(Disclaimer) ** This article is a reflection of the gravitas of the ongoing criminal activities being carried out. It includes factual information collated through OSINT. The author wishes to keep their urge to launch into an unprompted and unwarranted rant on the aforementioned topic under control. The author has put in considerable efforts to keep the tonality of the article neutral. Well, that is something for the readers to decide.

These actions aim at resounding a strict message to illicit actors who disrupt the sanctity of virtual currency network through their nefarious money laundering activities. They also underscore the treasury’s commitment to dismantle the proliferation of cybercriminal activities, particularly the ones that are state aligned (example, Russia).

An Action of Coordination

“The U.S. Secret Service’s Cyber Investigative Section, the Netherlands Police, and the Dutch Fiscal Intelligence and Investigation Service (FIOD) have seized web domains and/or infrastructure associated with PM2BTC, UAPS, and Cryptex. The U.S. Department of State has issued a reward offer up to $10 million through its Transnational Organized Crime Rewards Program for information leading to the arrest and/or conviction of Ivanov. Lastly, the U.S. Secret Service and the U.S. Attorney’s Office for the Eastern District of Virginia are unsealing an indictment of Ivanov and another Russian national, Timur Shakhmametov. These actions by U.S. and Dutch agencies were taken in partnership with Operation Endgame, a multinational coordinated cyber operation with European partners, to dismantle financial enablers of transnational organized cybercrime”.

PM2BTC AND CRYPTEX- IVANOV’S KEY MONEY LAUNDERING TOOL

The aforementioned exchangers, entrenched in Russia, are majorly connected in the money laundering activities of the illicit actor, Ivanov. Both the exchangers facilitate the conversion of virtual currency and thereby laundering of funds of ransomware actors. These actors then further the funds through various obfuscation methods.

“Cryptex advertises its virtual currency services in Russian and has received over $51.2 million in funds derived from ransomware attacks. Cryptex is also associated with over $720 million in transactions to services frequently used by Russia-based ransomware actors and cybercriminals, including fraud shops, mixing services, exchanges lacking KYC programs, and OFAC-designated virtual currency exchange Garantex. OFAC is designating Cryptex pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757 (“E.O. 13694, as amended”), for being responsible for or complicit in, or for having engaged in, directly or indirectly, a cyber-enabled activity identified pursuant to E.O. 13694, as amended, and pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.”

In case you are interested in PM2BTC, Cryptex and UAPS attribution, reach out to our team, Cryptocondria.me.

For reference, I am attaching one image from an open source video to understand the functioning pattern of PM2BTC.

PM2BTC, similar to many virtual currency exchangers, operates by accepting your Bitcoin or Litecoin public key (address) and requesting payment to initiate the process of transaction. Upon receipt of the payment, it transfers the equivalent amount of Bitcoin or Litecoin directly to the provided cryptocurrency address. The following image makes it clearer:

This seemingly straightforward process, however, masks the more nefarious nature of such platforms. Thus, the action undertaken by the treasury not only plays a pivotal role in curbing these activities but also dismantling their infrastructure from international financial system.