Cybercrime Investigators Probing Oligarch Use of Crypto to Dodge Sanctions

News

As feared by Western governments, Russian oligarchs have begun using cryptocurrency to evade sanctions brought in response to the war in Ukraine.

September 2, 2022

Rich Sanders, founder of cybercrime investigations firm CipherBlade, told OCCRP blockchain analysts are currently looking into the financial interests of wealthy Russian nationals recently targeted with restrictive economic measures.

“A lot of this touches on ongoing investigations ─ whether government or criminal probes, or compliance investigations launched as a result of alerts from transaction-analysis tools,” he said. “But what I can say is that it is plain oligarchs are utilizing digital assets to evade sanctions.”

Earlier in July the Joint Money Laundering Intelligence Taskforce (JMLIT), a collaboration between law enforcement and the financial sector in the U.K., issued a red alert stating it was “likely” designated individuals would explore alternative payment methods, “including the use of crypto-assets,” to mitigate reduced access to the global financial system.

The group’s warning came after several U.S. representatives, including Senator Elizabeth Warren, in March submitted a bill proposing measures specifically targeting use of crypto assets by designated Russian nationals.

“No one can argue that Russia can evade all sanctions by moving its assets into crypto,” Warren said at the time. “But for Putin’s oligarchs who are trying to hide, you know, a billion or two of their wealth, crypto looks like a pretty good option.”

Previously there had been little confirmation of targeted individuals using digital assets to dodge economic restrictions imposed in response to the Russian invasion. Sanders told OCCRP about some of the methods firms like CipherBlade, as well as cryptocurrency exchanges conducting blockchain analysis, have seen being used in recent months.

“People have it in their heads that these oligarchs are going to be using shady brokers to transact millions or tens of millions of dollars worth of Bitcoin or stablecoins at once,” he said. Instead, targeted individuals may turn to semi-professionalised laundering networks to manage often complex series of transfers on their behalf.

This isn’t without precedent. “Russian money launderers have increasingly been observed in U.K. intelligence and operational activity providing cash to crypto-asset services, with the ability to move significant volumes of funds,” according to JMLIT’s July statement.

Sanders explains members of those networks might start by dividing the initial amount into smaller parcels in order to avoid attracting too much attention ─ similar to “smurfing” in traditional finance, which refers to breaking up large transactions to keep them below reporting thresholds.

They might then use a technique called chain-hopping ─ often involving the use of instant swap exchanges, platforms that allow the transfer of value from one virtual coin to another ─ to move money between cryptocurrencies hosted on different blockchains.

“Basically, they’re doing a whole bunch of layering and structuring, making it incredibly difficult to follow the money,” Sanders said. “They realize that the resources required to combat the laundering of a few thousand dollars at a time are almost not worth it, and that’s how they’re getting away with it.”

Another method widely favored by crypto-launderers is the use of virtual currency mixers, which obscure the path of funds by jumbling up data on the origin, destination and parties to different transactions.

The United States has sanctioned two such platforms since the beginning of this year for allegedly laundering virtual assets stolen by Pyongyang-backed hackers, most recently the Ethereum mixer Tornado Cash.

Since launching in August 2019, Tornado Cash has mixed more than US$7.6 billion worth of Ether. Almost 30% of those funds have been tied back to illicit actors, according to blockchain analysis firm Chainalysis, while Bloomberg recently reported that some 52% of all proceeds from NFT scams went through the mixer before it was sanctioned.

“Tornado Cash effectively enabled literally hundreds of millions of dollars to go through to North Korea’s nukes,” said Sanders. “That’s a huge issue, and should not have gone on as long as it did.”

Nevertheless, the Treasury Department’s decision to designate the platform has created a degree of confusion within the wider cryptocurrency community. “There’s a huge uproar in the crypto-space right now,” explains Yaya Fanusie, a former CIA analyst and founder of Cryptocurrency AML Strategies.

“The complication has arisen: can you sanction computer code? And what about the innocent people who have been using the mixer? Is their crypto now sanctioned too?” he added.

One of Tornado cash’s developers has reportedly been detained by Dutch authorities, sparking debate over the culpability of the mixer’s decentralized development team for the way authorities claim the platform was misused.

Meanwhile, an anonymous user has exploited the lack of regulatory clarity to troll a number of U.S. brands and celebrities by implicating them in potential sanctions violations. In the aftermath of its designation, a slew of Tornado Cash transactions were reportedly sent to wallets controlled by clothing brand Puma, as well as TV host Jimmy Fallon and comedian Dave Chappelle.

Sanders speculates that increased scrutiny may see crypto-launderers moving away from the use of mixers, relying more on chain-hopping facilitated by instant swap exchanges, and that this will be reflected in the pattern of transactions linked to sanctioned Russian actors.

“You’re going to see even more illicit money, including oligarch money, going through platforms like KuCoin, OKX and Huobi. I mention them specifically because they’re historically the worst offenders,” he said. “Their background checks are defeatable, and their anti-money laundering programs have proven nothing more than virtue-signaling.”

“I’m not making this up, I’ve dressed as Osama bin Laden, Borat and Taylor Swift and been onboarded to those exchanges,” he added.

KuCoin, OKX and Huobi did not respond to requests for comment on their procedures for conducting background checks on users.

Overall, Sanders says, it’s disturbing the ease with which crypto-laundering networks can move money on behalf of individuals and entities subject to international sanctions.

“As someone who investigates this stuff for a living, I could (but obviously won’t) hypothetically red-team this and tell you how to launder hundreds of millions of dollars worth of assets for an oligarch and not get caught,” he said.

“That’s terrifying to me. I should not be able to say that so confidently and easily, but it’s where we’re at right now,” he added.