Cryptonator founder indicted after platform found handling $235 million in illicit funds

Avatar

The Justice Department indicted Russian national Roman Pikulev for his role in founding and operating Cryptonator — an unlicensed cryptocurrency exchange that the U.S. says processed more than $235 million in illicit funds.

A spokesperson for the Justice Department declined to comment on the situation but shared a copy of the indictment, which says Pikulev and others ran Cryptonator from 2014 to March 2023. 

“The operation of Cryptonator involved an international money laundering scheme that, by virtue of its business model, catered to criminals,” the indictment said. “Since its founding, Cryptonator received criminal proceeds of, among other crimes, numerous computer intrusions and hacking incidents, ransomware scams, various fraud markets, and identity theft schemes.”

The website for the platform has been replaced with a takedown notice from the U.S. Justice Department and Internal Revenue Service as well as law enforcement agencies in Germany — including the German Federal Criminal Police Office.

Cryptonator was never registered with the U.S. Financial Crimes Enforcement Network (FinCEN) despite doing business in the United States, a federal felony offense. The Justice Department contended that the platform “had no meaningful anti-money laundering processes in place and lacked an effective anti-money laundering program.”

The indictment adds that Pikulev knew the funds he was handling had come from crimes or were going to be used to support other crimes. 

Hackers and cybercriminals used the platform to exchange cryptocurrencies as well as cash out coins into fiat currency. Pikulev built functions into the platform that anonymized the source of cryptocurrency.

Photos of identification cards attributed to Roman Pikulev, aka Roman Boss. Images: U.S. Department of Justice

Pikulev, who also used the surname “Boss” on some official documents, ran the platform through dozens of U.S. based technology providers and bought ads on U.S. social media sites to further the scheme, the Justice Department added.

In a separate criminal complaint, investigators at the Internal Revenue Service said they obtained a search warrant for the email address that was used by Pikulev to register cryptonator.com.

In total, the platform facilitated more than 4 million transactions worth a total of $1.4 billion, with Pikulev taking a small cut from each transaction. 

Investigators used blockchain research tools to track each of the payments, finding that bitcoin addresses controlled by Cryptonator have “directly and indirectly sent or received more than $25 million from darknet marketplaces or fraud shops, more than $34.5 million to or from addresses associated with scams and more than $80 million to or from high-risk exchanges.” 

At least $8 million came from ransomware campaigns and more than $54 million was traced to hacked or stolen funds, the DOJ said. 

Addresses sanctioned by the Treasury Department sent or received more than $71 million from the platform alongside millions from known cybercriminals. 

Blockchain researchers at TRM Labs said data showed Cryptonator had numerous transactions and ties to several other sanctioned entities and criminal marketplaces, including Blender, Hydra Market, Bitzlato, Garantex and more.

Pikulev used both Russian and German IDs and documents to register websites and email addresses used to run the platform, prosecutors said. 

The Justice Department did not respond to requests for comment about where Pikulev is currently located and whether he has been detained. But social media accounts purportedly tiedto him are based in Perm, Russia.

CybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Hackers directly email customers of immigration firm after damaging cyberattack

Next Post

Five Chinese nationals arrested by feds for ‘massive’ elder fraud scheme

Related Posts

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com). Adversaries targeting open-source repositories across
Avatar
Read More