Uncover the story behind the 'Biggest Heist Ever' — a gripping new Netflix documentary! Watch the trailer.

US and German Authorities Seize Crypto Wallet Cryptonator and Charge Administrator

TRM InsightsInsights
US and German Authorities Seize Crypto Wallet Cryptonator and Charge Administrator

On August 1, 2024, IRS-Criminal Investigation, the US Department of Justice, and the Federal Bureau of Investigation in coordination with the German Federal Criminal Police Office (BKA) and the Attorney General’s Office in Frankfurt, seized the domain for online crypto wallet Cryptonator for failing to have appropriate anti-money laundering controls in place and facilitating illicit activity. Cryptonator, launched in 2014, was an online cryptocurrency wallet that enables direct transactions and allows instant exchange between different cryptocurrencies in one personal account, essentially acting as a personal cryptocurrency exchange.

The website for the platform was replaced with a takedown notice from the U.S. Justice Department and Internal Revenue Service as well as law enforcement agencies in Germany — including the German Federal Criminal Police Office.

In addition to seizing the site, prosecutors for the Justice Department in the Middle District of Florida filed a criminal complaint against Russian national Roman Pikulev for his role in founding and operating Cryptonator, which, according to DOJ, was an unlicensed money service business that processed more than $235 million in illicit funds. Specifically, DOJ charged Pikulev with operating an unlicensed MSB and money laundering for failing to register with the US Treasury’s Financial Crimes Enforcement Network (FinCEN) despite doing business in the United States. DOJ’s charges assert that Cryptonator “had no meaningful anti-money laundering processes in place and lacked an effective anti-money laundering program,” as users were able to onboard anonymously with only a username and a password rather than the robust KYC requirements required by law.

“The operation of Cryptonator involved an international money laundering scheme that, by virtue of its business model, catered to criminals,” the indictment said. “Since its founding, Cryptonator received criminal proceeds of, among other crimes, numerous computer intrusions and hacking incidents, ransomware scams, various fraud markets, and identity theft schemes.”

"Tickets also indicate that Cryptonator offers API keys to darknet marketplaces and the like, such as a bullet-proof hosting service, and a shop selling cached credentials for credit card companies," reads the complaint.

Importantly, the indictment adds that Pikulev knew the funds in Cryptonator were the proceeds of illicit activity or were going to be used for criminal activity. Hackers, darknet market operators, ransomware groups, sanctions evaders and others threat actors gravitated to the platform to exchange cryptocurrencies as well as cash out crypto into fiat currency. Pikulev, according to prosecutors, built functions into the platform that anonymized the source of cryptocurrency. 

The evidence of knowledge includes chats in which Pikulev discusses the onboarding of cryptocurrencies accepted on darknet markets such as Monero and offering API key integrations with those illegal platforms.

Photos of identification cards attributed to Roman Pikulev, aka Roman Boss. Images: U.S. Department of Justice

According to the charges, Pikulev, who also used the surname “Boss” on some official documents, ran the platform through dozens of U.S. based technology providers and bought ads on U.S. social media sites to further the scheme. Pikulev used both Russian and German IDs and documents to register websites and email addresses used to run the platform, prosecutors said. 

In total, the platform facilitated more than 4 million transactions worth a total of $1.4 billion, with Pikulev taking a small cut from each transaction.

Based on blockchain intelligence, of that USD 1.4 billion, addresses controlled by Cryptonator sent or received:

  • $25,000,000 with darknet markets, fraud and carding shops
  • $34,500,000 with scam addresses
  • $80,000,000 with high-risk exchanges
  • $8,000,000 with addresses associated with ransomware groups
  • $54,000,000 with addresses associated with hacks and crypto theft operations
  • $34,000,000 with icryptocurrency mixing services
  • $71,000,000 with sanctioned addresses

As shown in TRM graph visualizer, cryptocurrency addresses controlled by Cryptonator transacted with non-compliant exchanges, ransomware groups, darknet markets, and other high risk entities

As show in TRM graph visualizer, one laundering technique was to send illicit proceeds from a carding shop in and peeling chain and in and out of Cryptonator

This case is an example of global law enforcement cooperation and the use of blockchain intelligence to thwart illicit activity.

This is some text inside of a div block.
Subscribe and stay up to date with our insights

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
No items found.