U.S. Authorities Move Against High-Risk Exchange Bitzlato for Providing Money Laundering Services to Ransomware Attackers and Other Russia-based Criminals

Today, the Department of Justice (DOJ) announced the arrest of Russian national Anatoly Legkodymov for his role as founder and majority owner of Bitzlato, a high-risk exchange operating primarily in Russia. Concurrent with the arrest announced today, French authorities, working with Europol and partners in Spain, Portugal, and Cyprus, dismantled Bitzlato’s digital infrastructure, seized Bitzlato’s cryptocurrency, and took other enforcement actions. Additionally, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) identified Bitzlato as a primary money laundering concern over illicit Russian financing. As of February 1, 2023, this action prohibits covered financial institutions from transacting with Bitzlato and its corporate officers. The U.S. Government cited Bitzlato’s role as a money laundering destination for ransomware attackers and administrators of the notorious Hydra Market, as well as other cybercriminals, as the impetus for the takedown.

In our 2022 Crypto Crime Report released last year, Chainalysis recognized Bitzlato as one of many examples of a Russia-based cryptocurrency service that has facilitated significant amounts of money laundering on behalf of cybercriminals, including ransomware attackers, scammers, and darknet markets. At that time, we found that a large share of all funds received by Bitzlato between 2019 and 2021 came from risky or illicit sources. Additionally, we reported in July 2022 that Bitzlato is a cashout destination for Project Terricon, a pro-Russia group soliciting cryptocurrency donations in support of Russian militia groups operating in the Donbas region. 

Below, we’ll examine Bitzlato’s activity from 2019 to the present in more detail, and talk about why today’s law enforcement action and FinCEN order are victories for the safety of the world financial system and the cryptocurrency industry itself. 

What is Bitzlato?

With a presence in the Moscow City neighborhood of Moscow, along with several other cryptocurrency businesses Chainalysis has identified as major money laundering facilitators, Bitzlato is notable for receiving a large share of its funds from addresses associated with illicit and risky activity. 

Note: “Risky” refers to funds sent from mixers, high-risk exchanges, and services based in high-risk jurisdictions.

Overall, Bitzlato has received $2.5 billion in cryptocurrency during the time period shown above. Of that total, 26% came from illicit sources, and 27% came from risky sources. Below, we dig deeper into that 26% coming from addresses associated with confirmed illicit activity.

As we see above, the biggest sources of illicit cryptocurrency sent to Bitzlato were entities associated with crypto scams, darknet markets, and sanctioned entities, such as the high-risk exchange Garantex, which was designated by OFAC in early 2022. 

We can see from the above that some of the most notorious names in crypto crime relied heavily on Bitzlato for money laundering services, including sanctioned darknet market Hydra, notorious scam Finiko, and ransomware strains like Phobos, AstroLocker, and Dharma. 

As we mentioned above, Bitzlato has also been a destination and source of funds for organizations soliciting cryptocurrency donations in support of pro-Russian militia group efforts in Ukraine. The Reactor graph below shows examples of this activity.

Overall, Bitzlato has received over $32,000 worth of cryptocurrency from pro-Russia paramilitary groups. While that dollar figure may sound small in comparison to the sums Bitzlato received from other types of cybercriminals, it’s important to remember that small amounts of money can go a long way toward the purchase of weapons in regions like the Donbas, making these donations especially dangerous both to the Ukrainian people and efforts to foster peace in the region.

Follow the money, disrupt the launderers

We’ve often discussed how important money laundering service providers are to the wider crypto crime ecosystem. If cybercriminals can’t reliably convert the cryptocurrency generated by their activities into cash, the incentives to commit those crimes plummet. Today’s action against Bitzlato represents another disruption of a key money laundering service that was crucial to cybercriminals associated with ransomware, crypto scams, and darknet market sales, as well as the financing of illegal paramilitary activity in Ukraine. Additionally, today’s special measure gives compliance teams across the cryptocurrency industry valuable information that can help them keep their platforms safe from illicit activity. We applaud the FBI, DOJ, FinCEN, and the many international partner agencies involved in today’s actions, and look forward to providing more insights on these matters in the future.

This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.

Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.