Russian silhouette in national flag colors and sanctions text

Sanctions, Russia and ‘crypto crime’

Getting your Trinity Audio player ready...

When a nation-state crosses the wrong international lines, sanctions are often the go-to choice where a definitive response is required, but direct action and force cannot, or perhaps should not, be used.

In theory, as well as having some real-world negative effect on the sanctioned party, they often serve as a message—this is because the effectiveness of sanctions is debatable, variable, and they can be circumvented.

Current affairs provide a natural case study.

Russia illegally invaded Ukraine in February 2022, causing global outrage and resulting in almost immediate sanctions from across the international community, which have been added periodically.

The digital asset space, despite often not being held to the same standards as traditional or more well-established sectors, was not exempt from the Russian sanctions, and it was also one area that has been particularly prone to illicit misuse by the rogue state—resulting in further sanctions on individuals and entities within the industry.

In January 2023, U.S. blockchain data analysis firm Chainalysis published its annual “crypto crime” report, which found that in 2022, compared to the previous year, the value of digital assets received by illicit addresses was down across almost all the crime categories investigated (which included scams, ransomware, and child abuse material) but the overall total was up on last year. This was due almost entirely to a massive spike in value received by illicit addresses related to sanctions.

The purpose of sanctions

“The goal of sanctions is to discipline and punish the countries on which they are imposed,” Professor Emilios Avgouleas, author of Digital Finance in Europe: Law, Regulation, and Governance and Chair of International Banking Law and Finance at the University of Edinburgh, tells CoinGeek.

“In the case of Russia, sanctions were designed in a way that they would cut off the Russian financial system from international markets, namely, to hinder capital flows moving into and out of Russia,” he adds.

Slowing or stopping entirely a country’s capital flow would, in theory, damage its economic prosperity, growth and severely hamper its ability to, for example, wage war. Thus, as Avgouleas suggests, this is where international sanctions focus.

Commercial banks are often key to sanctions enforcement. Fiat money transfers need to go through regulated payment systems and banks, many of which are registered or licensed in multiple jurisdictions, subject to the regulatory regimes of those jurisdictions. A common feature of such regimes is Know Your Customer (KYC) regulations, which differ by country but usually require banks to demand users provide proof of their identity and address with valid documents, such as passport, utility bill, or even face and biometric verification. This goes along with regulations around reporting obligations. For example, in the U.S., the Bank Secrecy Act (BSA) requires financial institutions to keep records of cash purchases of negotiable instruments, file reports of cash transactions exceeding $10,000, and report suspicious activity that might signify money laundering, tax evasion, or other criminal activities.

These rules that govern the finance sector allow for enforcement bodies—such as the U.S. Office of Foreign Assets Control (OFAC), a financial intelligence and enforcement agency of the U.S. Treasury Department that administers and enforces economic and trade sanctions—to put individuals and financial entities onto their sanctions list and effectively have them removed from the financial system—as KYC and reporting obligation would block them from using traditional financial service providers.

This leads sanctioned parties to turn to other routes to restart their capital flow.

Why digital assets?

After Russia’s invasion of Ukraine, the U.S. barred Russia from making debt payments using foreign currency held in U.S. banks, as well as effectively freezing the country’s U.S.-based assets to prevent it from using its foreign reserves to prop up the Russian ruble. The U.K. also excluded key Russian banks from the U.K. financial system, whilst freezing the assets of all Russian banks and preventing Russian firms from borrowing money.

Perhaps the most significant move was barring major Russian banks—including Bank Otkritie, Novikombank, Promsvyazbank, Rossiya Bank, Sovcombank, VEB, and VTB—from the international financial messaging system, Society for Worldwide Interbank Financial Telecommunication (SWIFT).

“Global inter-bank payments are processed through a global payments and messaging system called SWIFT, which in a way is controlled by the United States, so cryptocurrencies are a way to conduct payments away from the banking system and thus off SWIFT,” Avgouleas says.

As well as hampering the operations of major banks, the severe penalty of being removed from SWIFT delayed payments to Russia for its oil and gas exports, forcing it to explore other money transfer options.

This is where peer-to-peer (P2P) systems that utilize ‘decentralized’, open-source technology come into play.

For example, the BSA reporting obligation imposed on traditional financial institutions only applies to U.S.-based digital asset trading platforms and payment systems, which are considered ‘money transmitters’: this does not include individual consumers, traders, and businesses using digital currency for their owner purposes, digital asset investment companies, or miners.

