22 September 2021

US Treasury sanctions Suex cryptocurrency exchange linked to ransomware operations


US Treasury sanctions Suex cryptocurrency exchange linked to ransomware operations

The US Treasury Department has imposed sanctions on Suex, a virtual currency exchange, that allegedly helped at least eight ransomware gangs launder virtual currency. The move is a part of a series of actions aimed at disrupting criminal networks and virtual currency exchanges responsible for laundering ransoms.

The Treasury Department said that over 40 percent of Suex known transactions is associated with illegal activity.

“This action is the first sanctions designation against a virtual currency exchange,” the Department said.

“Some virtual currency exchanges are exploited by malicious actors, but others, as is the case with SUEX, facilitate illicit activities for their own illicit gains. Treasury will continue to use its authorities against malicious cyber actors in concert with other U.S. departments and agencies, as well as our foreign partners, to disrupt financial nodes tied to ransomware payments and cyber-attacks.”

The Treasury also shared a list of the cryptocurrency accounts known to be operated by Suex for daily transactions.

While legally registered in the Czech Republic, Suex has no known physical presence there and operates out of branches in Moscow and St. Petersburg, Russia, where users can cash out their virtual currency, according to crypto transaction-tracking firm Chainalysis.

“Since opening its doors in 2018, Suex has moved hundreds of millions of dollars worth of cryptocurrency, mostly in Bitcoin, Ether, and Tether, much of which is from illicit and high-risk sources. In Bitcoin alone, Suex’s deposit addresses hosted at large exchanges have received over $160 million from ransomware actors, scammers, and darknet market operators,” said Chainalysis.

The company’s investigation also showed that Suex received over $50 million worth of Bitcoin sent from addresses hosted at illicit cryptocurrency exchange BTC-e from 2018 through 2021, well after BTC-e shutdown and the arrest of its owner.

“Suex is one of the biggest and most active of those services. Shutting them down would represent a significant blow to many of the biggest cyber threat actors operating today, including leading ransomware attackers, scammers, and darknet market operators,” the company said.


Back to the list

Latest Posts

LightBasin hackers compromised 13 global telecoms in just two years

LightBasin hackers compromised 13 global telecoms in just two years

LightBasin is active since at least 2016 and is focused on Linux and Solaris servers, only interacting with Windows systems as needed.
20 October 2021
Suspected Chinese hackers reportedly hit 9 Israeli hospitals

Suspected Chinese hackers reportedly hit 9 Israeli hospitals

Attempted attacks come days after a massive ransomware attack on Hillel Yaffe Medical Center, attributed to the DeepBlueMagic group.
19 October 2021
State-sponsored hackers target orgs in South Asia with custom backdoor

State-sponsored hackers target orgs in South Asia with custom backdoor

Harvester has been observed using both custom malware and publicly available tools, such as Cobalt Strike Beacon and Metasploit, in their attacks.
19 October 2021