September 30, 2020 | Policy Brief

U.S. Steps Up Pressure Against Russian Crypto Abuse

September 30, 2020 | Policy Brief

U.S. Steps Up Pressure Against Russian Crypto Abuse

The Trump administration this month issued two sets of penalties against Russian actors engaged in illicit cryptocurrency transactions. These episodes highlight how U.S. adversaries ranging from cybercriminals to hostile states like Russia are increasingly exploiting cryptocurrencies to facilitate illicit financial activities.

Last week, the Treasury Department designated Danil Potekhin and Dmitri Karasavidi, Russian hackers alleged to have defrauded hundreds of customers of U.S.-based cryptocurrency exchanges Polinex and Gemini and Malta-based Binance. According to an indictment simultaneously unsealed by the Department of Justice (DOJ), Potekhin constructed fake web domains that cloned, or “spoofed,” the exchanges’ actual websites, allowing the hackers to capture the login credentials of unwitting customers.

The hackers used those harvested credentials to drain their victims’ digital wallets and make purchases that drove up the price of a smaller cryptocurrency the hackers already owned, which they then sold for a quick return on investment. All told, the hackers pilfered at least $16.8 million in crypto and fiat currencies.

Karasavidi then laundered their ill-gotten gains into a digital wallet under his own name, obfuscating the funds’ “nature and source … by transferring them in a layered and sophisticated manner through multiple accounts and multiple virtual currency blockchains,” according to Treasury. A U.S. Secret Service investigation of the scheme resulted in the seizure in December 2017 and August 2019 of over $6 million in U.S. dollars as well as various cryptocurrencies worth over $15 million at the time of their seizure.

Those designations followed additional sanctions issued a week prior, targeting three Russian employees of the Internet Research Agency (IRA), the Russian troll farm previously sanctioned for interfering in the 2016 U.S. presidential election. According to Treasury, the sanctioned individuals “supported the IRA’s cryptocurrency accounts,” which the IRA “uses … to fund activities in furtherance of [Russia’s] ongoing malign influence operations around the world.”

A concurrent DOJ indictment, along with a similar one filed back in 2018, revealed that the IRA used illicit cryptocurrency trades to further its interference campaign before, during, and after the 2016 election. Russian operatives allegedly used stolen identities to open fraudulent accounts at several U.S. exchanges, which the operatives then used both to facilitate their influence operations and enrich themselves.

The IRA’s methods resemble those employed by Russian military intelligence (GRU) agents who used laundered bitcoin, often processed by U.S.-based companies, to conceal their identities and sources of funds when purchasing accounts, servers, and domains used in the 2016 Democratic National Committee attack and other high-profile cyberattacks. The GRU agents layered at least some of their bitcoin through BTC-e, a Russian-run cryptocurrency exchange that served as one of the world’s top laundromats for cybercriminals.

The relative anonymity and lack of regulatory oversight associated with cryptocurrencies underscore the need for strong anti-money laundering and countering the financing of terrorism (AML/CFT) regimes both in the United States and internationally. As Treasury has noted, because malign actors “must launder their misappropriated funds, AML/CFT regimes pose a critical chokepoint in countering and deterring this” illicit activity.

In addition to employing indictments and sanctions to expose and disrupt these schemes, Washington should work with its allies to promote comprehensive implementation of relevant Financial Action Task Force (FATF) standards, particularly the so-called “travel rule,” which requires virtual asset service providers (VASPs), including cryptocurrency exchanges, to obtain and share due-diligence information about their customers when transferring funds. Washington should likewise support the establishment of an international framework enabling coordination and information-sharing regarding VASPs.

Washington should also engage U.S. and international stakeholders to develop regulatory and technological solutions to improve illicit-activity detection and address challenges such as privacy coins, decentralized exchanges, unhosted wallets, and retail merchant exchanges. In this regard, government grants could help incentivize private sector innovation. Finally, Congress should require the administration to submit a national strategy on digital assets that includes a plan to address the relevant deficiencies highlighted in the last FATF review of U.S. compliance with international AML/CFT standards.

John Hardie is research manager and Russia research associate at the Foundation for Defense of Democracies (FDD), where he also contributes to FDD’s Center on Economic and Financial Power (CEFP). Trevor Logan is cyber research analyst for FDD’s Center on Cyber and Technology Innovation (CCTI). For more analysis from John, Trevor, CEFP, and CCTI, please subscribe HERE. Follow Trevor on Twitter @TrevorLoganFDD. Follow FDD on Twitter @FDD, @FDD_CEFP, and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.


Blockchain and Digital Currencies Cyber Russia Sanctions and Illicit Finance