Behind the Crypto Broker Accused of Enabling Ransomware Hackers

A cryptocurrency broker that the Biden administration considers a backstop during the ransomware pandemic was recently legally registered in the Czech Republic but does not appear to have an office there. It may be operating beyond Moscow’s tallest skyscraper although it is not listed at the address. Last month, it earned the distinction of becoming the first crypto exchange to be blacklisted by the United States as governments try to prevent further attacks. And while it denies any part in the recent series of cybercrime, experts say it’s a prime example of a hidden corner of the industry that has allowed hackers to flourish by giving them the means to do so. convenient way to launder millions of dollars of illegal digital proceeds through “ ” middlemen exploit larger exchanges to process transactions.

Suex OTC, a virtual currency exchange, is a trading platform that allows cryptocurrency traders to buy and sell digital currencies. The US is accused of mixing legitimate digital currency transactions with illegal money transfers from ransomware gangs, allowing them to launder profits from attacks that cripple hospitals, businesses, and clinics. schools and even a major American fuel pipeline. The U.S. Treasury Department alleges that Suex played an integral role in helping criminal hackers clean and withdraw their funds, mainly Bitcoins paid by ransomware victims, before converting them into cash. traditional currency.

Todd Conklin, an advisor to the Deputy Secretary of the Treasury, said: “There is an implicit illegality built into this ecosystem. “We are yet to clean up the entire ecosystem and we are certainly continuing to investigate other nested exchanges and mixers, like Suex.”

Read more: Crypto channels targeted in Biden’s fight against Ransomware

Since at least 2018, Suex has been converting crypto holdings to cash in traditional offices in Moscow, St.Petersburg and possibly in the Middle East, according to Chainalysis Inc., a blockchain forensics firm. specializes in tracking the movement of digital currencies whose clients have included US federal agencies. Suex is legally registered in the Czech Republic but does not appear to have an office there, according to Chainalysis. At the official address in a posh house in Prague’s old town, there is a clothing boutique and antique shop on the ground floor, as well as several residential units and a law firm. The law firm at the address where Suex is registered specializes in incorporation and corporate governance services. A person at the company who answered the call from Bloomberg denied having any knowledge of Suex and hung up the phone.

According to Chainalysis, the company appears to be operating from Moscow’s 97-storey Federation Tower East. There is no public directory of tenants at the entrance, and the front desk forbids uninvited people from entering. While, according to the building’s management, Suex’s name is not listed at the address, a company called Art of Web — which includes Egor Petukhovsky, Suex’s chief executive and largest shareholder — to be.

Suex’s Petukhovsky did not respond to a request for comment. He denied in a recent Facebook post that he or his business helped launder money for hackers and vowed to “resolutely defend my name in litigation” in the US. into independent justice and hope to return to normal life as soon as possible,” he said. Other Suex officials could not be reached for comment.

The environment allows

By adding Suex to the Treasury Department’s list of sanctioned legal entities, US-based companies and individuals are prohibited from conducting any transactions with them. While these sanctions probably won’t expose Suex to law enforcement halfway around the world, the Biden administration hopes it can deter victims of the US-based ransomware. The United States quickly paid the ransom to settle their challenge.

Brokers like Suex usually don’t build their own software systems to execute cryptocurrency trades. Instead, these operators trade on third-party cryptocurrency exchanges. The Treasury Department declined to identify which exchange it believes Suex used except to say “some”. Regulators around the globe have called for stricter enforcement and regulations that require exchanges to collect data that identifies their customers.

Suex has so far received at least $160 million in Bitcoin from illegal and high-risk sources since 2018, according to Chainalysis. If this is correct, it is that about 40% of Suex’s known transaction history is related to hacker activity, including nearly $13 million from some of the more notorious ransomware groups: Ryuk and Conti, according to Chainalysis.

Multiple groups of ransomware have been traced to Russia and other countries that the US says have provided safe havens for them. At a summit in June, President Joe Biden warned Russian President Vladimir Putin about continued attacks, especially on critical infrastructure. But cyber gangs are still “operating in the permissive environment they’ve created there,” US Federal Bureau of Investigation Deputy Director Paul Abbate said earlier this month.

High value transaction

What is not clear is the extent to which Suex knows it is being used to launder money, if it simply turns a blind eye to illegal behavior by not examining their clients carefully or if the US made the mistake of treating Suex as an illegal broker. , as its CEO claims. While the company’s management denies any connection to cyber gangs and their illegal activities, Maxim Kurbangaleev, who claims to be a co-founder of Suex on LinkedIn, describes the client. how quickly can start trading without submitting long and tedious documents and passing endless checks. “

The post provided by TRM Labs, a blockchain intelligence company, has been removed. It is unclear when Kurbangaleev posted the statement.

Many services work with exchanges that conduct a “your customer” check to verify a customer’s identity; Ari Redbord, head of legal and government affairs at TRM Labs and a former federal prosecutor and treasury official, said Suex is not, who described Suex as an “exchange exchange.” parasitic”. “The difference between those and Suex is that Suex is part of a shadow crypto economy that thrives when it comes to ignoring appropriate compliance controls,” he said, adding that the sanctions fines against Suex indicate that “the US government will go after unregulated exchanges. “

Suex primarily communicates with its customers through the Telegram app and accepts new customers on its referral system from trusted sources, according to TRM. Transactions are completed only at Suex offices, where, one advertisement boasted, customers will be treated to cookies and tea. Suex “seems to trade almost exclusively in high-value transactions — its minimum acceptable trade is $10,000,” TRM said. Suex then executes clients’ trades on other exchanges, they may not know where Suex is getting the money from.

Alerts for Supporters

The US actions against Suex follow other attempts to hold crypto brokerages accountable for illegal activity.

BTC-e was shut down in 2017 after the United States accused Russian national Alexander Vinnik of overseeing a platform being used by cybercriminals to anonymously transfer illegal digital currency proceeds and did not pass the test. BTC-e allegedly processed some Bitcoin sourced from the same Russian hacking group involved in hacking Democratic Party emails prior to the 2016 presidential election, according to blockchain forensics firm Elliptic. Vinnik was extradited from Greece to France, where he was sentenced to five years in prison last December.

Chainalysis data indicates that Suex processed over $50 million in illicit funds on behalf of BTC-e and its users following the BTC-e takedown, including several transfers as recent as this year .

Law enforcement agencies have long worried that crypto businesses could be used for money laundering and criminal purposes. But as it turns out, most coins can be tracked, as all transactions that happen outside of centralized exchanges are recorded on a digital ledger, commonly known as a blockchain. Regulatory and law enforcement agencies have been actively using such services to catch bad guys around the globe. Suex is just the latest business to be arrested.

According to Tom Robinson, co-founder of Elliptic, despite Suex’s denials, the Treasury Department’s crackdown should at least temporarily narrow the pipeline for illegal digital money transfers.

“It means one less place for ransomware gangs to make their money, although there are still many other ways they can still do it,” he said. “For crypto exchanges, that means it’s even more important to make sure they don’t launder money for criminals. They now have the prospect of actually being cut off from the mainstream financial system if they are facilitating their actors.”

–With support from Alex Sazonov and Peter Laca.

Photo: Photographer: Bloomberg / Bloomberg

Copyright 2022 Bloomberg.

Topic
Network agency