US detains crypto-exchange exec for helping Ryuk ransomware gang launder profits
Image: Bermix Studio, The Record
Catalin Cimpanu November 12, 2021

US detains crypto-exchange exec for helping Ryuk ransomware gang launder profits

Catalin Cimpanu

November 12, 2021

US detains crypto-exchange exec for helping Ryuk ransomware gang launder profits

  • Denis Dubnikov, co-founder of EggChange and Crypto Coyote, was detained in the Netherlands last week.
  • The FBI says that $400,000 worth of cryptocurrency from a Ryuk ransom payment passed through his account.
  • The US is now seeking Dubnikov's extradition, which they are very likely to get.

A Russian national and the co-founder of two cryptocurrency exchanges was arrested at the request of US law enforcement on accusations of helping the Ryuk ransomware gang launder funds obtained from extorting US companies.

The suspect, named Denis Dubnikov, was arrested last week, on November 2, when attempting to vacation in Mexico.

He was denied entry into the country, pending an arrest warrant, and Mexican officials sent him to Amsterdam, where he was officially detained by Dutch police at the request of the FBI.

While arrests of crime suspects usually remain unreported until official charges are filed, news of the arrest leaked via Dubnikov himself, who revealed his own fate in an Instagram story he posted on his now-deleted account while he was in custody in Mexico, according to screenshots posted on Russian Telegram channels.

But the finer details surrounding Dubnikov’s arrest remained secret for the past few days.

Both Dutch police and US officials did not return requests for comment sent by The Record last week.

The arrest sparked outrage in the Russian cryptocurrency community, with several prominent figures demanding an official response and condemnation of Dubnikov’s arrest from the Russian government.

Dubnikov Facebook post
Image: The Record

But in an extradition request spotted today by the Wall Street Journal, reporters revealed that Dubnikov stands accused of money laundering.

According to court documents, around $400,000 in cryptocurrency assets tied to a Ryuk ransom payment passed through one of Dubnikov’s accounts in 2018.

It is unclear if the sum passed through Dubnikov’s personal account or through accounts tied to Coyote Crypto and EggChange, two cryptocurrency platforms the Moscow businessman founded in previous years.

Bloomberg article published on November 3, a day after Dubnikov’s arrest, named EggChange as one of the multiple shady cryptocurrency exchanges that are headquartered in a Moscow office building that has been tied to cybercrime money laundering.

However, the $400,000 figure that Dubnikov was accused of possessing is only a small drop in the bucket of Ryuk funds, a ransomware gang who is believed to have extorted more than $150 million from victims, according to a joint report from threat intel company Advanced Intelligence and cybersecurity firm HYAS.

While many ransomware gangs have come and gone, the Ryuk gang is still active today, after first being spotted in August 2018.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.