Russia arrests nearly 100 with suspected ties to sanctioned crypto exchange

Russian authorities have arrested nearly 100 suspected cybercriminals linked to the anonymous payment system UAPS and the cryptocurrency exchange Cryptex, according to the country’s federal investigative authority. 

The arrests come a week after U.S. and Dutch law enforcement seized web domains and disrupted infrastructure connected to the exchanges. The U.S. also imposed sanctions on Cryptex and a Russian national associated with it. The operation is a rare example of Russian authorities going after cybercriminals within the country.

Russian police conducted 148 searches in various regions across the country and transported 96 suspects to Moscow, where a criminal investigation against them has been initiated, the Investigative Committee of Russia (ICRF) said on Wednesday.

A video shared with Russia’s state news agency TASS shows law enforcement escorting suspects from a bus to an investigator’s office for interrogations. The authorities reported that 1.5 billion rubles ($16 million) were seized during searches of the suspects’ apartments in St. Petersburg.

“The accomplices also own Robinson helicopters, expensive cars such as Bentley, Rolls Royce, Porsche, Tesla Cybertruck, boats, snowmobiles, and cash,” ICRF officials told local news agency Interfax. 

The suspects will likely face charges of participating in a criminal organization, unauthorized access to computer information, illicit trafficking of payment instruments, and engaging in unlawful banking operations, some of which carry potential penalties of up to 20 years in prison.

According to Russian authorities, the suspected criminals engaged in illegal activities involving cryptocurrency exchange, money transfers, and the sale of bank cards and personal accounts. Their primary clients were cybercriminals and hackers who used Cryptex and UAPS to launder their illicit proceeds.

Their investigation found that in 2023, these services processed 112 billion rubles (approximately $1.2 billion), with the suspected criminals receiving about 3.7 billion rubles (around $38 million).

According to the U.S. Treasury Department, Cryptex has received more than $51.2 million since 2013 from ransomware attacks, and over $720 million in transactions were linked to services “frequently used by Russia-based ransomware actors and cybercriminals,” such as fraud shops, mixing services, and the previously sanctioned virtual currency exchange Garantex.

Russian national Sergey Ivanov, who was sanctioned by the U.S. last week for his links to illegal crypto services, including Cryptex and UAPS, has “laundered hundreds of millions of dollars’ worth of virtual currency for ransomware actors, initial access brokers, darknet marketplace vendors, and other criminal actors for approximately the last 20 years,” the Treasury alleged.

The Justice Department charged Ivanov, who goes by the online moniker “Taleon,” with bank fraud and money laundering for allegedly providing payment processing support to the carding websites Rescator and Joker’s Stash.

Fellow Russian Timur Shakhmametov — who goes by “JokerStash” and “Vega” — was also charged for his alleged role as an operator of Joker’s Stash, a massive online marketplace for stolen credit card data and personally identifiable information that shut down in 2021.

The Department of State announced a reward of up to $10 million for information leading to the arrest or conviction of Ivanov and Shakhmametov.

An anonymous source in Russian law enforcement told Interfax that Ivanov will be transported to Moscow for investigative actions. The suspect’s current location wasn’t specified. It is also unclear whether Russia will collaborate with the U.S. on the investigation — something that hasn’t been the case in the past.

Russian media referred to the operation against Cryptex and UAPS as “the largest” ever crackdown in the country’s crypto industry.