![\"Chainalysis](\"https:\/\/lh5.googleusercontent.com\/ktijREI0wjKdl_hWQDHg6mHdsht-zP2U32hRi_RAUd3_biJlowPUxo-vRV59Ldii3F_z1zhpb9iEbCJQdmyTEYLiqptEy4JhBARwb86HLSOW4CiNZOk0grXYnk_ISzQaLc6iJmPx\")
Experts found that the bulk of ransomware proceeds are laundered through services, mainly aimed at Russian users.<\/p>\n \u201cRussia is home to several cryptocurrency companies that processed a significant volume of transactions from illicit addresses,\u201d the report says.<\/p>\n<\/blockquote>\n Analysts are tracking several dozen cryptocurrency firms operating in Moscow City. More than half of them are located, or were located, in Federation Tower.<\/p>\n Together, from 2019 to 2021 these companies quarterly received cryptocurrency worth hundreds of millions of dollars, and the total in the second quarter of last year reached nearly $1.2 billion, Chainalysis calculated. During the period, almost $700 million flowed to their addresses from high-risk accounts.<\/p>\n The bulk of illegal funds consisted of proceeds from fraud ($313 million) and darknet markets ($296 million); ransomware proceeds amounted to $38 million, in third place.<\/p>\n Analysts note that the share of high-risk transactions for some companies is small. This can be explained by a lack of awareness, not deliberate criminal activity.<\/p>\n \u201cBut for other Moscow City cryptocurrency firms, illicit funds account for up to or more than 30% of all received cryptocurrency, suggesting they may deliberately serve cybercriminal clients,\u201d Chainalysis says.<\/p>\n<\/blockquote>\n The firm singled out several companies that were in some way linked to laundering funds during 2019-2021:<\/p>\n Chainalysis also noted Buy-bitcoin, Tetchange, Cashbank and Suex.<\/p>\n Suex in September the US Treasury included on the sanctions list<\/a>. The agency says that funds of ransomware operators, scam projects, darknet marketplaces and the now-defunct BTC-e passed through the exchange.<\/p>\n Chainalysis found that Suex, among other things processed transactions with the cryptocurrency exchange WEX<\/a> for several millions of dollars. According to Elliptic, through the exchange more than $370 million<\/a> related to cybercriminals passed.<\/p>\n Garantex, in a reply to ForkLog, said that criteria for \u201ctoxic\u201d transactions are still being formed on the market, and databases with information about them are continually expanded:<\/p>\n \u201cAny cryptocurrency exchange operating for more than a year will face (or sooner or later will face) a situation in which its long-standing transactions may later be deemed \u2018toxic\u2019. Partly, this relates to ongoing investigations into highly resonant crimes.\u201d<\/p>\n<\/blockquote>\n Currently, Garantex uses the Crystal service and, since late 2021, has been negotiating with Chainalysis to ensure \u201cthe maximum possible level of analytics\u201d of the exchange\u2019s operations:<\/p>\n \u201cAll incoming transactions, labeled by Crystal as \u2018ransomware\u2019 at the moment they arrive at Garantex, were promptly blocked in accordance with our AML policies.\u201d<\/p>\n<\/blockquote>\n Representatives said they operate under the Estonian-licence regime and adhere to a \u201czero tolerance\u201d stance toward transactions linked to illicit activity.<\/p>\n Bitzlato said that reports of the company\u2019s Moscow office are incorrect and that the service is merely a broker between buyers and sellers. The company also noted it actively cooperates with law enforcement \u2014 in 2021 Bitzlato provided information to authorities in various countries no fewer than 200 times and blocked 1,157 users suspected of laundering funds. In a ForkLog comment, Bitzlato representatives added that the claim they belong to a crypto-criminal ecosystem is incorrect and erroneous.<\/p>\n \u201cWe consider the information about classifying Bitzlato as part of the crypto-criminal ecosystem to be incorrect and erroneous,\u201d said the company representatives in a ForkLog interview.<\/p>\n<\/blockquote>\n ForkLog also approached Eggchange, Tetchange and Cashbank for comment but did not receive a reply by publication time.<\/p>\n In January, the FSB announced the takedown<\/a> of the REvil ransomware group, which had been behind distributing ransomware. It was described as one of the world\u2019s largest hacker collectives.<\/p>\n\n
\n
\n
\n
\n
\n
![\"Chainalysis](\"https:\/\/lh4.googleusercontent.com\/Bzg3qVk9A68OR5DVYVywpWPudEbDbg_UWlJUEhNEq1zG3zm-Wq8tFfxaQ6H50ygYQTpSMAWxzBjIHzb3IyYNLzpZNlR7_ezqpk4rGTAFiDa4Kv4dzi7nvsGGpTSZI6rq60iisU6m\")
![\"Chainalysis](\"https:\/\/lh6.googleusercontent.com\/k63UeEVC9_EqDGZmylRA7_ySbySWcAsN5UlXGyJhXJMjW5l6eGchd5EbrVgTUK3m3MP-08racl_AHJ_9ax0-BOYYonnpRNQbR-9BRh3imYxN_ERZOdt2CCDKspIRa1Ngw6C0tpQE\")