“ALEXANDRIA, Va. – Today, the Justice Department announced actions coordinated with the Department of State, Department of the Treasury, and other federal and international law enforcement partners to combat Russian money laundering operations. The actions involved the unsealing of an indictment charging a Russian national with his involvement in operating multiple money laundering services that catered to cybercriminals, as well as the seizure of websites associated with three illicit cryptocurrency exchanges.”
“According to court documents unsealed today in the Eastern District of Virginia, Russian national Sergey Ivanov, known online as ‘Taleon,’ among other aliases, was charged with one count of conspiracy to commit and aid and abet bank fraud for providing payment processing support to the carding website Rescator, and one count of conspiracy to commit money laundering for laundering proceeds from the carding website Joker’s Stash. (‘Carding’ is the unlawful acquisition of and trade in stolen credit and debit card information for fraudulent purposes.) Ivanov allegedly operated for nearly two decades as a professional cyber money launderer, advertising his services to other cybercriminals on exclusive Russian-speaking criminal forums. Over the years, Ivanov’s laundering services and payment systems have catered to cybercrime marketplaces, ransomware groups, and hackers responsible for significant data breaches of major U.S. companies.”
“Ivanov allegedly created and/or operated Russian payment and exchange services UAPS, PinPays, and PM2BTC, which provided money transfer and laundering services directly to criminals. Cryptocurrency blockchain analysis revealed that, between July 12, 2013, and August 10, 2024, cryptocurrency addresses associated with Ivanov’s alleged money laundering services conducted transactions totaling approximately $1.15 billion in value. Approximately 32% of all traced bitcoin sent to these addresses originated from other cryptocurrency addresses associated with criminal activity. For example, more than $158 million of bitcoin flowing into Ivanov’s addresses allegedly represented fraud proceeds, more than $8.8 million allegedly represented proceeds from known ransomware payments, and approximately $4.7 million allegedly originated from darknet drug markets. The U.S. Secret Service has obtained court authorization to seize domains associated with the UAPS and PM2BTC websites.”
“The Rescator carding website allegedly sold stolen payment card data from U.S. financial institutions and personally identifiable information (PII) of U.S. citizens. For example, the website allegedly advertised the sale of data from up to 40 million payment cards and the PII of approximately 70 million people that had been stolen from a major U.S. retail victim in 2013. The breach cost the U.S. retail victim at least $202 million in expenses and caused damage to the U.S. retail victim’s customers, who became targets of identity theft by other cybercriminals. Ivanov allegedly provided payment processing support for the Rescator carding site through the UAPS and PinPays services for purchases made on the site using bitcoin.”
“Additionally, Russian national Timur Shakhmametov, known online as ‘JokerStash’ and ‘Vega,’ among other aliases, is charged in the same indictment with one count of conspiracy to commit and aid and abet bank fraud, one count of conspiracy to commit access device fraud, and one count of conspiracy to commit money laundering related to his work in operating the carding website Joker’s Stash and laundering the proceeds. Joker’s Stash offered for sale data from approximately 40 million payment cards annually, totaling hundreds of millions of payment cards overall, and was one of the largest known carding markets in history. Estimates of its profits range from $280 million to more than $1 billion. Shakhmametov and others allegedly promoted Joker’s Stash and its products by advertising the Joker’s Stash website and its stolen payment card data on numerous online cybercrime forums.”
“Separately, the U.S. Secret Service executed a seizure order from the District of Maryland against two website domain names used to support the cryptocurrency money laundering exchange “Cryptex.net.” According to court records unsealed today, Cryptex.net and Cryptex.one were associated with the administration and operation of Cryptex, which offers complete anonymity to Cryptex users by allowing them to register for accounts without providing know-your-customer compliance requirements. Like UAPS and PM2BTC, Cryptex advertised itself directly to cybercriminals.”
“According to a company that provides blockchain analytics services to law enforcement, there have been more than 37,500 transactions involving bitcoin addresses associated with Cryptex, amounting to a total value of approximately 62,586 bitcoin, or $1.4 billion at the time the transactions were made. Of that amount, about 31% of the bitcoin sent, or $441 million, originated from cryptocurrency addresses associated with criminal conduct, including $297 million of fraud proceeds and more than $115 million of proceeds from ransomware payments. Nine percent of all bitcoin sent to Cryptex, or $162 million, originated from cryptocurrency addresses associated with services often used by cybercriminals. Further, 28% of all bitcoin sent from Cryptex was sent to companies or darknet markets sanctioned by the United States.” (Source: US Department of Justice)