One year after the invasion of Ukraine, sanctions on Russia’s illicit cryptocurrency market have emerged as a core concern for US national security.
“Russia is a haven for cybercriminals, where the government often enlists them for its own malicious purposes,” the Treasury’s second-in-command behind Janet Yellen, Wally Adeyemo, announced last month. “We have no tolerance for criminal enterprises enriching Russia’s malicious interests.”
Adeyemo was speaking at a highly publicised press event on new moves to take down Bitzlato, a Moscow-based crypto exchange specialising in bulk cash-to-crypto laundering. It is just the latest in a series of legal moves from US authorities that is set to continue.
The Treasury’s Office of Foreign Assets Control, Financial Crimes Enforcement Network and the Department of Justice have cranked up their actions against Russian cybercrime in the past year. But the black hats are adapting.
A February 23 report from blockchain analytics firm TRM Labs warns that both darknet markets and ransomware gangs based in Russia are rebounding, despite earlier sanctions and arrests slowing them down.
The report finds that darknet markets are rushing to fill in the gap left by Hydra, a massive marketplace that operated all across the former Soviet Union until US and German authorities managed to sanction and take it offline last April.
“[Hydra’s] demise predictably resulted in seismic shifts in the Russian-language cyber underground,” as a recent report from cybersecurity firm Flashpoint put it. Due to Hydra’s dominance, total darknet market volumes slumped for months, but are quickly returning to where they were at Hydra’s peak.
‘In 2023, we’re going to see an increase in the volume and pace at which those enforcements are going to be rolled out’— a former Treasury official
These marketplaces’ main trade is illegal drugs. Their return is particularly problematic for US authorities, not out of concern for Russian youths getting hooked on methedrine, but because darknets can and do function as mixers, providing key liquidity for money laundering in and out of Russia.
Another sobering concern is the effectiveness of those sanctions on the exchanges that provide on- and off-ramps to illicit actors. OFAC has pridefully touted its record on sanctioning dirty crypto exchanges going back to its designation of Suex in September 2021. But the TRM report finds that volumes for Garantex, the exchange that was sanctioned alongside Hydra, have doubled since April.
Even prior to the invasion of Ukraine, Russia’s cybercriminals drew the ire of US national security leaders. Massive ransomware attacks in early 2021 locked up supplies of gas and pork. Gangs like REvil/Sadobniki and Conti faced rounds of legal action and a handful of arrests. But the latter, at least, is re-emerging as different entities.
In October 2021, the Treasury put out an overview of its sanctions regime, including five pillars for improvement, from international support to tech updates. Fatefully, the sanctions rode a rare tide of international support following Russia’s invasion. Even Switzerland got on board with seizing the assets of Russia’s central bank.
More broadly, US sanctions have run up against Russia’s economic indicators that stubbornly hold strong. For example, following a sharp spike last March, the ruble remains at pre-war levels against the dollar.
Russia’s economic resilience leads some to call for more aggressive action from the Treasury.
Senator Bob Menendez chair the Foreign Relations Committee and sits on the Banking Committee. Asked if he was satisfied with OFAC’s rate of sanctions on Russia, he said, “No. I think there’s more to be done.”
‘Sanctions are a dynamic process and sanctions are part of a broader foreign policy and national security toolkit’— Alex Zerden, a former Treasury official currently running advisory firm Capitol Peak Strategies
“I do appreciate that they have a large portfolio,” Menendez added. “But I think this is one of the most significant areas where we can make a consequence. So they need to ratchet it up.”
“Underneath the hood, Russia’s economy is getting smaller and getting less flexible and looks less and less like a G20 economy,” Undersecretary Adeyemo said on February 21 in a speech defending the Treasury’s record.
Addressing crypto specifically, Adeyemo said “just like the traditional financial system, the crypto ecosystem is not one that can be abused by nation-states or cybercriminal actors going forward.”
But measuring the success of a sanctions programme is tricky. Stamping out evasion is part of the game.
“It’s not surprising that ransomware groups and other malign actors will seek to change their tactics in an attempt to evade sanctions,” Alex Zerden, a former Treasury official currently running advisory firm Capitol Peak Strategies, told DL News. “Sanctions are a dynamic process and sanctions are part of a broader foreign policy and national security toolkit.”
“The enhancement and improvement that we’ve seen, especially over the past year – moving from individuals tied to singular acts or a few acts to now looking at large exchanges and services like Hydra, like Garantex – it changes the game when it comes to getting the bad actors out of the ecosystem,” Andrew Fierman, head of sanctions strategy at Chainalysis, a blockchain analytics firm that holds the oldest federal contract in the sector, told DL News.
Federal agencies often blackbox information – doubly so when it comes to investigations. But OFAC’s specially designated national list clearly shows faster response times and wider scope of crypto addresses associated with dirty dealings in the past year.
Another indicator of activity is federal contracting. The day before the TRM report saw the Treasury release its intent to contract the firm’s Forensics software. At the end of October, they did the same with Elliptic.
All of which heralds more actions, which Adeyemo hinted at as well.
“In 2023, we’re going to see an increase in the volume and pace at which those enforcements are going to be rolled out,” a former Treasury official told DL News. “It’s not just going to be OFAC, it’s going to be the Department of Justice.”