“Digital assets have the advantage that the asset itself exists in cyberspace. You can buy cryptocurrency through the internet, put it in a digital wallet and then sell it somewhere through the internet.” In other words, without ever going through heavily regulated financial systems, blocked-off payment networks, or U.S. monitored markets.

Another key distinguishing feature is the ability to send and receive money ‘anonymously,’ which is naturally a boon to those looking to abuse the system.

“In the crypto asset space there is anonymity, so you don’t know who’s transacting with whom,” Avgouleas explains. “What blockchain does is safeguard transparency and make records immutable and traceable. On the other hand, because of the anonymity, there is lots of malpractice in that space.”

The problem with anonymity

The transaction history in a block on the blockchain can be seen in its public key as a string of alphanumerical data. However, while others can view public transactions and holdings, they cannot see the real-world identity behind the public key, which naturally hampers attempts to determine who exactly is involved in a transaction.

Unfortunately, with anonymity often comes malpractice, whether in simple Twitter trolling or more complex crypto-sanctions avoidance.

The perceived benefits and necessity of anonymity as a founding principle of cryptocurrency asset technology are hotly debated, and Bitcoin’s creator Dr. Craig Wright has argued passionately that the concept of anonymity should be distinguished from privacy and confidentiality—total anonymity being unnecessary and in most cases undesirable, as well as encouraging bad actors in the space; in contrast, privacy and confidentiality can be maintained while also accepting the requirement to prove one’s identity when needed.

Avgouleas supports the idea that total anonymity as a necessity for innovation is a false narrative: “I do not see the connection between anonymity and innovation. There are technical solutions to secure privacy without having anonymity, they are called zero-knowledge proofs.”

Moving away from the outdated and tainted idea of anonymity, a zero-knowledge proof (ZKP) system revolves around one party (the prover) convincing the other party (the requester/verifier) that they know or are in possession of private information—e.g., passport details or ID—without having to reveal what that information is, by using asymmetric private-public key pairs.

In theory, this system can still be anonymous and thus abused. Still, it also allows for the possibility of proving an authentic identity (passport details, birth certificate, ID, etc.) without giving up that information. By using ZKP, one party could be satisfied that a pseudonym is linked to an authentic ‘real’ identity without that person having to hand over any private information about their identity. This could allow the privacy-conscious to maintain a level of anonymity while also allowing digital asset services and platforms to verify that a party conducting a transaction isn’t, for example, on a sanctioned list, without knowing necessarily who that party is—privacy, not anonymity.

Evidence for the abuse of anonymity in the digital asset space can be seen in the industry’s troubled history with international sanctions.

Mixing away sanction

Similarly, moving capital in and out of North Korea is difficult because it is also massively sanctioned. As a result, the hermit nation relies heavily on digital assets.

In January this year the Lazarus Group, a North Korean state-sponsored hacking group, was identified by the FBI as the perpetrators behind the June 2022 theft of $100 million worth of tokens on Harmony’s Ethereum-linked bridge; it then utilized Tornado Cash, a crypto-mixing platform, to launder the proceeds.

In another attack on the Bithumb exchange, the same North Korean hackers were responsible for the loss of approximately $30 million in a variety of digital assets, which were transferred to the groups’ wallets before being laundered via YoBit, a digital asset exchange based in Russia that allows its users to exchange between USD, Rubles and several digital currencies.

Sanctions prevent the flow of capital into a country, in this case, North Korea, and so these attacks can be seen as a state-backed effort to reintroduce these capital flows through other criminal means.

North Korea’s use of ‘mixers’ also highlights another reason the digital asset space is particularly fertile ground for sanctions-busting. A crypto mixer is a service that blends the digital assets of many users together to obscure the origins and owners of the funds. Mixers don’t exist solely for nefarious purposes and can be used by those in legitimate need of privacy, such as those who live under oppressive regimes. However, any service whose goal is to obfuscate the origins and ownership of money will be an instant hit with money launderers, state-sponsored or otherwise.

Last year Chainalysis found that almost 10% of all digital assets held by illicit entities had been laundered through a mixer, such as Tornado Cash, which received 34% of all funds sent to it in 2022 from illicit sources.

Tornado Cash exemplified two of the critical problems with effectively enforcing sanctions against digital asset platforms: the utility it offers to money launderers as a mixer platform, washing away the money’s tracks while maintaining users’ anonymity, and its DeFi structure makes it difficult to prevent it serving customers or prosecute anyone involved.

