Summary: If you follow crypto crime, you are likely aware that sanctioned countries hack crypto exchanges, launder crypto through various crypto platforms, and are the home of some crypto exchanges. But you might not be aware that comprehensively sanctioned countries are operating crypto exchanges.
Sanctioned Countries are Operating Cryptocurrency Exchanges
“We’ve got sanctioned countries setting up cryptocurrency exchanges that are being used to facilitate the transfer of U.S. dollars over to those sanctioned countries. I’ve seen those in the millions, and potentially in the billions.” – Jack McDonald, IRS-CI, ABA/ABA Financial Crimes Enforcement Conference, December 2022.
After hearing the above remark during the Cryptocurrency Fraud Risks panel at the ABA conference, I followed up with IRS-CI Public Affairs. I requested a comment and/or any public documents that supports the Agent’s statement that sanctioned countries are operating cryptocurrency exchanges.
The IRS-CI declined to comment but provided links to a court opinion and two news articles discussing the court opinion.
Here is the IRS-CI’s full response which included excerpts from the linked news articles:
“We will decline to comment at this time. However, here is a link to the a [sic] memorandum opinion unsealed on May 13 in the U.S. District Court in Washington, DC.
“In an unusual nine-page opinion, U.S. Magistrate Judge Zia M. Faruqui of Washington, D.C., explained why he approved a Justice Department criminal complaint against an American citizen accused of transmitting more than $10 million worth of bitcoin to a virtual currency exchange in one of a handful of countries comprehensively sanctioned by the U.S. government: Cuba, Iran, North Korea, Syria or Russia.”
“Cryptocurrencies have long been seen as the Wild West of money transfers, but few online payment and money transfer platforms have been as blatant in appealing for illicit cash as one highlighted but not named in a memorandum opinion unsealed on May 13 in the US District Court in Washington, DC. The platform is apparently based in a “comprehensively sanctioned country”—likely North Korea, according to those within the crypto law space—and advertised its services as evading US financial sanctions. It was built using a US front company that facilitated the purchase of domain names, according to court records.”
Unnamed Defendant Involving Redacted Sanctioned Country
The full docket for the case that the IRS-CI referred me to remains under seal and Judge Faruqui’s opinion is redacted but some details emerge for the public portion:
“Based In” vs “Operated By” a Sanctioned Country
The court opinion and accompanying news articles note that the Payments Platform was “based in” a sanctioned country. The opinion does not provide with whom the defendant conspired.
The Washington Post article provided by IRS-CI states:
U.S. authorities filed charges in March after allegedly discovering that a sanctioned country had set up a PayPal-type payment platform with the defendants’ help, according to Friday’s ruling. (emphasis mine)
While this may be true, the redacted opinion was not clear that the sanctioned country had “set up” the payment platform. The Wired article provided by IRS-CI did not include a similar statement that the sanctioned country had “set up” the platform.
The defendant allegedly moved over $10 million in bitcoin from a US-based Virtual Currency Exchange (VCE 1) funded with fiat from a US bank to a foreign Virtual Currency Exchange (VCE 2). The VCE 2 accounts were accessed from IP addresses that “resolved to Sanctioned Country shortly after funds were sent- sometimes within minutes.”
Why Would a Sanctioned Country OPERATE a Crypto Platform?
A sanctioned country may choose to operate its own crypto platform, whether a crypto exchange, DEX, DeFi lending platform, or other, for several reasons.
Avoid Getting Kicked Off Other Platforms
Sanctioned countries use crypto platforms to launder crypto and cash-out to fiat. The use of 3rd party platforms that they do not control exposes a sanctioned country to risks including that the exchange will boot or freeze the account.
Sanctioned countries also take steps to obscure their involvement with accounts opened at 3rd party crypto platforms via shell companies or stolen/fake KYC data. The obfuscation techniques may add time or cost to the laundering endeavor. If the sanction county owns the platform, they don’t have to worry about getting kicked off or bother with creating fake identities.
Avoid Government / Law Enforcement Scrutiny
Sanctioned countries are also exposed to the risk that a 3rd party crypto exchange is reporting suspicious activity or otherwise cooperating with law enforcement, such as responding to requests for KYC information.
