The US government on Thursday announced rewards of up to $10 million each for information leading to the arrest of two Russian nationals charged over their involvement in operating and laundering proceeds from carding websites.
An underground marketplace for stolen payment card data active since at least 2014, Joker’s Stash announced its shut down in January 2021, roughly one month after law enforcement seized its servers.
According to the indictment, Joker’s Stash offered for sale roughly 40 million payment cards annually, and is estimated to have generated between $280 million and over $1 billion in illegal profits.
The carding website, the indictment alleges, was operated, among others, by Russian national Timur Shakhmametov, also known as ‘JokerStash’ and ‘Vega’.
He was charged with bank fraud conspiracy, access device fraud conspiracy, and money laundering conspiracy related to his involvement in operating Joker’s Stash.
The US is offering up to $10 million for information on Shakhmametov, and separate rewards of up to $1 million for information on other leaders of the website.
According to the indictment, Russian national Sergey Ivanov, also known as ‘Taleon’, was involved in laundering proceeds from Joker’s Stash and Rescator, a carding website offering stolen payment card data from US organizations and the personal information of US citizens.
In 2013, the site advertised the data of 40 million payment cards and the personally identifiable information (PII) of 70 million people, stolen from a major retailer, the indictment alleges. The retailer was likely Target.
Allegedly a cyber money launderer for roughly two decades, Ivanov created and/or operated payment and exchange services UAPS, PinPays, and PM2BTC, working with cybercrime marketplaces, ransomware groups, and hackers who breached major US organizations.
Between 2013 and 2024, transactions of over $1.15 billion in value were conducted through cryptocurrency addresses allegedly associated with Ivanov’s money laundering operations. Approximately 32% of the bitcoin sent to these addresses originated from cybercriminal activities, including fraud proceeds and proceeds from ransomware payments.
The US is offering a reward of up to $10 million for information on Ivanov, and separate rewards of up to $1 million for information on other key leaders of UAPS, PM2BTC, and PinPays. Additionally, the Treasury Department sanctioned Ivanov, while identifying PM2BTC as a “’primary money laundering concern’ in connection with Russian illicit finance”.
On Thursday, the US also announced the seizure of the domain names associated with cryptocurrency money laundering exchange Cryptex.net, which processed transactions of approximately $1.4 billion, most of which were associated with criminal activity or went to entities sanctioned by the US.
As part of the coordinated action, authorities in the Netherlands seized servers hosting PM2BTC and Cryptex, along with cryptocurrency worth over $7 million.
Related: US Targets Russian Election Influence Operation With Charges, Sanctions, Domain Seizures
Related: US Charges Three Eastern Europeans Over Ransomware and Malvertising, Leader Extradited
Related: The US is Preparing Criminal Charges in Iran Hack Targeting Trump, AP Sources Say
Related: US Announces Charges, Reward for Russian National Behind Wiper Attacks on Ukraine
