FinCEN Identifies Virtual Currency Exchange Bitzlato as a “Primary Money Laundering Concern” in Connection with Russian Illicit Finance

Immediate Release

Action is the First Order Issued under Powerful New “Section 9714” Authority

WASHINGTON— Today, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an order that identifies the virtual currency exchange Bitzlato Limited (Bitzlato) as a “primary money laundering concern” in connection with Russian illicit finance. This is the first order issued pursuant to section 9714(a) of the Combating Russian Money Laundering Act, as amended, and highlights the serious threat that business operations that facilitate and support Russian illicit finance pose to U.S. national security and the integrity of the U.S. financial sector. The order prohibits certain transmittals of funds involving Bitzlato by any covered financial institution.

In the order, FinCEN determined that Bitzlato is a financial institution operating outside of the United States that is of primary money laundering concern in connection with Russian illicit finance. Bitzlato plays a critical role in laundering Convertible Virtual Currency (CVC) by facilitating illicit transactions for ransomware actors operating in Russia, including Conti, a Ransomware-as-a-Service group that has links to the Government of Russia.

“Bitzlato poses a global threat by allowing Russian cybercriminals and ransomware actors to launder the proceeds of their theft,” said FinCEN Acting Director Himamauli Das. “As criminals and criminal facilitators evolve, so too does our ability to disrupt these networks. We will continue to leverage the full range of our authorities to prohibit these institutions from gaining access to the U.S. financial system and using it to support Russian illicit finance.”

As described in the order, Bitzlato is a virtual currency exchange offering exchange and Peer-to-Peer (P2P) services. Bitzlato maintains significant operations in and connected to Russia and to Russian illicit finance through its facilitation of deposits and funds transfers by Russia-affiliated ransomware groups or affiliates, and transactions with Russia-connected darknet markets. FinCEN’s investigation found that these connections include, but are not limited to, facilitating deposits, funds transfers, and transactions involving Conti and the Russia-connected darknet market Hydra, which is the subject of both U.S. sanctions and law enforcement actions that have shuttered its operations. Following Hydra’s closure in April 2022, Bitzlato continued to facilitate transactions for growing Russia-connected darknet markets, including BlackSprut, OMG!OMG!, and Mega.

In the course of its investigation, FinCEN also found that Bitzlato has taken few meaningful steps to identify and disrupt illicit use and abuse of its services. Bitzlato does not effectively implement policies and procedures designed to combat money laundering and illicit finance, and has advertised a lack of such policies, procedures, or internal controls. As a result, Bitzlato facilitates a substantially greater proportion of money laundering activity in connection with Russian illicit finance compared to other virtual currency exchanges. Bitzlato’s continued facilitation of Russia-connected darknet markets, even after public action targeting darknet markets, further illustrates its ongoing engagement with illicit actors and lack of adequate controls. As described in the order, effective February 1, 2023, covered financial institutions are prohibited from engaging in a transmittal of funds from or to Bitzlato, or from or to any account or CVC address administered by or on behalf of Bitzlato.

Today’s action aims to enhance U.S. national security and the integrity of the U.S. financial system through increased transparency and facilitates the detection of illicit financial activity involving digital assets, including CVC. This action is an example of Treasury using its available tools to target Russian illicit financial activity and counter the ransomware threat. Russia is a haven for cybercriminals, where the government often enlists cybercriminals for its own malicious purposes. The majority of ransomware incidents reported to FinCEN in the second half of 2021 were conducted by Russia-related ransomware variants, indicating that Bitzlato is part of a larger ecosystem of Russian cybercriminals that are allowed to operate with impunity in Russia.

This action also holds accountable an actor who is responsible for facilitating illicit activities and reaffirms Treasury’s global leadership in combating the abuse of digital assets. As set out in the 2022-2026 Department of the Treasury Strategic Plan, Treasury is committed to increasing transparency in the domestic and international financial system. This includes through using Treasury tools to hold accountable actors in the ecosystem involved in or facilitating illicit activities and cut them off from the international financial system, as identified in the Action Plan to Address Illicit Financing Risks of Digital Assets.

 

The text of the order can be found here Order Bitzlato.

Frequently Asked Questions on this action can be found here FAQs Bitzlato.

For questions on this order, please contact the FinCEN resource center at 1-800-767-2825 or electronically at frc@fincen.gov.