US Treasury sanctions crypto-exchange Chatex for links to ransomware payments
Image: Chatex
Catalin Cimpanu November 8, 2021

US Treasury sanctions crypto-exchange Chatex for links to ransomware payments

US Treasury sanctions crypto-exchange Chatex for links to ransomware payments

The US Treasury Department has imposed sanctions today on cryptocurrency exchange Chatex for “facilitating financial transactions for ransomware actors.”

“Analysis of Chatex’s known transactions indicate that over half are directly traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware,” Treasury officials said today.

Officials said the exchange had “direct ties” to Suex, a Russian cryptocurrency exchange portal Suex, which the Treasury sanctioned in September for the exact same reason.

In addition, the Treasury Department also sanctioned three Chatex suppliers: IZIBITS OUChatextech SIA, and Hightrade Finance Ltd.

“These three companies set up infrastructure for Chatex, enabling Chatex operations,” Treasury officials said.

Operations for Chatextech and IZIBITS have been suspended by officials from Latvia and Estonia, respectively. Latvian officials are currently working to identify Chatex board owners, all non-Latvian nationals.

$10 million reward for information on REvil operators

Furthermore, US officials announced a bounty program for any information that may lead to the identification and/or arrest of members of the REvil (Sodinokibi) ransomware group.

The structure of the bounty reward is identical to the one announced last week by the US Department of State for members of the Darkside (BlackMatter) gang.

This means:

  • $10 million – information on REvil key leaders
  • $5 million – information on REvil partners (affiliates)

Kaseya attackers also sanctioned

In addition, the Treasury Department has also sanctioned Ukrainian Yaroslav Vasinskyi (Vasinskyi) and Russian Yevgeniy Polyanin.

Both were charged by the DOJ today for carrying out attacks with the REvil ransomware.

Vasinskyi was particularly charged with carrying out the REvil ransomware attack on Kaseya servers during the July 4 weekend.

He was detained last month at a border stop between Poland and Ukraine.

His arrest is part of a larger series of arrests orchestrated by Europol against REvil operators this year.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.