The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned two cryptocurrency exchanges, Cryptex and PM2BTC, for laundering funds connected to Russian ransomware gangs and cybercrime groups.
Cryptex, operated under the domain cryptex[.]net, is accused of providing financial services to cybercriminals, laundering over $51 million linked to ransomware attacks. The Treasury Department revealed that Cryptex facilitated more than $720 million in transactions with services used by Russia-based ransomware actors and cybercriminals. These services included mixing services, fraud shops, and exchanges that lacked proper Know Your Customer (KYC) protocols, including Garantex, a previously sanctioned crypto exchange.
PM2BTC, which used the now-seized pm2btc[.]me domain, is accused of laundering virtual currencies tied to Russian ransomware and other illicit activities. According to the Treasury, PM2BTC helped Russian cybercriminals convert their laundered funds into rubles through U.S.-sanctioned financial institutions, while neglecting to implement anti-money laundering (AML) safeguards.
The Treasury Department has linked these crypto exchanges to Sergey Sergeevich Ivanov, a notorious Russian money launderer, known as Taleon. Ivanov is believed to have processed hundreds of millions of dollars for ransomware actors, darknet marketplaces, and various other cybercriminals over the past two decades. Ivanov’s payment processing services, including one operating under the name “UAPS,” have reportedly been used by fraud shops like Genesis Market, which was taken down by law enforcement in 2023.
In addition to the sanctions, the U.S. Department of State has offered a reward of up to $10 million for information leading to the arrest or conviction of Ivanov and Timur Shakhmametov, the operator of Jokers Stash, a prominent marketplace for stolen credit card data and personal information.
These sanctions are part of a broader international effort, involving U.S. government agencies and foreign law enforcement under Operation Endgame, aimed at dismantling Russian cybercrime services and their financial enablers. As a result, U.S. citizens and organizations are now prohibited from transacting with Cryptex, PM2BTC, or Ivanov. Any U.S.-based assets associated with them will be frozen, and financial institutions engaging with these entities will face penalties.
“The United States and our international partners remain resolute in our commitment to prevent cybercrime facilitators like PM2BTC and Cryptex from operating with impunity,” said Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence. He added that the Treasury will continue working closely with allies to disrupt criminal networks leveraging virtual assets for illicit activities.
These actions follow previous sanctions against Russian-linked crypto exchanges, including Bitpapa, TOEP, and Crypto Explorer in March 2024, and the Moscow-based exchange Garantex in April 2022, all for facilitating illegal transactions with Russian dark web markets and banks. Additionally, cryptocurrency mixers like Sinbad, Tornado Cash, and Blender.io have been sanctioned for laundering funds for North Korea’s Lazarus hacking group.
