US imposes sanctions on crypto exchanges used by Russian ransomware gangs

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Cryptex and PM2BTC, two cryptocurrency exchanges that laundered money from Russian ransomware gangs and other cybercriminal groups.

Cryptex (which used the domain cryptex(.)net) reportedly provides financial services to cybercriminals and has laundered more than $51 million in funds related to ransomware attacks.

“Cryptex is also associated with over $720 million in transactions to services commonly used by Russia-based ransomware actors and cybercriminals, including fraud shops, mixing services, exchanges without KYC programs, and the OFAC-designated virtual currency exchange Garantex,” the Treasury Department said.

PM2BTC (which operated the now-seized domain pm2btc(.)me) is accused of laundering virtual currencies related to ransomware and other illicit Russian activities. It allegedly facilitated currency-to-ruble conversions via U.S.-sanctioned financial institutions for Russian threat actors, while failing to maintain anti-money laundering safeguards.

The Treasury Department linked the crypto exchanges to Sergei Sergeevich Ivanov (also known as Taleon), a Russian money launderer believed to have processed hundreds of millions of dollars for ransomware actors, initial access brokers, darknet marketplace sellers, and several other threat actors over the past two decades.

“Through various payment processing services, including one doing business as ‘UAPS,’ Ivanov acted as a payment processor for several fraud shops, including the OFAC-designated Genesis Market, whose website was taken down by law enforcement in 2023,” the Treasury Department said.

The U.S. State Department is also offering a reward of up to $10 million through the Transnational Organized Crime Rewards Program for any information leading to the arrest or conviction of Ivanov and Timur Shakhmametov, the operator of Jokers Stash, one of the largest and most profitable marketplaces for stolen credit card data and personally identifiable information.

These actions are part of a broader coordinated international effort involving U.S. government agencies and foreign law enforcement authorities, in conjunction with Operation Endgame, to disrupt Russian cybercriminal services and dismantle financial facilitators of transnational organized cybercrime.

As a result of today’s sanction, US citizens and organizations are prohibited from transacting with Ivanov, PM2BTC, or Cryptex. All US assets associated with them will be frozen, and US financial institutions or foreign entities that do business with them will also face penalties.

“The United States and our international partners remain steadfast in our efforts to prevent cybercriminals like PM2BTC and Cryptex from operating with impunity,” said Bradley T. Smith, Acting Assistant Secretary of the Treasury for Terrorism and Financial Intelligence.

“The Treasury Department, working closely with our allies and partners, will continue to use all tools and authorities to disrupt networks that seek to use the virtual asset ecosystem to facilitate their illicit activities.”

OFAC previously imposed sanctions on crypto exchanges Bitpapa, TOEP and Crypto Explorer in March 2024 and on Moscow-based crypto exchange Garantex in April 2022 for their collaboration with OFAC-designated Russian dark web markets and banks.

Cryptocurrency mixing services Sinbad, Tornado Cash and Blender.io were also identified as money laundering services for the North Korean hacker group Lazarus.