In late April, cryptocurrency exchanges alleged to provide services to criminal organizations were taken down by the FBI and Ukrainian law enforcement.  Details of the seizure follow as provided by the U.S. Attorney’s Office, Eastern District of Michigan, and as reported by The Record. 

FBI Disrupts Virtual Currency Exchanges Used to Facilitate Criminal Activity

Seized Websites Allegedly Offered Virtual Currency Exchange Services to Individuals for Illegal Activities

On April 25th, the FBI’s Detroit Field Office, with assistance from the Virtual Currency Response Team (VCRT), the Cyber Police Department and Main Investigation Departments of the National Police of Ukraine, and the Prosecutor General’s Office of Ukraine conducted coordinated, court-authorized activity involving nine virtual currency exchange services.  

Domain names offered by organizations that were engaged in cryptocurrency conversions and provided assistance to cyber-criminals were seized, and related servers were shut down. U.S. based servers used in the scheme were taken offline by U.S. authorities. These nine seized domains, 24xbtc.com, 100btc.pro, pridechange.com, 101crypta.com, uxbtc.com, trust-exchange.org, bitcoin24.exchange, paybtc.pro, and owl.gold offered anonymous cryptocurrency exchange services to website visitors. 

Noncompliant virtual currency exchanges, which have a lax anti-money laundering program or collect minimal Know Your Customer information or none at all, serve as important hubs in the cybercrime ecosystem and are operating in violation of Title 18 United States Code, Sections 1960 and 1956.  Many of these services are advertised on online forums dedicated to discussing criminal activity. By providing these services, the virtual currency exchanges knowingly support the criminal activities of their clients and become co-conspirators in criminal schemes.

Much of the criminal activity occurring at the affected exchanges involved cyber actors responsible for ransomware, but also other scammers, and cybercriminals.  The service’s website offered support in both Russian and English.

The investigation is ongoing. Visitors to the sites will now find a seizure banner that notifies them that the domain name has been seized by federal authorities and operating an unlicensed money service business and facilitating money laundering is a federal crime. (1)

FBI, Ukraine seize cryptocurrency exchanges for abetting cybercriminals

According to a FBI release published Monday, the agency’s Detroit field office and Virtual Currency Response Team, along with the Ukraine National Police and the Prosecutor General’s Office, “conducted coordinated, court-authorized activity involving nine virtual currency exchange services.”

The seized domains, which include uxbtc.com, trust-exchange.org, bitcoin24.exchange, paybtc.pro, and owl.gold, offered anonymous cryptocurrency conversions. All of the sites now display a seizure notice.

The FBI notice claimed the exchanges, which offered support in English and Russian, had “lax” controls to combat money laundering and collected either minimal information about customers, or none at all. Such exchanges, the agency wrote, “serve as important hubs in the cybercrime ecosystem.”

“Many of these services are advertised on online forums dedicated to discussing criminal activity,” the statement said. “Much of the criminal activity occurring at the affected exchanges involved cyber actors responsible for ransomware, but also other scammers, and cybercriminals.”

The FBI and international law enforcement have been increasingly targeting the infrastructure cybercriminals rely on to launder and move around the proceeds of their activities. In March, U.S. and European authorities shut down the cryptocurrency exchange ChipMixer, which they allege had laundered $3 billion in criminal gains, including the bounty stolen by North Korean hackers from gaming company Axie Infinity and blockchain platform Horizon Bridge. (2)