Another cryptocurrency exchange identified as processing millions in ransomware payments was sanctioned by the U.S. Treasury Department on Monday, resulting in the blacklisting of 59 cryptocurrency addresses known to be involved in such transactions. The action was taken after blockchain forensics experts at Chainalysis managed to trace ransomware payments through addresses known to be associated with the exchange.
Further research by Chainalysis demonstrates that Chatex had processed around $77.5 million in Bitcoin (BTC) since its inception in September 2018, with at least $17 million coming from “illicit sources” such as the Hydra darknet marketplace.
A FinCEN Ransomware Advisory update included an announcement from the Department of State of a reward up to $10,000,000 “for information leading to the identification or location of any individual(s) who hold a key leadership position in the Sodinokibi/REvil ransomware variant transnational organized crime group.”
“Ransomware groups and criminal organizations have targeted American businesses and public institutions of all sizes and across sectors, seeking to undermine the backbone of our economy,” said Deputy Secretary of the Treasury Wally Adeyemo in a press release. Two cybercriminals, one Russian and one Ukrainian, were also sanctioned for their positions in setting up ransomware attacks on U.S. companies.
Among yesterday’s sanctioned crypto addresses are exchange addresses for Bitcoin, Ethereum Bitcoin Cash, USDT, XRP, Litecoin, Dash and Monero. Per order of the sanction, businesses and individuals operating under U.S. law are forbidden from transacting with the listed addresses.
The owner of Chatex, Egor Petukhovsky, is also the owner of Suex, the first crypto exchange to be sanctioned by the Treasury department in September. As a result of the sanction, 25 crypto addresses were blacklisted, most consisting of exchange deposit addresses.
Before their website was recently changed, Chatex described itself as “the second largest crypto wallet and p2p exchange in-app platform for Telegram.” They also mentioned that they had recently become a “full-fledged cryptobank,” offering an array of cryptocurrency-related cashout services. The company completed a token sale in September in which $40,000 was raised, and was still in the process of raising additional funds at the time of the sanction.