Two Russian Nationals Charged for Operating Billion-Dollar Money Laundering Services; Justice Department Seizes Illicit Crypto Exchange Domains

In a significant step toward curbing cybercrime, the U.S. Department of Justice (DOJ) has charged two Russian nationals in connection with running billion-dollar money laundering operations that supported cybercriminals globally. The DOJ’s actions, in collaboration with international law enforcement and cybersecurity agencies, have led to the seizure of web domains tied to illicit cryptocurrency exchanges. These exchanges enabled criminals to launder money from ransomware attacks, darknet markets, and other illegal activities, impacting victims worldwide.

The Operation and the Charges
Sergey Ivanov, known online as “Taleon,” and Timur Shakhmametov, alias “JokerStash,” were indicted in the Eastern District of Virginia on charges related to money laundering, bank fraud, and access device fraud. Ivanov allegedly operated money laundering services linked to notorious cybercrime platforms such as Rescator and Joker’s Stash, which traded in stolen credit card data and personally identifiable information (PII). Over the years, Ivanov’s laundering services processed approximately $1.15 billion in cryptocurrency transactions, with about one-third linked to cybercriminal activities, including ransomware payments and darknet drug markets.

Shakhmametov, the operator of Joker’s Stash, is accused of profiting from the sale of millions of stolen payment card records. The site facilitated the distribution of card details, enabling further identity theft and financial fraud on a massive scale. Estimates suggest Joker’s Stash earned up to $1 billion in profits from these illegal activities before it was shut down.

“Cryptex is a virtual currency exchange registered in St. Vincent and the Grenadines under the name “International Payment Service Provider” that provides financial services to cybercriminals and is operating in the financial services sector of the Russian Federation economy. Cryptex advertises its virtual currency services in Russian and has received over $51.2 million in funds derived from ransomware attacks. Cryptex is also associated with over $720 million in transactions to services frequently used by Russia-based ransomware actors and cybercriminals, including fraud shops, mixing services, exchanges lacking KYC programs, and OFAC-designated virtual currency exchange Garantex. OFAC is designating Cryptex pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757 (“E.O. 13694, as amended”), for being responsible for or complicit in, or for having engaged in, directly or indirectly, a cyber-enabled activity identified pursuant to E.O. 13694, as amended, and pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.” Treasury.gov

Seizure of Illicit Crypto Exchanges
In a coordinated effort, U.S. authorities and their international partners seized the domains of multiple cryptocurrency exchanges, including Cryptex.net and Cryptex.one, which were heavily involved in laundering proceeds from cybercrime. These exchanges offered complete anonymity, allowing users to register without complying with “Know Your Customer” (KYC) regulations—attractive to criminals seeking to hide their identities.

Blockchain analytics show that Cryptex processed more than 62,500 Bitcoin transactions worth approximately $1.4 billion. Of that, 31% ($441 million) originated from addresses linked to criminal activities. The seizure of Cryptex and related domains is part of a broader strategy to dismantle the infrastructure supporting ransomware and cyber fraud.

“During the action, close cooperation with Tether.io and Chainalysis allowed large amounts of cryptocurrency to be secured.

Cryptocurrency exchange services:

A cryptocurrency exchange service can consist of cryptocurrency to cryptocurrency (for example, an exchange from bitcoin to ethereum) or from crypto currency to fiat money (for example, bitcoin to euros) and vice versa. Offering cryptocurrency exchange services is not necessarily illegal. However, offering such a service in the Netherlands is subject to a registration requirement with the Dutch National Bank. For more information click here.

Integrity of the financial system:

Money laundering facilitates all kinds of serious crime and enables criminals to stay out of reach of investigative authorities and commit crimes. Service providers have an obligation to investigate whether money may have a criminal origin. Knowingly accepting cryptocurrencies derived from crime and thus facilitating money laundering is always punishable by law. FIOD's mission is to monitor and protect the financial system by, among other things, fighting money laundering with impact and effect. The FIOD and its partners will therefore crack down on such service providers." FIOD

The Global Impact of Cyber Laundering
Money laundering is a critical component of the cybercriminal ecosystem, enabling ransomware groups, hackers, and darknet marketplaces to profit from illicit activities. These operations often use cryptocurrency due to its pseudo-anonymous nature, making it harder for authorities to trace the flow of funds. However, with tools such as blockchain analytics, law enforcement agencies are increasingly able to track illicit transactions and bring down these criminal networks.

The takedown of Cryptex, alongside the indictment of Ivanov and Shakhmametov, marks a victory in the global fight against cybercrime. U.S. Attorney Jessica D. Aber emphasized that “cybercriminals’ pursuit of illicit gains leaves a trail that leads us directly to them.” The collaboration between U.S. agencies and international partners, including the Netherlands Police and Europol, demonstrates the growing global response to these threats.

10 Tips to Avoid Becoming a Victim of Cybercrime and Money Laundering Schemes

1. Use Reputable Exchanges: Always use cryptocurrency exchanges that comply with KYC and Anti-Money Laundering (AML) regulations to avoid inadvertently supporting criminal activities.
2. Enable Multi-Factor Authentication (MFA): Secure your accounts with MFA to prevent unauthorized access, especially on financial platforms.
3. Monitor Financial Accounts: Regularly check your bank and cryptocurrency accounts for any suspicious activity or unauthorized transactions.
4. Stay Informed About Cyber Threats: Be aware of the latest ransomware, phishing scams, and other cyber threats targeting your financial information.
5. Educate Yourself About Cryptocurrency Risks: Learn about the risks associated with using cryptocurrency and understand how criminal networks exploit it for laundering money.
6. Be Skeptical of Unsolicited Offers: Avoid clicking on unsolicited links or offers related to cryptocurrency, as they may lead to phishing scams or malicious websites.
7. Verify the Legitimacy of Crypto Platforms: Research cryptocurrency platforms before using them to ensure they are reputable and not involved in illicit activities.
8. Invest in Cybersecurity Tools: Use firewalls, antivirus software, and other cybersecurity tools to protect your devices from malware that could steal financial information.
9. Report Suspicious Activity: If you suspect your financial information has been compromised or if you encounter an illicit platform, report it to the appropriate authorities immediately.
10. Stay Vigilant for Red Flags: Be alert for warning signs, such as anonymous cryptocurrency exchanges offering unusually high privacy or convenience, which may indicate involvement in illegal activities.

Conclusion
The indictment of Sergey Ivanov and Timur Shakhmametov and the seizure of Cryptex and other cryptocurrency exchange domains send a clear message: international law enforcement is closing in on cybercriminals and their money laundering networks. While the sophistication of these criminal operations continues to evolve, so too does the resolve of global authorities to disrupt these activities. As the Justice Department and its partners emphasize, following the money trail is key to identifying and apprehending those who profit from cybercrime.

To protect yourself from becoming a victim, it is crucial to stay informed, use reputable financial platforms, and adopt robust cybersecurity practices. As this case demonstrates, cybercriminals leave digital footprints, and justice will prevail.

“The text of FinCEN’s order can be found here

More information on the individuals and entities that OFAC designated today can be found here

A copy of this press release is located on the website of the U.S. Attorney’s Office for the Eastern District of Virginia”. justice.gov

Want to stay on top of cybersecurity news? Follow us on Facebook, X (Twitter), Instagram, and LinkedIn for the latest threats, insights, and updates!