As a decentralized finance (DeFi) protocol, in theory, no person or organization can completely shut down Tornado Cash as they could with a centralized service. DeFi allows users to trade, borrow and lend digital assets without going through an intermediary, such as a bank or payment system. Being decentralized also means no office or location, and existing in a regulatory grey area under no specific jurisdiction’s laws. Many DeFi protocols also don’t require stringent KYC requirements like traditional financial services, allowing room for anonymity to be abused.

Scale of the problem

Utilizing the benefits of DeFi technology and anonymity, illicit use—or misuse—of the digital asset industry appears to have risen in the last few years in proportion to the increase in sanctioned entities.

“Sanctions-related transaction volume rose 152,844% from 2021 to 2022, a rise almost entirely down to the attempted circumventing of post-invasion sanctions against Russia,” Chainalysis found. The report also noted that 43% of all of 2022’s illicit transaction volume came from activity associated with sanctioned entities.

A UN report from 2019 estimated that North Korea has acquired $2 billion through various cyber-activities in an effort to evade international sanctions, and in the past four years, it has attacked entities including the Bank of BangladeshTaiwan’s Far Eastern International Bank, and ATM networks throughout Africa and Asia. In 2022 the country set a new yearly record, stealing over $600 million worth of digital assets.

Iran, the most sanctioned country in the world before Russia’s invasion of Ukraine, has been under a U.S. sanctions regime for nearly 40 years, and today a foreign company conducting trade with Iran will likely face penalties if the transfers involve dollars or a U.S. citizen works in that company.

In 2018 OFAC issued its first digital asset-related sanctions, designating two Iranian nationals associated with the SamSam ransomware strain on its Specially Designated Nationals And Blocked Persons (SDN) List.

Iran continued to pursue digital solutions to its capital flow restrictions. In 2020 the Central Bank of Iran (CBI) and the Iranian Ministry of Energy amended the country’s laws to permit the use of digital assets to pay for imported goods in an effort to avoid sanctions barring its access to foreign currency, such U.S. sanctions restricting the country’s access to the USD.

In August 2022, Iran made its first official digital asset imports order worth $10 million. In response to its removal from the SWIFT payment network, the country announced plans to create its own central bank digital currency (CBDC), which as of March this year, has completed its pre-pilot stage.

Taking a leaf out of Iran’s evasion book, Russia also recently announced a CBDC, the digital ruble, to be piloted on April 1. A state-owned digital currency can help circumvent restrictions on a fiat national currency by allowing the state to pay and transfer internationally without going via traditional banks and payment systems.

Another way to compensate for revenues lost due to sanctions is crypto mining. As U.S. sanctions have hampered Iran’s oil exports, Tehran realized it could utilize its oil surplus to supply electricity for crypto mining hubs. In 2020, Iran was responsible for around 4.5% of global BTC mining, amounting to revenues worth $1 billion annually.

In embracing the digital asset industry to circumvent sanctions, Iran has also been aided and abetted by some of the industry’s most prominent names.

In November last year, it was discovered that the world’s largest digital asset exchange, Binance, had processed Iranian transactions with a value of $8 billion since 2018. According to a review of Chainalysis data, almost all the funds flowed between Binance and Iran’s largest crypto exchange, Nobitex.

The U.S. Justice Department is pursuing an investigation into possible violations of money-laundering rules by Binance, who will no doubt face hefty fines if found guilty. But what else can be done about this state-sponsored sanctions-busting?

Authorities’ Russia response

Though digital assets are being used to evade sanctions, international governments have been trying to stay one step ahead of the game by tailoring their sanctions responses to that industry in particular.

As described by Avgouleas, the response is “a twofold strategy, one is to tighten money laundering regulations and the other is to put the entire industry under some form of regulation.”

Dealing with the first of these strategies, after Russia’s invasion, the U.S. initially imposed sanctions on digital currency transactions, targeting wallets and addresses in an attempt to stimy the flow of money and curb money laundering. U.S. citizens were required to “block the property and interests in property” of those under sanctions and not engage in trade or other transactions with such persons. Digital asset mining was also a focus, and the U.S. moved to restrict Russia’s imports of mining equipment.

Throughout 2022 OFAC added a mix of digital asset-linked individuals and entities associated with Russia to its ever-growing lists of Foreign Financial Institutions Subject to Correspondent Account or Payable-Through Account Sanctions (CAPTA List) and Specially Designated Nationals And Blocked Persons (SDN). The SDN list is frequently updated and cites activities such as cybercrime (including ransomware), drug trafficking, money laundering, and actual military actions—as in the case of Task Force Rusich, a Russian paramilitary organization operating in Ukraine that used digital currency to avoid sanctions.

