The United States, in a coordinated international operation dubbed “Operation Endgame,” cracks down on a sprawling Russian cybercrime network that allegedly laundered billions of dollars for ransomware gangs, darknet markets, and credit card fraudsters.
“Every step cybercriminals take in their pursuit of money leaves another track that leads us to their doorstep,” declared U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. “And if you follow them on their path of greed, they will lead us to you. We will not stop, because while domains can always be seized, justice is unyielding.”
Targeting the Russian Facilitators
The operation targeted several key entities and individuals accused of facilitating Russian cybercrime. The Financial Crimes Enforcement Network (FinCEN) designated PM2BTC, a virtual currency exchange operated by Sergey Sergeevich Ivanov, as a “primary money laundering concern.” This designation, previously used only against the Hong Kong-based exchange Bitzlato, effectively cuts off PM2BTC from the U.S. financial system.
Simultaneously, the Office of Foreign Assets Control (OFAC) sanctioned Cryptex, a virtual currency exchange registered in St. Vincent and the Grenadines but operating out of Russia. Cryptex allegedly laundered over $51.2 million from ransomware operations and processed $720 million in transactions linked to various cybercriminal enterprises.
Unmasking the Russian Masterminds
The Justice Department unsealed an indictment against Ivanov, also known as “Taleon,” and Timur Shakhmametov, known as “JokerStash,” charging them with conspiracy to commit bank fraud and money laundering. Ivanov allegedly provided payment processing support to the carding website Rescator and laundered proceeds from Joker’s Stash, a massive online marketplace for stolen credit card data.
Shakhmametov, the alleged creator of Joker’s Stash, facilitated the sale of stolen payment card information, contributing to hundreds of millions of dollars in financial losses. The website became one of the largest carding markets in history, boasting annual sales of data from approximately 40 million payment cards.
Seizing the Infrastructure
In a coordinated effort with Dutch authorities, the U.S. Secret Service seized servers hosting PM2BTC and Cryptex, taking them offline and recovering over $7 million in cryptocurrency.
“The Secret Service is relentless in pursuing those engaged in criminal activity,” stated Assistant Director Brian Lambert of the U.S. Secret Service. “I thank our domestic and foreign partners for their efforts on this case, as we continue our work bringing to justice those engaged in transnational criminal activity.”
The seizure of multiple domains associated with these exchanges and others like UAPS (PinPays), also controlled by Ivanov, further disrupted the network’s operations.
Unraveling the Web of Illicit Finance and Crypto
According to blockchain analysis conducted by TRM Labs, Ivanov’s network of virtual currency exchanges and payment processors processed over $1.15 billion in cryptocurrency transactions, with a significant portion tied to criminal activities. PM2BTC, known for its ability to convert cryptocurrency directly into Russian rubles, became a preferred platform for ransomware groups like Conti and Trickbot.
CryptexPay, a payment processor associated with Cryptex, allegedly facilitated illicit financial flows within the dark web ecosystem, using advanced anonymization techniques to obscure the origins of funds. UAPS/PinPays, another payment processor controlled by Ivanov, allegedly laundered over $500 million between 2022 and 2024, funneling a portion of these funds directly to Cryptex.
A Global Effort to Disrupt Cybercrime
This operation represents a significant step in a broader international effort to dismantle the financial networks supporting Russian cybercrime. “Today’s actions highlight the Department’s continued disruption of malicious cyber actors and their criminal ecosystem,” said Deputy Attorney General Lisa Monaco. “The two Russian nationals charged today allegedly pocketed millions of dollars from prolific money laundering and fueled a network of cyber criminals around the world, with Ivanov allegedly facilitating darknet drug traffickers and ransomware operators. Working with our Dutch partners, we shut down Cryptex, an illicit crypto exchange and recovered millions of dollars in cryptocurrency.”
Read More
- Russia Unveils Plans for Crypto Exchanges to Boost Foreign Trade, Eyes Stablecoin
- Sweden Classifies Certain Crypto Exchanges as Money Launderers
- Russia to Legalize Industrial Crypto Mining Soon
Yona has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Daily is an official media and publication of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.