Many crypto platforms have suspicious activity reporting requirements. It appears that some US based exchanges do file SARs. Clearly, sanctioned countries operating their own crypto exchange will not be filing SARs with FinCEN.
Finally, by using their own crypto exchange, a sanctioned country also avoids the risk that the crypto platform was secretly been taken over by US or other law enforcement.
Transform Crypto Laundering from Cost to Profit Center
Crypto exchanges charges fees to customers. Owners of cryptocurrency platforms have ranked among the richest people in the world. When a sanctioned country operates their own crypto platform, a former cost center is transformed into a profit center.
Moreover, sanctioned country crypto platforms can generate additional revenue via theft of customer funds, insider trading, rug pulls, and market manipulation just like any other crypto platform. Additionally, a sanctioned country platform could have a competitive advantage over other crypto platforms by being able offer higher “interest” based on the stolen cryptos that cost them nothing to acquire.
Huge Volumes of Illicit Crypto Difficult to Launder
The huge volume of illicit crypto obtained by sanctioned countries is difficult to launder. As I’ve said before, if you want to launder funds, get a bank account. If you want to launder a lot of funds, get a bank.
Blockchain Transparency Ends at Crypto Exchanges
One of the biggest myths in crypto is that “all cryptocurrency transactions are recorded on the blockchain.” Most cryptocurrency transactions occur off the blockchain, within crypto exchanges. Blockchain analytics do not have much insight into what happens within exchanges.
If you want to keep prying eyes out of your crypto transactions, do the transactions within an exchange that you own.
Crypto “Norms” & Sanctioned Countries
Cryptocurrency industry “norms” contribute to the opaqueness of crypto platforms. The opaqueness leaves room for sanctioned countries to operate.
Love of Aliases / Anonymity
From day one, people/entities involved in cryptocurrency have been using aliases. The most famous is Satoshi Nakamoto, the creator of bitcoin. The full spectrum of cryptosphere participants embrace aliases ranging from Dread Pirate Roberts who ran the Silk Road darknet market, to the founders of NFT collection the Board Ape Yacht Club, to on-chain sleuth ZachXBT, to the anonymous founder of the SushiSwap DEX who goes by Chef Nomi.
If an individual (or entity) can anonymously create a cryptocurrency, found a darknet market, or operate a crypto exchange that facilitates millions or billions of dollars’ worth of transactions, what exactly is stopping a sanctioned country from doing the same thing?
Hidden Crypto Exchange Ownership
Many of the largest crypto exchanges are privately held and do not have public reporting requirements.
The beneficial ownership of the exchanges is not disclosed. Crypto exchanges use nesting corporations in secrecy jurisdictions to obscure ownership. Crypto platforms are bought and sold by inscrutable corporations.
Hidden Source of Start-up or Purchase Funds
The “origin” story of how crypto platforms were initially funded also is often hazy or contradictory. Some founders have claimed that they were early investors in crypto, or single-handedly figured out how to overcome the Kimchi premium, or that no outside investment was needed to start exchanges. Many of these claims are not verifiable.
The source of funds to buy existing crypto platforms is opaque or may be obscured by using proprietary exchange tokens (with no disclosure on the token’s backing). A sanctioned country’s illicit crypto could be the start-up funds for the new crypto platform. Alternatively, hacked cryptos can be used to secretly purchase an existing crypto platform in an entirely crypto-based transaction.
Law Enforcement Secretly Running Crypto Platforms
An interesting and amusing twist on the secrecy norms of crypto platforms is when law enforcement secretly takes over an illicit crypto platform. For examples, the Dutch national police covertly operated the second largest dark market, Hansa, for about a month after secretly seizing its servers and arresting its operators. The Dutch collected information about its Hansa users while operating the darknet market.
Since it’s “normal” to have crypto platforms anonymously founded, secretly owned and located in undisclosed countries, is really a surprise that a sanction country would own and operate a crypto exchange?
The Known Knowns: Sanctioned Countries & Crypto Platforms
Sanctioned countries are known to hack crypto exchanges, launder crypto through various crypto platforms, and are the home of some crypto exchanges.