The EU also moved swiftly to address concerns about the digital asset industry being a back door out of Russia’s restrictions. In April, the bloc banned European-based businesses from providing high-value services to Russia in exchange for digital assets exceeding €10,000 in value ($11,000~).

Key market players fell in line, even Iranian sanctions flouter Binance, who announced on its website:

“Binance is required to limit services for Russian nationals or natural persons residing in Russia, or legal entities established in Russia, that have crypto assets exceeding the value of 10,000 EUR.”

When October rolled around, the EU doubled down on its digital asset sanctions with its eighth set of economic and political measures against Russia, which included banning digital asset exchanges from serving Russian citizens and residents entirely, and tightening the existing prohibitions with a ban on all digital asset wallets, accounts, or custody services, irrespective of the amount of the wallet (the previous allowance of up to €10,000 was scrapped).

Services licensed in the EU such as, and LocalBitcoins, responded by informing their Russian users they’re no longer welcome, and U.S.-based exchange Kraken also abided by the EU’s more severe restrictions.

However, this eighth set of sanctions was apparently a bridge too far for Binance, which did not update its rules and maintained its policy based on the fifth set of EU sanctions, which does not ban all Russian nationals and residents. The exchange claimed this apparent non-compliance is because “there is room for improvement when it comes to clarity” in the EU’s sanctions—which smacks of ‘our lawyers have determined there’s room for interpretation’.

Binance is technically—by design—non-domiciled. However, it is registered as a Digital Asset Service Provider (DASP) in France, Italy, Lithuania, Spain, Cyprus, Poland, and Sweden, so it must respect EU sanctions if it wants to maintain licenses to operate in these member states.

The EU has yet to pull the exchange up on its apparent rule flouting or provide the further ‘clarity’ that Binance requested, so it remains a standoff for the moment. Binance might want to be aware, though, there is a precedent for companies and entities being punished for facilitating sanctions evasion.

Sanctions facilitators in the crosshairs

OFAC has been key in countering digital asset sanctions breakers, particularly darknet market Hydra, decentralized mixer Tornado Cash, and Russia-based digital currency exchange Garantex.

Hydra was the largest darknet market in the world until OFAC sanctioned it in April 2022, which led to its servers being seized by German police, along with $25 million worth of BTC, effectively shutting down the marketplace. Based in Russia, Hydra offered money laundering services to cybercriminals, including ransomware attackers.

Mixer Tornado Cash was one of the primary offenders when it came to facilitating sanction-breaking in 2022. Despite the logistical problems of shutting down a DeFi protocol, sanctions against it have proven effective: in August 2022, OFAC designated the platform for facilitating money laundering, which saw Tornado Cash’s activity drop significantly.

This drop-off is almost certainly connected to the U.S. sanctions, as the Chainalysis report points out: “As a global service Tornado Cash likely had more users who could face consequences for violating U.S. sanctions, or who would be cut off from using other services if their wallets displayed exposure to Tornado Cash following its designation.”

Digital asset exchange Garantex accounted for the majority of sanctions-related transaction volume last year. Founded in Estonia in late 2019, the company is now based in Russia after the Estonia Financial Intelligence Unit revoked its license in February.

The exchange was sanctioned in April 2022 by OFAC for facilitating illicit transactions with cybercriminals, the agency citing in a press release at the time:

“Analysis of known Garantex transactions shows that over $100 million in transactions are associated with illicit actors and darknet markets, including nearly $6 million from Russian RaaS (Ransomware as a Service) gang Conti.”

Conti is ransomware that appears to be distributed by the Russian-based hacking group Wizard Spider and is responsible for several high-profile attacks, including against the Scottish Environmental Protection Agency and the Irish Health Service.

In response, in February, the U.K. government sanctioned seven Russian nationals, which it designated ‘cybercriminals,’ for developing or deploying ransomware strains, including Conti and Ryuk, which together it claimed affected 149 U.K. individuals and businesses, extricating at least £27 million ($34 million).

Connections with Conti are just one reason Garantex found itself on the receiving end of OFAC sanctions, but unlike Hydra and Tornado Cash, which saw usage fall as a result of their designation, Garantex’s inflows actually rose, with an average of approximately $1.3 billion in monthly inflows through October, up from $620.8 million pre-sanctions.

This is most likely because Garantex and most of its users are based in Russia, as Chainalysis pointed out, “the Russian government has not enforced U.S. sanctions, leaving users not subject to U.S. jurisdiction with virtually no incentive to stop using Garantex.”

Garantex might be doing well in Russia, but rule flouters and illicit players of its like might soon find their market reach increasingly restricted to sanctioned countries as incoming regulation seeks to further tighten enforcement of the digital asset industry.

