The IRS-Criminal Investigation, the US Department of Justice (DOJ), and the Federal Bureau of Investigation (FBI), in partnership with the German Federal Criminal Police Office (BKA) and the Attorney General’s Office in Frankfurt, have seized the domain of Cryptonator, an online cryptocurrency wallet.

The platform was shut down for failing to implement appropriate anti-money laundering (AML) controls and facilitating illegal activities. Launched in 2014, Cryptonator allowed direct transactions and instant exchanges between different cryptocurrencies, effectively acting as a personal cryptocurrency exchange.

Following the seizure, the Cryptonator website now displays a takedown notice from the US Justice Department and IRS, along with German law enforcement agencies, including the BKA.

Criminal Charges Filed

Prosecutors in the Middle District of Florida have filed a criminal complaint against Roman Pikulev, a Russian national who founded and operated Cryptonator. The DOJ alleges that Cryptonator was an unlicensed money service business (MSB) that processed over $235 million in illicit funds.

Pikulev faces charges of operating an unlicensed MSB and money laundering for failing to register with the US Treasury’s Financial Crimes Enforcement Network (FinCEN). The DOJ asserts that Cryptonator lacked meaningful AML processes and allowed users to onboard anonymously with just a username and password, bypassing required know-your-customer (KYC) protocols.

Buy Me a Coffee

Facilitating Criminal Activity

According to the indictment, Cryptonator was involved in an international money laundering scheme that catered to criminals. The platform reportedly received proceeds from various illicit activities, including computer intrusions, hacking incidents, ransomware scams, fraud markets, and identity theft schemes. Cryptonator also allegedly provided API keys to darknet marketplaces and other illegal services, further facilitating criminal operations.

READ
Russian Hackers APT28 Exploit WiFi Networks with Sophisticated "Nearest Neighbor Attack"

Evidence and Operations

The indictment claims Pikulev was aware that the funds processed through Cryptonator were the proceeds of illicit activities or intended for criminal use. The platform was allegedly popular among hackers, darknet market operators, ransomware groups, and sanctions evaders for exchanging cryptocurrencies and cashing out into fiat currency. Pikulev is accused of building features into Cryptonator that anonymized the source of cryptocurrency.

The evidence includes chat logs where Pikulev discussed integrating cryptocurrencies commonly used on darknet markets, such as Monero, and offering API integrations with illegal platforms. Pikulev used various aliases and documents from Russia and Germany to register websites and email addresses, facilitating the platform’s operations through US-based technology providers and advertisements on US social media sites.

Financial Impact

Cryptonator facilitated over 4 million transactions worth a total of $1.4 billion, with Pikulev taking a cut from each transaction. Blockchain intelligence revealed that of the $1.4 billion, Cryptonator addresses were involved in:

  • $25 million with darknet markets, fraud, and carding shops
  • $34.5 million with scam addresses
  • $80 million with high-risk exchanges
  • $8 million with addresses associated with ransomware groups
  • $54 million with addresses linked to hacks and crypto theft operations
  • $34 million with cryptocurrency mixing services
  • $71 million with sanctioned addresses

The DOJ is seeking to prevent Cryptonator from violating AML regulations in the future and aims to impose civil penalties for each violation, which could amount to $51,744 per day, per violation, under the FTC Act.

READ
Russian National Extradited to U.S. on Charges of Running Phobos Ransomware Operation