The US has imposed financial sanctions on a crypto exchange for the first time. Russian exchange Suex.io is accused of helping ransomware hackers switch their proceeds. The case shines a spotlight on one part of Russia’s crypto standing.
There are often only a few days between word and deed. In mid-September, the Biden administration announced that the Treasury Department was about to respond to ransomware with new sanctions. This should, a Reuters report said vaguely, “make it harder for hackers to profit from ransomware through digital currencies.”
Shortly afterwards, it became clear what the US government had meant. The US Treasury Department placed the Russian exchange Suex.io on the Office of Foreign Assets Control’s (OFAC) list of “Specially Designated Nationals And Blocked Persons”. Individuals, companies, institutions or entire countries on this list are subject to financial sanctions. US citizens are strictly prohibited from having financial transactions with them, and the government claims to enforce the sanction in other countries as well, for example by putting pressure on dollar banks.
Bitcoin addresses have already made it onto this list in recent years, such as drug dealers from China or hackers from Iran. But when an exchange from Russia is sanctioned, this is something new. For the first time, the US government is putting a crypto exchange based abroad and legal there in the same category as drug dealers and terrorists.
160 million dirty dollars
Most of the activity with virtual currencies is legal, the US Treasury explains the sanction, but some of the virtual currencies are misused for illegal activities. “Some virtual currency exchanges are also abused by criminals. Others, however, in this case Suex, are promoting illegal activities for their own illicit profits.” Suex had helped launder the proceeds of at least eight ransomware variants; according to analysis, 40 per cent of all Suex transactions have a criminal source.
Blockchain analyst Chainalysis proudly states that its tools have helped in the investigation of Suex. Suex has moved more than $481 million in cryptocurrencies since 2018, primarily in Bitcoin, Ether and Tether, it says.
Much of this came from illegal or high-risk sources, he said. In Bitcoin alone, Suex addresses have received more than $160 million from ransomware hackers, scammers and darknet market operators. More specifically:
More $13 million came from ransomware operators, such as Ryuk, Conti and Maze,
more than $24 million from fraudsters, such as Finiko, a giant ponzi scheme that collected more than $1.5 billion in bitcoin in Russia and Ukraine between December 2019 and August 2021; and
more than 20 million from darknet markets, most notably Hydra.
In addition, over $50 million in cryptocurrencies flowed to Suex from the holdings of BTC-e, a former exchange in the Russian region that was notorious for money laundering. Chainalysis is unfortunately silent about the remaining $50-60 million, as well as how Finiko laundered the remaining $1.476 billion. Is Suex just a small fish in the waters of Eastern European crypto-money laundering?
Not an exchange, but an OTC trader
Suex is registered in the Czech Republic but operates from Russia under the umbrella of an Estonian parent company. Suex’s managers are believed to have links to a Russian telecommunications provider as well as a Czech investment company.
Suex is not a stand-alone exchange, but an over-the-counter trader or “OTC bureau” with branches in Moscow, St Petersburg, the Middle East and possibly other Russian cities. Clients appear in person at the offices where they exchange money for cryptocurrencies or vice versa. Suex does not have its own order book and does not manage coins, but operates through accounts on larger crypto exchanges, presumably Binance and Huobi, but this is not specifically known.
Such OTC offices are known from China. There, since the ban on exchanges, they have been one of the few ways to exchange yuan for cryptocurrencies and participate in the crypto markets via foreign exchanges.
OTC offices are not illegal or criminal per se, but often the starting point for money laundering, as they are usually more laxly supervised. That is why Chainalysis is watching them closely, both in China and elsewhere. Suex has been under observation for years by the analyst, who says he has identified numerous addresses belonging to the OTC trader that have received illegal coins. Some of the addresses are also part of the “Rogue 100”, a list of 100 OTC addresses that were among the biggest crypto money launderers in 2019.
A good reputation in Russia
In the West, Suex is largely unknown. That’s why Coindesk magazine has spent the past few weeks making intensive inquiries about the trader among Russian traders, users and crypto entrepreneurs.
Suex is well known in Russian crypto circles and enjoys a reputation for reliability: If you give them money, they don’t run away with it, said one startup founder, but exchange it as requested. Another founder said that almost everyone trades with Suex somehow, as the trader is able to exchange almost any volume in a timely manner.
One very interesting piece of information is that Suex helps customers bring money to the Western financial markets using cryptocurrencies. The money flows via wallets, fiat gateways and crypto exchanges to European bank accounts, for example in Switzerland. Such service providers are numerous in Russia, another source said, but Suex is one of the biggest. “This is the cheapest way to move money across the border.”
So Bitcoin and cryptocurrencies do serve a purpose in Russia, even if it is more in a grey area.
Did they know about the criminal origin of the funds?
The scene in Russia is surprised by the sanctions. Usually, regulators contacted exchanges and crypto companies to learn more about their criminal clients. When this happens, everyone cooperates, because no one wants to fall into the hands of the US police on their next holiday in Greece. This is what happened to the well-known Russian crypto-money launderer Alexander Vinnik.
Most of those interviewed by Coindesk do not doubt that money was laundered via Suex. But many doubt that Suex knew about it. Usually, larger amounts of dirty coins would be laundered onchain first before hitting exchanges and traders. “As an OTC, you inevitably get to deal with dirty money,” one source said, “but you only find out about it when the police come knocking on your door at 6am.”
It is possible that Suex could have done a better job of onchain analysis. These are methods of spying on customers and spotting suspicious money flows through tools such as those offered by Chainalysis. But most do not suspect any intention behind this.
Others, however, think that Suex employees must have known they were laundering money in at least some cases. The truth is probably somewhere in between.