Incoming legislation

The EU is leading the way with its Markets in Crypto Assets (MiCA) regulatory package, which will come into force in 2024 and will bring a raft of new regulations and new rules governing the classification and issuance of digital assets.

MiCA will require all crypto-assets service providers (CASPs) serving EU customers to obtain a special license and comply with new regulatory obligations similar to those applicable to traditional financial providers—these include the rules governing the protection of customers’ assets and prudential requirements.

“To some extent, MiCA will place crypto issues on a more formal footing,” Avgouleas explains. “There are reporting obligations both for fraud and money laundering, so it will be easier to track down crypto transactions under MiCA.”

As hinted by Avgouleas, coming into force along with MiCA in 2024 will be the Transfer of Funds Regulation (TFR), which is a legislative package the EU is pushing to improve its anti-money laundering (AML) and counter-terrorism financing (CTF). Under the legislation CASPs will be required to retain and verify information about the origin of the crypto-assets, their beneficiaries and provide the data to regulators. Also, before making the crypto-assets available, platforms should verify whether the source of the crypto-assets is recorded in the register of high-risk entities to be established and managed by the European Banking Authority (EBA).

While MiCA and the TFR were on the table before Russia invaded Ukraine, sanctions evasion via the digital asset industry also predates the conflict and is wrapped up in the list of illicit activities the incoming regulation was designed to clamp down on.

Do the sanctions matter?

The case study of Russia’s sanctions evasion and the international effort to prevent it demonstrates the variable success of enforcing restrictions in the industry, but also the limitations of the digital asset space to prop up a hamstrung economy.

“Russia does not have a transparent economy, but what we know is there has not been a bank run,” Avgouleas says. “The currency collapsed but the country did not declare bankruptcy, so the Russian bonds have not become worthless, which means the sanctions were successful only in part.”

The currency collapsed, and the country’s economy has not. But is this down to Russia’s illicit use of the digital asset industry? Avgouleas thinks not, pointing to the industry’s downturn in 2022, including major crypto lenders Celsius and Voyager, as having a significant impact on the ability of those using digital assets to counter sanctions:

“The ideal technique for people who want to evade sanctions or launder money is that you take your cryptocurrencies, you deposit them with the crypto lenders and they exchange them with cash or fiat. Your holding in crypto coins have turned into hard currency instantly. So, the collapse of crypto lenders has been a major setback for efforts to evade sanctions.”

Industry collapses of 2022 created logistical problems for big and small-scale money launderers, but also drastically reduced the value of digital assets, making it a less profitable route to go down for nation states looking to counter serious financial restrictions.

In April 2022, the Center for Strategic and International Studies (CSIS), a bipartisan nonprofit policy research organization in the U.S., suggested that Russia could not use digital currencies to meet its imports demand due to “limited ruble-to-BTC convertibility.” According to the CIS report, total crypto trading volumes on all exchanges worldwide averaged about $24 billion in February 2022, compared to $5 trillion in transactions per day over SWIFT, the system from which major Russian banks are now banned.

Russia’s import demand is $602.7 million, meaning that digital currency would also have to become the medium of exchange for a much larger section of goods for Russia to cover its sanctioned imports.

On the flip side, Russia is the third-largest country for crypto mining popular digital assets and has no shortage of natural resources. Oil that would previously have been exported can be used for electricity production to fuel mining operations, and Gas-powered mining hubs are gaining momentum in the country. In June 2022, Russia’s state-owned gas giant Gazprom partnered with Bitriver, the largest BTC mining service supplier, to supply flare gas to Bitriver for its mining activities. In February this year, Bitriver announced it would open a 100 MW mining facility in Siberia.

All of which means, as a side effect of broader economic sanctions Russia has been driven to embrace the digital asset industry, which in the short term might not be able to compensate for its loss of capital flow but puts the country in a potentially profitable position if the crypto market picks up. Something Avgouleas predicts:

“I think it will again become a popular way to evade sanctions. If the market comes back and starts looking like a lucrative investment again, I expect Russian interest to return to the crypto markets.”

Whether or not Russia doubles down on its interest in digital assets might depend on the fluctuating fortunes of the industry in 2023 and beyond. In the meantime, it could be that the crypto-breaking efforts of Russia and other countries, as well as the crypto-sanctions imposed on the industry in response, matter less for their real-world impact and more for consistency with other financial and economic sanctions, as much as for symbolic reasons.

Watch: Law & Order Regulatory Compliance for Blockchain & Digital Assets

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.