Monday, November 4, 2024
Homecyber securityAuthorities Seized Cryptonator Site & Charged the Admin

Authorities Seized Cryptonator Site & Charged the Admin

Published on

Malware protection

The IRS-Criminal Investigation, the US Department of Justice (DOJ), and the Federal Bureau of Investigation (FBI), in partnership with the German Federal Criminal Police Office (BKA) and the Attorney General’s Office in Frankfurt, successfully seized the domain of the online cryptocurrency wallet Cryptonator.

The takedown was due to the platform’s failure to implement appropriate anti-money laundering (AML) controls and its facilitation of illicit activities.

Cryptonator, launched in 2014, allowed users to perform direct transactions and instant exchanges between various cryptocurrencies within a single personal account, effectively operating as a personal cryptocurrency exchange.

- Advertisement - SIEM as a Service

The website now displays a takedown notice from the U.S. Justice Department, the Internal Revenue Service, and German law enforcement agencies, highlighting the international collaboration in this operation.

Charges Against Roman Pikulev

According to the TRM Labs report, In addition to seizing the site, the DOJ’s Middle District of Florida prosecutors filed a criminal complaint against Russian national Roman Pikulev, accusing him of founding and operating Cryptonator as an unlicensed money service business (MSB) that processed over $235 million in illicit funds.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Despite conducting business in the United States, Pikulev faces charges of operating an unlicensed MSB and money laundering for failing to register with the US Treasury’s Financial Crimes Enforcement Network (FinCEN).

Photos of identification cards attributed to Roman Pikulev, aka Roman Boss. Images: U.S. Department of Justice
Photos of identification cards attributed to Roman Pikulev, aka Roman Boss. Images: U.S. Department of Justice

The DOJ’s charges assert that Cryptonator had no significant AML processes or effective AML programs in place.

Users could onboard anonymously with just a username and password, bypassing the robust Know Your Customer (KYC) requirements mandated by law.

The indictment describes Cryptonator as an international money laundering scheme that catered to criminals, receiving proceeds from computer intrusions, hacking incidents, ransomware scams, fraud markets, and identity theft schemes.

Evidence and Impact of Cryptonator’s Operations

The indictment reveals that Pikulev was aware that the funds processed through Cryptonator were proceeds of illicit activities or intended for criminal use.

Hackers, darknet market operators, ransomware groups, and sanctions evaders gravitated to the platform to exchange cryptocurrencies and cash out into fiat currency. Pikulev allegedly built functions into the platform to anonymize the source of cryptocurrency, facilitating these illegal activities.

According to the charges, Pikulev, also known as “Roman Boss,” used Russian and German IDs and documents to register websites and email addresses for the platform. He also utilized U.S.-based technology providers and bought ads on U.S. social media sites to further the scheme.

Cryptonator facilitated over 4 million transactions worth $1.4 billion, with Pikulev taking a small cut from each transaction.

Blockchain intelligence revealed that Cryptonator’s addresses transacted significantly with darknet markets, fraud shops, scam addresses, high-risk exchanges, ransomware groups, hacks, crypto theft operations, cryptocurrency mixing services, and sanctioned addresses.

This case exemplifies global law enforcement cooperation and the use of blockchain intelligence to combat illicit activities.

This operation marks a significant victory in the ongoing battle against cybercrime and the misuse of cryptocurrency platforms for illegal activities.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...