Law enforcement takes down crypto exchange allegedly used to launder $15 million in ransomware payments

The Russian co-founder of a cryptocurrency exchange allegedly used to launder cybercrime proceeds was arrested early Wednesday morning in Miami, the Department of Justice announced. 

The arrest of Anatoly Legkodymov, who is charged with “unlicensed money transmitting,” is “a significant blow to the cryptocrime ecosystem,” Deputy Attorney General Lisa Monaco said. The exchange, Bitzlato, is based in China and registered in Hong Kong, and Legkodymov is described by the DOJ as a resident of Shenzhen. 

Legkodymov’s arrest coincided with an international operation against the exchange, including the seizure of its servers. French authorities, alongside Europol and partners in Spain, Portugal, and Cyprus, “dismantled Bitzlato’s digital infrastructure,” the DOJ announcement said.

The operation was the first enforcement action led by the National Cryptocurrency Enforcement Team, which was announced in October 2021. 

According to Monaco, Bitzlato “facilitated the transmission of hundreds of millions of dollars in illicit funds, fueling darknet marketplaces and laundering the proceeds of ransomware attacks.” It was allegedly used to facilitate purchases on Hydra, the notorious dark web marketplace that was seized by the Justice Department and German partners last April. 

“Together, Hydra and Bitzlato formed a high-tech axis of crypto crime,” Monaco said at a press conference Wednesday. “Hydra buyers funded illicit purchases of illegal drugs, stolen financial information and hacking tools from crypto accounts hosted at Bitzlato.” 

According to the DOJ, between 2018 and 2022, Bitzlato facilitated $700 million in direct or indirect transfers of sales on Hydra. More than $15 million in ransomware proceeds have allegedly been laundered through the exchange. 

The U.S. Treasury’s Financial Crimes Enforcement Network also took action, labeling Bitzlato a “primary money laundering concern.” According to FinCEN, after the seizure of Hydra, the exchange continued to facilitate transactions on darknet marketplaces with Russian ties, like BlackSprut, OMG!OMG! and Mega.  

“Bitzlato plays a critical role in laundering Convertible Virtual Currency (CVC) by facilitating illicit transactions for ransomware actors operating in Russia, including Conti, a Ransomware-as-a-Service group that has links to the Government of Russia,” FinCEN wrote in a statement. 

“The majority of ransomware incidents reported to FinCEN in the second half of 2021 were conducted by Russia-related ransomware variants, indicating that Bitzlato is part of a larger ecosystem of Russian cybercriminals that are allowed to operate with impunity in Russia.” Under the order, certain financial institutions are prohibited from transmitting funds linked to Bitzlato. 

According to Breon Peace, U.S. Attorney for the Eastern District of New York, Bitzlato allowed users to open accounts with “minimal identifying information.” That anonymity was key to the exchange’s operations, allegedly making it a “safe haven” for criminals. Legkodymov and other executives messaged one another about how the exchange had attracted “dirty money” and users “known to be crooks.” 

“To anyone who still believes that they can hide from the law by using cryptocurrency, this prosecution should put that illusion to rest,” Peace said.

Legkodymov is facing a maximum of five years in prison on the money transmitting charges, but could face other charges at a later date.