U.S. Authorities Target Ransomware, Sanction Another Crypto Exchange

Published: 12 November 2021


The Biden administration sanctioned Chatex, the second largest crypto wallet and a full-fledged cryptobank, accusing it of laundering the proceeds of ransomware. (Photo: Marco Verch, Flickr, License)

By Damir Bešlija

The Biden administration sanctioned Chatex, the second largest crypto wallet and a full-fledged cryptobank, accusing it of laundering the proceeds of ransomware. The move is part of the administration’s to disrupt ransomware actors and their infrastructure and address abuse of the virtual currency ecosystem to launder ransom payments.

The U. S. Treasury Department stated that more than a half of Chatex’s transactions are directly traced to darknet markets, high-risk exchanges and ransomware.

“Ransomware groups and criminal organizations have targeted American businesses and public institutions of all sizes and across sectors, seeking to undermine the backbone of our economy,” said Deputy Secretary of the Treasury Wally Adeyemo.

“We will continue to bring to bear all of the authorities at Treasury’s disposal to disrupt, deter, and prevent future threats to the economy of the United States. This is a top priority for the Biden Administration,” he stated.

Ransomware attacks have disrupted services and businesses globally, as well as schools, government offices, hospitals and emergency services, transportation, energy, and food companies, the statement said.

Just in the first half of 2021, reported ransomware payments in the United States have reached US$590 million, compared to a total of $416 million in 2020.

Chatex is believed to be linked to Suex OTC, another cryptocurrency company, which was sanctioned by the Department of the Treasury’s Office of Foreign Assets Control (OFAC) in September.

FAC claimed that Suex OTC’s transactions included eight ransomware variants’ unlawful proceeds, and that illegal actors were involved in more than 40% of the company’s known transaction history.

In addition, blockchain researcher TRM Labs said that Suex’s largest shareholder, Egor Petukhovsky, has interests in Chatex.

“Suex and Chatex, while nominally distinct businesses, share extensive corporate and legal relationships,” TRM added. Suex did not respond to the comment.

Head of legal and government affairs at TRM Labs and a former federal prosecutor and treasury official, Ari Redbord, said that the “action against Chatex is really a continuation of the Suex action.”

“Chatex was an alter ego of Suex and part of the illicit underbelly that Treasury and DOJ are laser focused on,” he said.

Chatex started operating in September 2018, according to a blog posted by Chainalysis. Since then it has received at least $77.5 million worth of bitcoin, with more than $17 million coming from illegal sources, such as darknet markets, scams and ransomware strains, the blog states.

Beside Chatex, the Treasury Department sanctioned Izibits OU, Chatextech SIA and Hightrade Finance Ltd. for supporting Chatex.

Following this action the Department of State offered $10 million for information leading to the identification or location of any individual who hold a key leadership position in the Sodinokibi/REvil ransomware variant transnational organized crime group.

It also offered $5 million for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident.

The U.S. authorities blocked all property of the designated targets and entities that are at least 50 percent owned by the designated persons, and prohibited citizens from engaging in transactions with them.

Finally, the Financial Crimes Enforcement Network (FinCEN) on Monday released its Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments that clarify current trends and typologies of ransomware as well as recent illegal activities.

This is supposed to help banks and virtual currency service providers in identifying and reporting suspicious transactions linked to ransomware payments.