Authorities Seized Cryptonator Site & Charged the Admin

The IRS-Criminal Investigation, the US Department of Justice (DOJ), and the Federal Bureau of Investigation (FBI), in partnership with the German Federal Criminal Police Office (BKA) and the Attorney General’s Office in Frankfurt, successfully seized the domain of the online cryptocurrency wallet Cryptonator.

The takedown was due to the platform’s failure to implement appropriate anti-money laundering (AML) controls and its facilitation of illicit activities.

Cryptonator, launched in 2014, allowed users to perform direct transactions and instant exchanges between various cryptocurrencies within a single personal account, effectively operating as a personal cryptocurrency exchange.

The website now displays a takedown notice from the U.S. Justice Department, the Internal Revenue Service, and German law enforcement agencies, highlighting the international collaboration in this operation.

Charges Against Roman Pikulev

According to the TRM Labs report, In addition to seizing the site, the DOJ’s Middle District of Florida prosecutors filed a criminal complaint against Russian national Roman Pikulev, accusing him of founding and operating Cryptonator as an unlicensed money service business (MSB) that processed over $235 million in illicit funds.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Despite conducting business in the United States, Pikulev faces charges of operating an unlicensed MSB and money laundering for failing to register with the US Treasury’s Financial Crimes Enforcement Network (FinCEN).

The DOJ’s charges assert that Cryptonator had no significant AML processes or effective AML programs in place.

Users could onboard anonymously with just a username and password, bypassing the robust Know Your Customer (KYC) requirements mandated by law.

The indictment describes Cryptonator as an international money laundering scheme that catered to criminals, receiving proceeds from computer intrusions, hacking incidents, ransomware scams, fraud markets, and identity theft schemes.

Evidence and Impact of Cryptonator’s Operations

The indictment reveals that Pikulev was aware that the funds processed through Cryptonator were proceeds of illicit activities or intended for criminal use.

Hackers, darknet market operators, ransomware groups, and sanctions evaders gravitated to the platform to exchange cryptocurrencies and cash out into fiat currency. Pikulev allegedly built functions into the platform to anonymize the source of cryptocurrency, facilitating these illegal activities.

According to the charges, Pikulev, also known as “Roman Boss,” used Russian and German IDs and documents to register websites and email addresses for the platform. He also utilized U.S.-based technology providers and bought ads on U.S. social media sites to further the scheme.

Cryptonator facilitated over 4 million transactions worth $1.4 billion, with Pikulev taking a small cut from each transaction.

Blockchain intelligence revealed that Cryptonator’s addresses transacted significantly with darknet markets, fraud shops, scam addresses, high-risk exchanges, ransomware groups, hacks, crypto theft operations, cryptocurrency mixing services, and sanctioned addresses.

This case exemplifies global law enforcement cooperation and the use of blockchain intelligence to combat illicit activities.

This operation marks a significant victory in the ongoing battle against cybercrime and the misuse of cryptocurrency platforms for illegal activities.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access