On April 25th, the FBI’s Detroit Field Office, with assistance from the Virtual Currency Response Team (VCRT), the Cyber Police Department and Main Investigation Departments of the National Police of Ukraine, and the Prosecutor General’s Office of Ukraine conducted coordinated, court authorized activity involving nine virtual currency exchange services.
Domain names offered by organizations which were engaged in cryptocurrency conversions and provided assistance to cyber-criminals were seized, and related servers were shut down. U.S. based servers used in the scheme were taken offline by U.S. authorities. These nine seized domains, 24xbtc.com, 100btc.pro, pridechange.com, 101crypta.com, uxbtc.com, trust-exchange.org, bitcoin24.exchange, paybtc.pro, and owl.gold offered anonymous cryptocurrency exchange services to website visitors.
Noncompliant virtual currency exchanges, which have a lax anti-money laundering program or collect minimal Know Your Customer information or none at all, serve as important hubs in the cybercrime ecosystem and are operating in violation of Title 18 United States Code, Sections 1960 and 1956. Many of these services are advertised on online forums dedicated to discussing criminal activity. By providing these services, the virtual currency exchanges knowingly support the criminal activities of their clients and become co-conspirators in criminal schemes.
Much of the criminal activity occurring at the affected exchanges involved cyber actors responsible for ransomware, but also other scammers, and cybercriminals. The service’s website offered support in both Russian and English.
The investigation is ongoing. Visitors to the sites will now find a seizure banner that notifies them that the domain name has been seized by federal authorities and operating an unlicensed money service business and facilitating money laundering is a federal crime.