US Treasury Blacklists Cryptocurrency Exchange ChatexSanction of 2nd Exchange Comes Amid Interagency Crackdown on Ransomware
The U.S. Department of the Treasury on Monday blacklisted cryptocurrency exchange Chatex, along with a network of entities the department says support it, for allegedly facilitating ransomware-related financial transactions.
The department's Office of Foreign Assets Control, or OFAC, a financial intelligence agency that enforces economic and trade sanctions, will add Chatex to the Specially Designated Nationals and Blocked Persons List, effectively barring Americans from doing business with the company.
According to U.S. officials, Chatex, which claims to have a presence in multiple countries, has allegedly facilitated transactions for multiple ransomware variants. Officials say analysis of Chatex's known transactions indicate that over half are directly traced to illicit or high-risk activities, such as darknet markets, high-risk exchanges and ransomware.
Following the designation, Chatex took to Twitter to say, "We are forced to announce that the $CHTX token sale is canceled while other Chatex operations are put on hold due to the OFAC sanctions."
Chatex did not immediately respond to Information Security Media Group's request for comment.
This action continues the federal government's crackdown on ransomware operators - including the Department of Justice on Monday announcing that one Ukrainian man has been arrested and a Russian man indicted for allegedly launching ransomware attacks. Both are accused of being affiliates of the REvil - aka Sodinokibi - gang (see: REvil Ransomware Suspects Snared in Global Police Crackdown).
"Ransomware groups and criminal organizations have targeted American businesses and public institutions of all sizes and across sectors, seeking to undermine the backbone of our economy," says Deputy Secretary of the Treasury Wally Adeyemo in a statement. "We will continue to bring to bear all of the authorities at Treasury's disposal to disrupt, deter, and prevent future threats to the (U.S.) economy."
"These coordinated actions … confirm the urgency with which the executive branch approaches the issues of cyber-enabled financial crime, particularly with respect to the rapidly growing cryptocurrency ecosystem," says Michael Fasanello, who has served in various roles within the U.S. Justice and Treasury departments, including for Treasury's Financial Crimes Enforcement Network, or FinCEN.
"Compounded sanctions designations alongside multiple criminal indictments of key players behind recent ransomware attacks signal 'zero tolerance' by this administration toward abuse of the financial system both domestically and abroad," adds Fasanello, who is currently the director of training and regulatory affairs for the firm Blockchain Intelligence Group.
Treasury Department officials noted on Monday that reported ransomware payments in the U.S. reached $590 million in the first half of 2021 - compared to a total of $416 million paid in all of 2020.
"While most virtual currency activity is licit, (it) remains the primary mechanism for ransomware payments, and certain unscrupulous … exchanges are an important piece of the ransomware ecosystem," Treasury Department officials say.
"Similar to the approach that the U.S. government utilized to 'defund' al Qaeda after the attacks on Sept. 11, 2001, continuing to sanction virtual currency exchanges that are known to launder ransomware payments is a major step to disruption of the ransomware payment infrastructure, particularly for RaaS operators," says Neil Jones, a cybersecurity evangelist with the firm Egnyte.
Suex Connection, Support Network
U.S. officials said on Monday that Chatex has alleged ties with SUEX OTC, using its function as a nested exchange to conduct transactions. Suex was sanctioned by the Treasury Department in September for allegedly laundering tens of millions of dollars for ransomware operators, scammers and darknet markets. It was the first such designation for a cryptocurrency exchange (see: US Treasury Blacklists Russia-Based Crypto Exchange).
U.S. officials say Chatex is now being designated for "providing material support to Suex and the threat posed by criminal ransomware actors."
OFAC has also designated IZIBITS OU, Chatextech SIA, and Hightrade Finance Ltd, for allegedly aiding Chatex and setting up its infrastructure.
U.S. officials say Latvian government authorities have suspended Chatextech's operations and levied a fine for violating business conduct laws; Latvian officials say they will identify current and former Chatextech board members in the country's registry of "high-risk" individuals. And the Estonian Financial Intelligence Unit has revoked the license of Izibits OU.
"Unprincipled virtual currency exchanges like Chatex are critical to the profitability of ransomware activities," U.S. Treasury officials said.
Law Enforcement Targets REvil
The U.S. DOJ said on Monday that one suspected REvil member, Ukrainian national Yaroslav Vasinskyi, 22, was arrested on Oct. 8 in Poland and faces U.S. extradition; he has been tied to the Kaseya ransomware attack in July that hit some 1,500 downstream organizations.
Officials also indicted Russian national Yevgeniy Polyanin, 28, who remains at large and has been charged with running multiple REvil attacks. The DOJ said it has seized illicit cryptocurrency gains worth $6.1 million from Polyanin.
"Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security,” U.S. Attorney General Merrick Garland said during a press conference on Monday. "Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims."
REvil activity, U.S. officials say, has yielded some $200 million in ransom payments paid in bitcoin and monero.
The European Union's law enforcement agency, Europol, added on Monday that six other suspected participants tied to REvil have been detained.
Alongside criminal charges, OFAC designated Vasinskyi and Polyanin for their alleged roles in perpetuating ransomware attacks.
The U.S. Department of State subsequently announced a reward of up to $10 million for information leading to the identification or location of key leaders in the REvil ransomware gang and $5 million for information on those participating in related attacks.