Ransomware and money laundering at Bitzlato Crypto Exchange seized by the police

U.S. Department of Justice charged Anatoly Legkodymov (Russian national) with aiding cybercriminals to launder money.

Legkodymov, who was taken into custody in Miami on Tuesday night, will appear in court today at the U.S. District Court of the Southern District of Florida.

French authorities dismantled Bitzlato’s digital infrastructure in an operation that involved Europol, partners from Spain, Portugal and Cyprus.

For context, a examining cryptocurrency-based money laundering activity shows that Bitzlato received over 2 billion dollars of cryptocurrency between 2019-2021. This includes $966 million worth of illicit and dangerous cryptocurrency. That’s roughly 48%.

Chainalysis stated that the crypto exchange received $206 million in darknet market funds, $224.5 Million from scams and $9M from ransomware hackers.

The DOJ stated today that Bitzlato was allegedly a haven for criminal proceeds, and money intended to be used in criminal activities, due to “deficient knowledge-your-customer” (KYC).

Hydra Market, [..] was Biltlato’s biggest counterpart in cryptocurrency transactions before it was taken down by U.S. German Authorities .

Hydra Market users exchanged more than $700,000,000 in cryptocurrency directly with Bitzlato or through intermediaries. They also spent over $15 million on ransomware proceeds, which the DOJ classified as ransomware proceeds.

Legkodymov, and other Bitzlato managers, were also said to have known that there was a lot of illicit activity in Bitzlato accounts. Many users had registered accounts with stolen identities.

Bitzlato seizure banner

Legkodymov received reports that the cryptocurrency exchange did not allow US users to sign up for accounts. However, Legkodymov found substantial traffic from U.S-based IP addresses to the platform, which was more than 250,000,000 visits just in July 2022.

Bitzlato notified users that the cryptocurrency exchange had been hacked this morning and assured them that all funds would be safe, despite it.

Our service was compromised, and part of the funds were withdrawn. We request that you do not attempt to resuscitate our service in the course of these proceedings. Bitzlato warned that withdrawals will be suspended for an indefinite period.

We want you to know that your funds are safe. Although the attackers could withdraw only a portion of the funds, all victims will receive a full refund. We have temporarily disabled our service as a security precaution. You are asked not to refill your wallets until work has been restored.” The Blitzlato team stated seven hours later.

Blitzlato hack warning (BleepingComputer)

U.S. Department of the Treasury’s Financial Crimes Enforcement Network also today designated the Bitzlato cryptocurrency exchange as a “primary concern for money laundering” in relation to illicit Russian finance.

“Bitzlato plays a critical role in laundering Convertible Virtual Currency (CVC) by facilitating illicit transactions for ransomware actors operating in Russia, including Conti, a Ransomware-as-a-Service group that has links to the Government of Russia,” FinCEN said.

“Bitzlato is a threat to the world by allowing Russian cybercriminals, ransomware agents and hackers to launder their stolen proceeds,” FinCEN Acting director Himamauli Das said Wednesday.

“As criminals, criminal facilitators, and so does our ability disrupt these networks,”

Update: Information on Bitzlato has been updated to warn users about a hacker and money laundering activities reported by Chainalysis.