Image of interference over ransomware text, data processing and computer circuit board. global technology, computing and digital interface concept digitally generated image. — Photo

US authorities dismantle ransomware-friendly Bitzlato exchange, arrest co-founder

U.S. authorities have arrested the co-founder of the Bitzlato digital asset exchange due to its ransomware-friendly business model and links to the defunct Hydra ‘darknet’ marketplace.

On Wednesday, the U.S. Attorney for the Eastern District of New York (EDNY) charged Anatoly Legkodymov with conducting a money transmitting business that transported and transmitted illicit funds and that failed to meet U.S. regulatory safeguards, including anti-money laundering (AML) requirements.

Legkodymov, who was arrested Tuesday night in Miami, is identified as a senior executive and the majority shareholder of the Hong Kong-registered Bitzlato (previously known as Changebot), which offered both exchange and peer-to-peer services. A 40-year-old Russian national residing in Shenzhen, Legkodymov faces up to five years in prison if convicted.

The EDNY’s investigation was assisted by the Federal Bureau of Investigation, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the Department of Justice’s new National Cryptocurrency Enforcement Team (NCET) and French law enforcement authorities. French authorities, with assistance from Europol and partners in Spain, Portugal and Cyprus, “dismantled Bitzlato’s digital infrastructure and took enforcement actions.”

At a press conference Wednesday, authorities said the investigation is ongoing. Bitzlato’s other co-founder and second-largest shareholder is identified only as ‘Executive-1’ in the DoJ complaint. Bitzlato’s unidentified CEO reports directly to the two co-founders.

FinCEN issued an order fingering Bitzlato as “a ‘primary money laundering concern’ in connection with Russian illicit finance.” FinCEN alleged that Bitzlato facilitated “illicit transactions for ransomware actors operating in Russia, including Conti, a Ransomware-as-a-Service group that has links to the Government of Russia.” 

Based on its concerns as to the integrity of the U.S. financial sector, FinCEN’s order “prohibits certain transmittals of funds involving Bitzlato by any covered financial institution.” 

A many-headed Russian snake 

The DoJ’s complaint against Legkodymov notes that Bitzlato was founded in 2016 and has processed nearly $4.6 billion in transactions since May 2018. The complaint alleges that “a substantial portion of those transactions constitute the proceeds of crime, as well as funds intended for use in criminal transactions.” 

From its launch, Bitzlato promoted its disinterest in performing adequate ‘know your customer’ (KYC) requirements. The site assured customers that “neither selfies nor passports required. Only your email needed” for registration. On February 28, 2022, Bitzlato announced self-verification requirements for new users but these were “not obligatory” for existing users.

Before the infamous Hydra darknet marketplace was shut down by U.S. and German authorities last April, Hydra was Bitzlato’s largest counterparty for cryptocurrency transactions and Bitzlato served as Hydra’s second-largest counterparty.

From May 2018 to April 2022, Hydra users sent $170.6 million in crypto to Bitzlato, while an additional $218.7 million went from Hydra to intermediate wallets before being sent to Bitzlato. Over the same period, Bitzlato users sent $124.4 million directly to Hydra, plus another $191.9 million from intermediate wallets.

Interestingly, the FinCEN order notes that “approximately two-thirds of Bitzlato’s top receiving and sending counterparties are associated with darknet markets or scams.” The order then cites the regulatory-averse Binance exchange as Bitzlato’s top receiving counterparty, in terms of total amount of BTC received from May 2018 to September 2022.

Bitzlato also received over $15 million worth of crypto “representing the proceeds of ransomware attacks” that were later converted to cash. The complaint cites a “dark web cybercrime forum” conversation in which one user advised others to route stolen funds through Russian exchanges like Bitzlato because “they are unlikely to give you away to some clowns from the ass of Asia.” 

The complaint cites numerous interactions between Bitzlato customers and customer service reps in which blatant criminality is discussed with zero pushback from the site. Other users confess to using ‘straw man’ accounts they purchased from other users without Bitzlato taking any action to close the accounts.

Many Bitzlato-Hydra transactions involved opiates and other drugs, but the aforementioned Executive-1 advocated for not getting too “zealous” in blocking these users, saying such actions would be “not very correct from a business point of view.” Legkodymov responded by noting that Bitzlato potentially stood to reap a “bonus” by seizing crypto in accounts by known drug users/dealers.

For sale: ‘Crime for Dummies’ book, never read 

The U.S. authorities’ interest in Bitzlato ramped up when they noticed the site was dealing with U.S.-based customers and exchanges. A confidential human source was able to open a Bitzlato account despite registering from an New York-based IP address and Bitzlato reps advised customers that they could “use American bank cards to buy and sell” crypto on the platform.

Last August, Legkodymov received an email indicating that Bitzlato’s website had received 264 million visits from U.S. IP addresses, making the U.S. the site’s fourth largest source of traffic. A U.S.-based exchange identified only as Exchange-1 told the feds that 1,600 of its customers had sent a total of $2.4 million to Bitzlato-hosted wallets since May 2018.

And in a truly dumb move, Bitzlato also employed U.S.-based vendors to handle everything from cybersecurity to its corporate email and customer service platforms. Moreover, the feds concluded that Legkodymov arrived in the U.S. last October and continued to administer the Bitzlato platform from a residence in Florida.

Justice delayed is…

Wednesday’s pre-announcement of the DoJ’s actions sparked minor panic in crypto HODLers, who panic-sold enough tokens to temporarily sink the value of BTC and ETH by around 5% each.

The frantic selling was based on anticipation that the DoJ’s target would be a major player such as Binance, particularly given recent reports that the DoJ has the exchange in its sights, or recent FBI testimony that the exchange is a prime conduit for ransomware attackers looking to launder their ill-gotten gains.

There was also speculation that Barry Silbert’s Digital Currency Group (DCG) might be in the DoJ’s crosshairs, given the EDNY’s involvement and last week’s reports that DCG’s financial transfers to its Genesis Global subsidiary were under EDNY scrutiny.

Teasing is cruel but I guess good things come (eventually) to those who wait.

Watch: Law & Order – Regulatory Compliance for Blockchain & Digital Assets

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.