The USA treasury, for the first time, imposed sanctions on a cryptocurrency exchange after the exchange (Suex.io) reportedly helped ransomware attackers launder their profits. America has seen high-profile cyberattacks this year prompting President Biden to discuss the issue with Putin and Xi.
As an Over Top Counter (OTC) exchange, Suex did not directly custody its clients’ crypto, instead, it fed off the infrastructure of a large, global cryptocurrency exchange to conduct its transactions. Using a large exchange infrastructure, Suex was able to convert the monies with sources from ransomware attacks. More than 40 percent of all transactions handled by Suex, involved illicit proceeds, the US OFAC, said in a press release.
Suex is legally registered in the Czech Republic but has no known physical presence in that country. Operating from branch offices in Moscow and St. Petersburg, as well as other locales in and around Russia and in the Middle East, Suex claimed it can convert cryptocurrency holdings into cash at these branch locations and even facilitate the exchange of cryptocurrency for physical assets like real estate, cars, and yachts.
Ever since February 2018, cyber thieves and ransomware perpetrators have deposited more than $160 million in bitcoins into digital wallets that Suex held at large regulated exchanges, according to a review by Chainalysis, a blockchain analytics firm that supported OFAC’s investigation.
|Suex illicit sources||Amount in USD since 2018|
|Ransomware (Ryuk, Conti, Maze, etc)||12 million|
|High-risk exchanges||82 million|
|Darknet markets||20 million|
Running as a “concierge” cryptocurrency broker, the exchange onboards clients only after receiving a personal referral, communicates with them through the encrypted messaging platform Telegram, and only handles transactions of $10,000 or more in value, blockchain intelligence firm TRM Labs found.
OFAC also updated the ransomware advisory issued in October 2020. “OFAC strongly encourages all victims and those involved with addressing ransomware attacks to report the incident to CISA, their local FBI field office, the FBI Internet Crime Complaint Center, or their local U.S. Secret Service office as soon as possible. Victims should also report ransomware attacks and payments to Treasury’s OCCIP and contact OFAC if there is any reason to suspect a potential sanctions nexus with regard to a ransomware payment. As noted, in doing so victims can receive significant mitigation from OFAC when determining an appropriate enforcement response in the event a sanctions nexus is found in connection with a ransomware payment,” the advisory said.