following Finland’s example, underscores the growing concerns about Russian cyber activities. In one of the largest barrages of the war, Russia reportedly shot down over 100 Ukrainian drones, highlighting the ongoing conflict’s intensity. At the United Nations, China and Russia had their say, using a frog metaphor to describe the situation. President Biden announced the sanctions against Russia, emphasizing the US’s determination to raise the costs of Russia’s war in Ukraine and deprive its defense industry of resources.

Biden’s meeting with Zelensky aims to announce increased security assistance for Ukraine and other measures to support the country amid Russia’s invasion. The US will continue to use all available tools and authorities to deter and expose money laundering networks and impose costs on cybercriminals and their support networks. The US calls on Russia to take concrete steps to prevent cybercriminals from operating freely within its jurisdiction. US officials have taken several actions against Russian cybercriminals since the invasion began in February 2022, including sanctioning 13 firms and two individuals involved in the Russian financial sector earlier this year.

In a related development, two cryptocurrency exchanges, Cryptex and PM2BTC, have been sanctioned by the US government for facilitating money laundering services. These exchanges have been accused of enabling the laundering of cryptocurrencies obtained through cybercrime. The operation, known as Operation Endgame, was carried out in collaboration with Dutch law enforcement agencies. The websites associated with both exchanges have been confiscated and replaced with a law enforcement seizure banner. Cryptocurrency worth €7 million has been seized as part of this operation. Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith, emphasized the US’s commitment to preventing cybercrime facilitators from operating with impunity.

The US Treasury, along with its international partners, will continue to use all available tools and authorities to disrupt networks involved in illicit activities. PM2BTC has been accused of facilitating a significant proportion of transactions linked to money laundering in Russia and failing to implement effective anti-money laundering and know-your-customer programs. Cryptex has been accused of advertising its virtual currency services directly to cybercriminals and receiving over $51.2 million in illicit proceeds. The exchange claimed to offer complete anonymity when registering for an account and is estimated to have received over $720 million in transactions from illegal services used by Russian ransomware actors and cybercriminals.

Garantex, another virtual currency exchange now sanctioned, is also linked to these illegal activities. Sergey Sergeyevich Ivanov, a 44-year-old Russian national, has been charged with being a professional cyber money launderer for almost 20 years. He is also accused of providing his services to other e-crime groups and drug traffickers, including Cryptex and PM2BTC. Timur Shakhmametov has been charged with operating the carding website Joker’s Stash and laundering its proceeds. Joker’s Stash has been active for seven years and is believed to have earned its operators anywhere from $280 million to over $1 billion. The US Department of State has announced rewards for information leading to their arrests and convictions, as well as for other key members linked to these illegal activities.

The Office of Foreign Assets Control (OFAC) has designated Cryptex and Sergey Sergeevich Ivanov (also known as UAPS or Taleon) as facilitators of money laundering for criminal actors. FinCEN has designated PM2BTC as a primary money laundering concern, marking the second time it has used this designation for a cryptocurrency-affiliated entity. The designated entities, UAPS and Cryptex, have processed over $7.5 billion worth of transactions since their inception in 2013 and 2018, respectively. Dutch and US law enforcement actions have resulted in the seizure of the services’ domains, servers, and other infrastructure. The Netherlands’ Financial and Tax Crime Investigation Services (FIOD) and National High Tech Crime Unit (NHCTU) have seized €7 million worth of funds, with assistance from Chainalysis and Tether.

Tether’s CEO, Paolo Ardoino, expressed the company’s commitment to supporting law enforcement in the fight against the illicit use of cryptocurrencies. The US Department of State has issued a $10 million reward for information leading to Ivanov’s arrest and/or conviction through its Transnational Organized Crime Rewards Program. The US Secret Service and the US Attorney’s Office are unsealing an indictment against Ivanov and Shakhmametov as part of Operation Endgame, a coordinated effort between US and European authorities. The designated entities, UAPS and Cryptex, are essential facilitators of cybercrime, processing payments and laundering proceeds from stolen data and personally identifiable information. These actions are part of a global crackdown on fraud.

Cryptex operates both a trading platform and an exchange platform, launching Cryptexpay in January 2022 to support payment processing in Bitcoin and Litecoin for high-risk online businesses. The platform advertised its lack of adherence to AML/KYC requirements, making it particularly attractive to criminals. UAPS, or Universal Anonymous Payment System, facilitates payments for fraud shops and other criminal entities. Launched in 2013 as an invite-only underground payment processor, its API allowed for easy integration into merchant websites. Many fraud shops switched from UAPS to PinPays in 2015, which had a logo presence on their websites. PinPays and UAPS shared wallet infrastructure, and on-chain behavior suggests it was a rebranding attempt.

PM2BTC, a no-KYC exchange closely associated with Ivanov, has been operational since 2014. It has processed payments for ransomware actors, fraud shops, and for sanctions evasion. On-chain analysis shows millions of dollars worth of transactions processed by these entities for illicit activities. The US government has charged two Russian nationals and sanctioned a virtual currency exchange as part of an effort to crack down on transnational cybercrime involving cryptocurrency. The action, coordinated by the departments of Justice, State, and Treasury, targets Russian nationals Timur Shakhmametov and Sergey Ivanov, as well as the virtual currency exchange Cryptex, which is accused of servicing Russia-based cybercriminals.

The US government has sanctioned Ivanov and Cryptex, charging Shakhmametov and Ivanov with conspiracy to commit bank fraud and money laundering. Shakhmametov is accused of operating an online marketplace for stolen credit card data called Joker’s Stash, while Ivanov is accused of laundering proceeds from Joker’s Stash and other platforms since 2005. The Justice Department cited the Secret Service in their information about the charges. The State Department spokesperson emphasized the US’s commitment to not allow cybercrime facilitators to operate with impunity, using all tools and authorities to expose these money laundering networks and impose costs on cybercriminals. The US calls on Russia to take concrete steps to prevent cybercriminals from operating within its jurisdiction.