German law enforcement has shut down 47 cryptocurrency exchange services that ransomware gangs and other cybercriminals used for money laundering.
According to the German federal police (BKA), the seized services were hosted in Germany and allowed cybercriminals to exchange cryptocurrencies without requiring registration or identity verification.
The platforms were designed to “quickly, easily, and anonymously” allow users to hide the origin of funds, the BKA said in a statement on Thursday.
“Exchange services that enable anonymous financial transactions, and thus facilitate money laundering, are among the most crucial elements of the cybercrime industry,” the police said.
The seized services include platforms such as Bankcomat, CoinBlinker, Cryptostrike, Baksman, and Prostocash. The most prolific among them, Xchange.cash, was used by nearly half a million people and processed 1.3 million transactions since its founding in 2012.
Among the users of these platforms were ransomware groups, darknet merchants and botnet operators. They used these services to exchange ransom payments or other criminal proceeds for regular currency.
Now, when users attempt to access one of the seized websites, they are greeted by a message from the German police stating: “This was your final exchange.”
“For years, the operators of these criminal exchange services have led you to believe that their hosting could not be found, that they did not store any customer data, and that all data was deleted immediately after the transaction,” the message read.
“We have found their servers and seized them — development servers, production servers, backup servers. We have their data — and therefore we have your data. Transactions, registration data, IP addresses.”
The police explained that during the operation, they were able to obtain “extensive” user and transaction data from the deactivated exchange services, “providing valuable investigative leads in the fight against cybercrime.”
No arrests have been publicly announced yet as part of “Operation Final Exchange,” but the police said their “search for traces” has begun.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
