Security Experts:

Connect with us

Hi, what are you looking for?



U.S Indicts Russian Man Over Money Laundering Through Bitcoin Exchange

95% of Tracked Ransoms Were Cashed Out via BTC-e, a Digital Currency Exchange The Accused Alexander Vinnik Operated

95% of Tracked Ransoms Were Cashed Out via BTC-e, a Digital Currency Exchange The Accused Alexander Vinnik Operated

The United States Department of Justice this week indicted a Russian man for his role in the laundering of money obtained from hacks, ransomware schemes, and other illegal activities.

Alexander Vinnik, 37, was arrested in Greece on July 25 and faces charges in the United States. According to the indictment, he is the owner and operator of multiple BTC-e accounts, including administrative accounts. Furthermore, he is the primary beneficial owner of BTC-e’s managing shell company, Canton Business Corporation.

BTC-e, one of the world’s largest and most widely used digital currency exchanges, received deposits valued at over $4 billion, and numerous withdrawals from BTC-e administrator accounts went directly to Vinnik’s personal bank accounts, the indictment alleges. Moreover, proceeds from hacks and thefts from Bitcoin exchanges were funded through a BTC-e account associated with Vinnik.

According to a DoJ announcement, the Russian was indicted for “operating an unlicensed money service business, money laundering, and related crimes” and for receiving funds from the infamous hack of Mt. Gox. The largest digital currency exchange in 2013-2014, Mt. Gox started bankruptcy proceedings in April 2014, after discovering the theft of 850,000 Bitcoins and finding only 200,000 coins in an old wallet. Hackers supposedly siphoned the funds for a long period of time, starting 2011.

“The indictment alleges that Vinnik obtained funds from the hack of Mt. Gox and laundered those funds through various online exchanges, including his own BTC-e and a now defunct digital currency exchange, Tradehill, based in San Francisco, California. The indictment alleges that by moving funds through BTC-e, Vinnik sought to conceal and disguise his connection with the proceeds from the hacking of Mt. Gox and the resulting investigation,” DoJ reveals.

The indictment also notes that BTC-e, founded in 2011, was preferred by cybercriminals because it didn’t require users to validate identity, was obscuring and anonymizing transactions and source of funds, and had no anti-money laundering process. In fact, BTC-e was allegedly operated so as to facilitate transactions for cybercriminals.

The indictment also alleges the exchange “received the criminal proceeds of numerous computer intrusions and hacking incidents, ransomware scams, identity theft schemes, corrupt public officials, and narcotics distribution rings.” Over the course of operation, BTC-e supposedly received $4 billion worth of Bitcoin for facilitating crimes such as computer hacking, fraud, identity theft, tax refund fraud schemes, public corruption, and drug trafficking.

At Black Hat this week, Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering researchers presented the findings of an investigation into ransomware payments, where they were able to track payments through the Bitcoin blockchains from distribution sites to the cash-out points. According to their report (PDF), “95% [of] traced ransoms [were] cashed out via BTC-E.”

The Treasury Department also also BTC-e $110 million for violating U.S. anti-money laundering laws, and fined Vinnik $12 million for his role in the scheme.

The indictment charges BTC-e and Vinnik with one count of operation of an unlicensed money service business (carrying a maximum penalty of 5 years in prison) and one count of conspiracy to commit money laundering (a maximum penalty of 20 years in prison). It also charges Vinnik with seventeen counts of money laundering (a maximum penalty of 20 years in prison for each count) and two counts of engaging in unlawful monetary transactions (a maximum penalty of 10 years in prison for each count).

“BTC-e was noted for its role in numerous ransomware and other cyber-criminal activity; its take-down is a significant accomplishment, and should serve as a reminder of our global reach in combating transnational cybercrime,” United States Secret Service (USSS) Special Agent in Charge of the Criminal Investigative Division Michael D’Ambrosio said.

Related: U.S., European Police Say ‘Dark Web’ Markets Shut Down

Related: U.S. Queries PayPal in Money Laundering Probe

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.