U.S. Sanctions Crypto Exchange Accused of Catering to Ransomware Criminals

Sanctions mark the first time the U.S. has blacklisted a cryptocurrency exchange—SUEX OTC—heralding a new approach to firms found handling illicit payments.

By guest author Ian Talley and Dustin Volz from the Wald Street Journal

Related Video

The actions on Tuesday, September 21, 2021 are the latest effort by the Biden administration to curtail the growing problem of ransomware attacks, which are estimated to plunder hundreds of millions of dollars annually from American businesses and in recent months have hobbled critical U.S. infrastructure. Russian criminal hacker groups are responsible for a large portion of ransomware strikes against the West, officials say, making the issue a diplomatic concern for President Biden as well. It also sets the stage for a broader sanctioning of the crypto sector as the U.S. acts to weed out its use by criminals, terrorists and others.

Deputy Treasury Secretary Wally Adeyemo said the sanctioning of SUEX should be seen as a warning to other bad actors in the digital currency marketplace, reflecting the administration’s intention to “disrupt and deter these criminals by going after their financial enablers.”

More sanctions should be expected, officials said. “We will continue to crack down on malicious actors,” Treasury Secretary Janet Yellen said in a statement.

Representatives for SUEX, incorporated in the Czech Republic but whose owners live in Russia, according to corporate records, didn’t immediately respond to requests for comment. The sanctions prohibit U.S.-based firms from doing business with the firm and blocks any assets it has within U.S. jurisdiction.

Senior U.S. officials said the exchange was singled out because of intelligence analysis showing 40 % of its transactions were with groups known to engage in illicit activity. Additionally SUEX had helped process payments linked to at least eight ransomware variants, officials said. Blockchain analytics firm Chainalysis Inc. said it found SUEX has received more than $481 million in bitcoin since it was founded in 2018, but a third of it—over USD 160 million—has come from those identified as scammers, people operating on the dark web and ransomware gangs.

Although Tuesday’s action introduces a new sanctions regime meant to rein in illicit activity in the crypto sector, the administration was careful to say that only a small portion of digital currency transactions are used for illicit purposes. Officials also said the updated guidance is intended to motivate cybersecurity improvements among businesses and more transparency when they suffer an attack.

Officials said they are probing three particular types of cryptocurrency services for which criminals have shown preferences because of their anonymity: So-called “nested” exchanges, such as SUEZ, that piggyback off large crypto platforms; peer-to-peer platforms that allow direct, confidential transactions between parties; and “mixers,” whose exchange services make tracking transactions more difficult.

Related Video 2

“SUEX filled an essential niche in the ecosystem of underregulated exchanges that, either through willful ignorance or witting cooperation, facilitate the conversion of illicit crypto ransoms into real-world currency,” said Ari Redbord, a former senior Treasury official now at the blockchain intelligence firm, TRM Labs.

But while the action homes in on just a sliver of the crypto market, “major exchanges are also on notice,” given the risk of their services being used by criminals, Mr. Redbord said.

SUEX markets itself online as one of the largest crypto exchanges in Moscow, offering clients the ability to exchange up to 500 bitcoins—equivalent to more than USD 21 million at the current exchange rate. On the firm’s LinkedIn page, it advertises itself as “processing high risk payments.” Its owners also are associated with other crypto and digital payment services, including an online bank created last year by one of Russia’s largest network providers.

Todd Conklin, chief data officer at Treasury’s Office of Terrorism and Financial Intelligence, said major cryptocurrency exchanges have strengthened their anti-money-laundering systems in recent years as regulators have stepped up oversight.

“However, there’s an illicit underbelly that has been forming in the smaller nested exchange and mixer ecosystem, which we want to shine a light on,” Mr. Conklin said on a podcast published Tuesday by TRM Labs.

Tuesday’s sanction and updated guidance is part of a broader effort to regulate cryptocurrencies and other digital assets as the market becomes increasingly mainstream. Current and former U.S. finance and security officials say the financial technology offers the potential to revolutionize the global financial system in a myriad of beneficial ways. Treasury officials said they are trying to balance encouraging innovation and market growth with the need to protect national security by requiring crypto services to report transaction details.

Critical to that effort, those current and former officials said, is getting other countries to adopt similar standards.

Administration officials will next month meet with their foreign counterparts to discuss cybersecurity, including the crypto markets and ransomware. The administration has also been holding bilateral talks with senior Russian officials to discuss the issue, but officials have said those have yet to yield much progress.

U.S. officials have said the Kremlin likely isn’t directly involved in ransomware campaigns. But they blame Russian President Vladimir Putin for allowing those groups to operate within Russian borders. Russia has denied responsibility.

Recent high-profile attacks that prompted the shutdown of a major U.S. fuel pipeline, disrupted a top meat supplier and others have all been linked to criminal groups believed to operate in Russia. On Monday, an Iowa grain co-op said it was hit with a cyberattack that security researchers linked to newly launched ransomware group BlackMatter, which the researchers said demanded USD 5.9 million to unlock the organisation’s data. BlackMatter is also suspected to have Russian ties, researchers said.

“Ransomware is a complex global challenge,” said Anne Neuberger, Mr. Biden’s deputy national security adviser for cyber and emerging technology, during the press briefing. “Criminals operate in this place because it is profitable.”

The administration’s international collaboration follows from a vow late last year by the leaders from the Group of Seven wealthiest democracies to collectively act against ransomware, citing the crypto ransomware payments in particular.

Ms. Neuberger said that hackers are estimated to have extorted over USD 400 million from American targets in 2020, a fourfold increase from an estimated USD 100 million in 2019. Those numbers only represent a fraction of total losses, Ms. Neuberger said, because many businesses choose not to report when they have been hit by ransomware.

www.wsj.com