Russian pleads guilty to running crypto-exchange used by ransomware gangs

16 views 11:29 am 0 Comments July 4, 2024

Russian national Anatoly Legkodymov pleaded guilty to operating the Bitzlato cryptocurrency exchange that helped ransomware gangs and other cybercriminals launder over $700 million.

As a Bitzlato co-founder and principal stakeholder, Legkodymov (also known as “Gandalf” and “Tolik”) has agreed to disband the cryptocurrency exchange and relinquish any rights to approximately $23 million in seized assets, as outlined in the plea agreement.

Legkodymov and other managers were also allegedly aware of the widespread illicit activity across Bitzlato accounts and that many users registered their accounts using stolen identities.

Furthermore, Bitzlato promoted a user registration process with minimal identification requirements, explicitly stating that “neither selfies nor passports [are] required.” When it did prompt user identification, Bitzlato allowed the use of information belonging to so-called “straw man” registrants.

“As a result of these deficient know-your-customer (KYC) procedures, Bitzlato became a haven for criminal proceeds and funds intended for use in criminal activity,” the Justice Department said.

According to a Chainalysis report on cryptocurrency-related illicit activity, Bitzlato amassed over $2 billion in cryptocurrency transactions from 2019 to 2021. A substantial portion—roughly $966 million, equivalent to nearly 48% of the total—was deemed illicit and associated with high-risk cryptocurrency transactions.

The report also highlights that the crypto exchange received funds amounting to $206 million sourced from darknet markets, $224.5 million stemming from scams, and $9 million obtained from ransomware attackers.

“Hydra Market users exchanged more than 700 million dollars’ worth of cryptocurrency with Bitzlato, either directly or through intermediaries, until Hydra Market was shut down because of seizures made by U.S. and German law enforcement in April 2022,” the DOJ added.

“Bitzlato also received millions of dollars’ worth of ransomware proceeds. The defendant was repeatedly advised that cryptocurrency routed through Bitzlato represented the proceeds of crime and/or was intended for use in illicit transactions.”

In collaboration with Europol and partners in Spain, Portugal, and Cyprus, French authorities also dismantled Bitzlato’s digital infrastructure and seized its domains in January.

Bitzlato seizure banner
Bitzlato seizure banner (BleepingComputer)

The Financial Crimes Enforcement Network (FinCEN), a division of the U.S. Department of the Treasury, also officially designated the cryptocurrency exchange in January as a “primary money laundering concern” today, citing its involvement in illicit Russian financial activities.

“Bitzlato plays a critical role in laundering Convertible Virtual Currency (CVC) by facilitating illicit transactions for ransomware actors operating in Russia, including Conti, a Ransomware-as-a-Service group that has links to the Government of Russia,” FinCEN said.

“Bitzlato poses a global threat by allowing Russian cybercriminals and ransomware actors to launder the proceeds of their theft,” FinCEN Acting Director Himamauli Das added on Wednesday.

“As criminals and criminal facilitators evolve, so too does our ability to disrupt these networks.”

Held at the Metropolitan Detention Center in Brooklyn since he was arrested on January 18 in Miami, Legkodymov is now facing a maximum of five years in prison.