Treasury sanctions another crypto exchange while DoJ indicts two ransomware operators

Quick Take

  • The Treasury has pushed ahead a flurry of new sanctions on the ransomware ecosystem.
  • In addition to designating Chatex, they have named two ransomware operators to the specially designated nationals list. 
  • The Department of Justice also announced indictments of those two operators, one of whom is in custody in Poland.

Today, the Department of Treasury, alongside the Department of Justice, announced new sanctions on a cryptocurrency exchange linked to ransomware payouts. 

The Treasury's Office of Foreign Asset Control (OFAC) has added Chatex, alongside affiliated entities IZIBITS OU, Chatextech SIA and Hightrade Finance Ltd to its sanctions list. Chatex is a crypto exchange that the Treasury found to have facilitated ransomware payouts: 

"Chatex, which claims to have a presence in multiple countries, has facilitated transactions for multiple ransomware variants. Analysis of Chatex’s known transactions indicate that over half are directly traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware. "

Chatex was known for its links to Suex, another Russia-based OTC desk that OFAC sanctioned at the end of September, the first time it had taken action against a crypto exchange directly. Egor Petukhovsky is the founder of both exchanges, but he announced his departure from Chatex on the heels of the Suex designation.

In addition to the firms, the Treasury has also targeted two individuals associated with ransomware-based organized crime groups, Yaroslav Vasinskyi and Yevgeniy Polyanin. 

In a subsequent press briefing, Attorney General Merrick Garland unveiled an indictment against Vasinskyi, as well as his arrest in Poland and pending extradition to the U.S. 

Garland also announced the seizure of $6.1 million in bitcoin from Polyanin as well as an indictment against him. 

"This will not be the last time," Garland said. "I want to emphasize that we all must play a role in America's cyber defenses."

A representative for blockchain analytics firm Chainalysis told The Block, "Chatex has received at least $77.5M in Bitcoin since it began operating in September 2018, including more than $17M in illicit funds, including from darknet markets (primarily Hydra), scams (primarily TheFiniko and, and various ransomware strains."

The Department of State also announced a $10 million reward for information leading to leaders of the Sodinokibi/REvil ransomware-as-a-service gangs.

In a note that seems to reach out to the crypto industry, the Treasury's announcement explains: 

"While most virtual currency activity is licit, virtual currency remains the primary mechanism for ransomware payments, and certain unscrupulous virtual currency exchanges are an important piece of the ransomware ecosystem. The United States urges the international community to effectively implement international standards on anti-money laundering/countering the financing of terrorism (AML/CFT) in the virtual currency area, particularly regarding virtual currency exchanges."

Since the Suex designation, the Treasury has been busy engaging with the crypto industry, putting out new user-friendly guidance on basic expectations to avoid sanctions violations. 

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.