The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of Anatoly Legkodymov (aka Gandalf and Tolik), the cofounder of Hong Kong-registered cryptocurrency exchange Bitzlato, for allegedly processing $700 million in illicit funds.
The 40-year-old Russian national, who was arrested in Miami, was charged in a U.S. federal court with "conducting a money transmitting business that transported and transmitted illicit funds and that failed to meet U.S. regulatory safeguards, including anti-money laundering requirements," the DoJ said.
According to court documents, Bitzlato is said to have advertised itself as a virtual currency exchange with minimal identification requirements for its users, breaking the rules requiring the vetting of customers.
This lack of know your customer (KYC) enforcement led to the service becoming a "haven for criminal proceeds" and facilitating transactions worth more than $700 million on the Hydra darknet marketplace prior to its shutdown by law enforcement in April 2022, the complaint alleged.
"The defendant helped operate a cryptocurrency exchange that failed to implement anti-money laundering safeguards and enabled criminals to profit from their wrongdoing, including ransomware and drug trafficking," Assistant Attorney General Polite stated.
What's more, Legkodymov and other senior executives have been accused of turning a blind eye to illicit activity taking place on the platform despite being aware that its users were "known to be crooks" and registered accounts using stolen identity documents.
"An internal spreadsheet saved in Bitzlato's shared management folder encapsulated the company's view of itself: 'Positives: No KYC. . . Negatives: Dirty money. . . '," the DoJ said.
The U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) described Bitzlato as a "primary money laundering concern" that enabled ransomware actors such as Conti to launder the ill-gotten gains.
Concurrent with the arrest, Bitzlato's digital infrastructure has been seized and dismantled by authorities in France, Spain, Portugal, and Cyprus as part of an international Europol-led exercise.
"As alleged, Bitzlato sold itself to criminals as a no-questions-asked cryptocurrency exchange, and reaped hundreds of millions of dollars' worth of deposits as a result," U.S. Attorney Breon Peace said.
Blockchain analytics firm Chainalysis, in February 2022, revealed that Bitzlato "received $206 million from darknet markets, $224.5 million from scams, and $9 million from ransomware attackers."
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
Following the Russo-Ukrainian war last year, the high-risk exchange also emerged as a "cashout destination" for Project Terricon, a terrorist group soliciting cryptocurrency donation to support militia entities in the Donbas region, the company noted.
In all, Bitzlato is estimated to have received $2.5 billion in cryptocurrency between 2019 and 2023, 53% of which originated from illegal and risky sources.
"If cybercriminals can't reliably convert the cryptocurrency generated by their activities into cash, the incentives to commit those crimes plummet," Chainalysis said, adding the takedown "represents another disruption of a key money laundering service."
The development also comes a week after Europol took apart a network of call centers in Bulgaria, Cyprus, Germany, and Serbia for luring victims into investing large amounts of money in fraudulent cryptocurrency schemes, incurring millions in losses.