Sanctioned Countries HACK Crypto Platforms
Sanctioned countries regularly HACK crypto exchanges, Decentralized Exchanges (DEXs), and bridges… you name it, to generated billions of dollars in revenue. The hacking of crypto platforms might be the easiest step in the multi-phase process: (1) hack of crypto platform, (2) launder via bridges, mixers, DEX, exchanges, (3) convert crypto to fiat, and (4) spend the fiat. As David Gerard pointed out, every crypto platform is a crypto pinata…hit it just right, and all the cryptos fall out.
As an aside, not all hacks including crypto hacks, are intended to make money. Some hacks are intended to disrupt on adversary, make a political statement, or prevent the adversary for using the funds themselves. Commentators often cheer when a hacker ‘loses’ some of the stolen funds. But keep in mind, that every crypto a hacker steals is profit, and every crypto a hacker ‘loses’ hurts their adversary/victim but doesn’t ‘cost’ the sanctioned country anything.
Sanctioned Countries USE Crypto Platforms
Sanctioned countries USE the services of crypto platforms. After the sanctioned country obtains illicit cryptos, it often desires to convert the cryptos to fiat to spend as it pleases. The sanctioned country may also use crypto platforms to convert crypto from one type to another, either to confuse the tracing or to switch to a more liquid token.
Some crypto platforms have no, or ineffective, Know Your Customer (KYC) programs. The weak or non-existent KYC programs allow sanctioned countries to open accounts, through proxies, shell companies, and/or using stolen identities. Crypto platforms including BitPay, Bittrex, and Kraken, have been fined by or settled with OFAC for apparent violations of sanction regulations.
In select instances, individuals allegedly have criminally assisted sanctioned regimes. For example, the CEO of a cryptocurrency exchange was arrested in South Korea for allegedly acting as an intermediary in an espionage ring, that utilized cryptocurrency as bribes to obtain classified information. Virgil Griffith was indicted for allegedly violating the International Emergency Powers Act by traveling to North Korea in order to deliver a presentation and technical advice on using cryptocurrency and blockchain technology to evade sanctions.
Crypto Exchanges LOCATED in Sanctioned Countries
Some crypto exchanges are known to be LOCATED in sanctioned countries. For example, Iran is home to Nobitex. While Garantex. which has been sanctioned by OFAC, is operated out of Moscow. Additionally, when a “private business” is located in an authoritarian regime, the government may at any time co-opt or take-over the company.
While it is widely understood that some exchanges are based in sanctioned countries, it is not widely recognized that certain cryptocurrency exchanges are under the control of sanctioned governments.
The Easiest Way to Rob a Bank is to Own One
This is not the first time a bad actor operated or bought a financial institution to help launder their illicit funds.
BTC-e and Mt. Gox Hack
The scenario that comes to mind when considering whether a sanctioned nation would operate its own crypto exchange is the BTC-e crypto exchange based in Russia.
The DOJ indicted BTC-e’s alleged owner Alexander Vinnik and seized BTC-e’s servers. The DOJ alleged BTC-e “developed a customer base for BTC-e that was heavily reliant on criminals.” Chainalysis found that BTC-e was at one point the destination for 95% of ransomware extortion payments.
More relevant to the sanctioned country issue is that Vinnick also was allegedly involved in the Mt. Gox hack. The DOJ alleged that Vinnick laundered the stolen crypto through his own exchange, BTC-e.
It’s challenging and expensive to launder crypto. Instead, Vinnick allegedly turned a cost center into a profit center by being the exchange. By 2016, BTC-e was the third-largest exchange in the world.
Venezuela Corruption & Banks
Financial institutions have also been bought by individuals allegedly with proceeds from financial crime and to assist regimes in evading sanctions. As I’ve written about previously, several banks were allegedly bought with and/or capitalized by Venezuelan corruption proceeds and then used to launder proceeds from corruption.
It should not come as a surprise that sanctioned countries that
- hack crypto exchanges
- launder illicit crypto via crypto exchanges
- are home to crypto exchanges
are also OPERATING crypto exchanges.