In its first use of Section 9714(a) of the Combating Russian Money Laundering Act, the Financial Crimes Enforcement Network (“FinCEN”) issued a notice of enforcement order (the “Order”) on January 18, 2023 against the cryptocurrency exchange Bitzlato Limited (“Bitzlato”), which has operated globally and is registered in Hong Kong. The Order was issued in conjunction with the Department of Justice’s (“DOJ”) arrest of Bitzlato’s founder, Russian national Anatoly Legkodymov. Bitzlato has processed over four billion dollars in cryptocurrency transactions since 2018. According to the government, a substantial portion of those transactions involved criminal proceeds.
Legkodymov, who resided in China until his arrest in the United States, has been charged initially, via complaint and warrant, with conducting an unlicensed money-transmitting business under 18 U.S.C. § 1960, although the allegations against Bitzlato appear to extend far beyond mere unlicensed money transmission. Both the Order and the lengthy affidavit in support of the complaint stress that Bitzlato openly touted its intentional lack of any sort of real anti-money laundering (“AML”) program. For example, “Bitzlato’s website advertised for years (and as recently as March 31, 2022) that the site offered ‘Simple Registration without KYC. Neither selfies nor passports required. Only your email needed.’ Similarly, a blog post on Bitzlato’s website stated: ‘On Bitzlato no KYC is required for you to trade.’”
This post will focus on FinCEN’s Order, which identifies Bitzlato as a “primary money laundering concern,” and prohibits certain money transmission involving Bitzlato by covered financial institutions. The Order also highlights the threats posed to U.S. national security and the integrity of the U.S. financial sector by Bitzlato’s active facilitation of laundering of Russian illicit finance. However, FinCEN’s press release makes clear that Bitzlato is just one part of a larger ecosystem of Russian cybercriminals, including ransomware attackers, operating with impunity in Russia.
Section 9714(a), set forth in a note to 31 U.S.C. § 5318A, provides, in relevant part, that “[i]f the Secretary of the Treasury determines that reasonable grounds exist for concluding that one or more financial institutions operating outside of the United States . . . is of primary money laundering concern in connection with Russian illicit finance, the Secretary of the Treasury may, by order, regulation, or otherwise as permitted by law: (1) require domestic financial institutions and domestic financial agencies to take 1 or more of the special measures described in section 5318A(b) of title 31, United States Code; or (2) prohibit, or impose conditions upon, certain transmittals of funds . . . by any domestic financial institution or domestic financial agency, if such transmittal of funds involves any such institution[.]”
In support of its order classifying Bitzlato as a top money laundering concern, FinCEN made certain findings including that:
- Bitzlato is used to facilitate processing and laundering proceeds from Ransomware attacks;
- Bitzlato is used to Facilitate Darknet Markets & Scams;
- Bitzlato engaged in a high volume of Russian illicit finance transactions; and
- Bitzlato does not adequately combat money laundering and illicit financing on its platform.
According to the Order, Bitzlato has significant connections to Russia and Russian illicit finance. Specifically, Bitzlato effectively laundered millions of dollars of Russian illicit finance through its platform, by facilitating money deposits and funds transfers by Russian ransomware groups such as Conti. Conti, in February of 2022, pledged its allegiance to the Russian Government and swore to take actions against international states supporting Ukraine in Russia’s ongoing invasion. FinCEN further found that Bitzlato was enabling transactions with Russian darknet markets (including BlackSprut, OMG!OMG!, and Mega) on behalf of darknet customers and vendors.
Indeed, the Order alleges that, between 2019 and 2021, Bitzlato received nearly half a billion dollars in cryptocurrency arising from illicit activity including darknet markets, scams, and ransomware attackers. Two-thirds of Bitzlato’s top users were connected with darknet markets or scams. These users included Binance and Hydra, an anonymous, Russian, illicit online marketplace for narcotics, stolen financial information, fraudulent identification documents, and money laundering services. Hydra was the largest and longest running darknet market in the world until it was shuttered by U.S. and German law enforcement in April 2022. Hydra exchanged more than $700 million in cryptocurrency through Bitzlato.
As noted, the Order further highlights that Bitzlato failed to implement even the most basic AML policies or procedures. AML compliance programs must include the collection and verification of customer information known as Know Your Customer (“KYC”) programs. Despite publicly purporting to maintain AML/KYC policies, Bitzlato was found to actively advertise its lack of KYC requirements on its website to attract customers. Indeed, a user needs nothing more than an email address to register and transfer funds on the platform, and “straw man” registration information was encouraged. Ransomware groups are known for using cryptocurrency in order to obscure the identities of attackers. Failing to collect the necessary identifying information to facilitate meaningful KYC analyses permitted bad actors to funnel large quantities of dirty money through the platform.
The combined government allegations paint Bitzlato as an inherently criminal organization. So while the effects of FinCEN’s Order remain to be seen, its symbolic statement, in conjunction with the DOJ’s complaint, make clear that it remains steadfast in its commitment to dismantling systems used to launder Russian illicit funds. The Order, which was aimed at insulating the U.S. financial system from international money laundering and other crimes, was not the only one of its kind. Indeed, other countries including France, Spain, Portugal, and Cyprus are similarly taking enforcement actions against Bitzlato, and worked together with Europol to dismantle Bitzlato’s digital infrastructure.