On September 26, 2024, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated Russia-based exchange Cryptex and Sergey Sergeevich Ivanov (a.k.a. UAPS a.k.a TALEON), who facilitated laundering “for fraud shops, ransomware payments, darknet markets, and other criminal actors.” Following these developments, Chainalysis has shared key insights.
Additionally, Treasury’s Financial Crimes Enforcement Network (FinCEN) has named PM2BTC, a no-KYC exchange that has processed over $1 billion and is associated with Ivanov, a “primary money laundering concern” under section 9714(a) of the Combating Russian Money Laundering Act.
The action against PM2BTC is the second use “by FinCEN of 9714(a) involving cryptocurrency-affiliated entities, following the first such action against Bitzlato in January 2023.”
As noted in insights from Chainalysis, this marks one of OFAC’s largest-ever service-level crypto designations; UAPS and Cryptex have processed “over $7.5 billion worth of transactions since their inception in 2013 and 2018, respectively.”
As explained in the update from Chainalysis, this designation coincides “with multiple Dutch and U.S. law enforcement actions that seized the services’ domains, servers, and other infrastructure.”
The Financial and Tax Crime Investigation Services (FIOD) and National High Tech Crime Unit (NHCTU) of the Netherlands, with “assistance from Chainalysis and Tether, seized €7M worth of funds.”
Paolo Ardoino, CEO of Tether:
“Tether is unwavering in its commitment to support global law enforcement in the fight against the illicit use of cryptocurrencies. We strongly oppose any criminal exploitation of digital assets and pledge our continued collaboration with law enforcement agencies worldwide to uphold the security, trust, and integrity of the digital finance space.”
Concurrently, the US Department of State has issued “a reward offering up to $10 million through its Transnational Organized Crime Rewards Program for information leading to Ivanov’s arrest and/or conviction.”
Chainalysis further noted in a blog post that “according to the designation, the U.S. Secret Service and the U.S. Attorney’s Office for the Eastern District of Virginia are unsealing an indictment of Ivanov and another Russian national, Timur Shakhmametov.”
As mentioned in the update from Chainalysis, these concurrent efforts “are part of Operation Endgame, a multilateral, coordinated cyber operation between U.S. and European authorities focusing on dismantling financial enablers of transnational cybercrime.”
Services like Cryptex, UAPS, and PM2BTC are “essential facilitators of cybercrime, as they process payments and launder proceeds from the sale of stolen data and personally identifiable information (PII).”
As stated in the update, criminals typically use this information “to orchestrate various scams, identity theft, and account takeovers.”
As noted in a blog post by Chainalysis, Cryptex is a Russian-language “instant exchange service that operates a trading platform and an exchange platform.”
In January 2022, Cryptex launched CryptexPay to “support payment processing in Bitcoin (BTC) and Litecoin (LTC) for online businesses using its platforms, especially those classified as high-risk. CryptexPay further attracted criminals by explicitly advertising its lack of adherence to AML/KYC requirements.”
UAPS, which stands for Universal Anonymous Payment System, “facilitates payments for fraud shops, including the now-designated Genesis Market, BriansClub/Brian Dumps, and Faceless.”
Chainalysis further noted the “the project was officially launched in a dark web forum in 2013 as an invite-only underground payment processor.”
Chainalysis pointed out that “an attractive feature of the service was that its payment processing capabilities could be integrated via API.”
Per the service terms, merchants are only approved “if they receive an invite from another member or permission from the admin.”
For this reason, it has been very popular “for criminals using crypto to finance their activities.”
In 2015, many fraud shops transitioned “from UAPS to PinPays, a now-defunct version of UAPS that had logo presence on the vendor websites using the service. Some fraud shops even started redirecting users to a PinPays merchant page.”
Based on the heavy overlap in fraud shop customers and shared wallet infrastructure that is apparent on-chain, it “is evident that PinPays was an attempt at an overt rebranding of UAPS. UAPS also shared wallet infrastructure with the no KYC exchange PM2BTC.”
However, in recent years, Chainalysis noted that “the exchange function of the service has been minimal, and on-chain behavior indicates that UAPS primarily serves as a fraud-related payment processor.”
As mentioned in a blog post by Chainalysis, PM2BTC is a “no KYC exchange that has been operational since 2014 and is closely associated with Ivanov (a.k.a. UAPS). Similarly to UAPS and Cryptex, the service facilitated activity on behalf of ransomware actors and fraud shops, in addition to the facilitation of sanctions evasion. Today’s press release from Treasury highlighted that nearly half of all PM2BTC funds involved clearly illicit sources.”
According to insights from Chainalysis, Cryptex has processed “nearly $7 billion worth of crypto transactions over its lifetime, primarily in BTC and LTC. Between 2018 and mid-2019, most of its received value came from mainstream services, with some upticks in value received by fraud shops and risky entities.”
Since the end of 2019, Cryptex has received most of its value “from fraud shops, followed by mainstream services, risky entities, and ransomware services.”
.One of the most critical tactics in disrupting illicit actors is “to disrupt the infrastructure they abuse to facilitate money laundering and other transnational cybercrime.”
Chainalysis also noted that these “actions represent OFAC’s continued efforts to work with key international partners to make the internet a safer place by shutting down fraudulent services and the infrastructure that hosts them.”