19 January 2023

Law enforcement action dismantles Bitzlato crypto exchange allegedly used to launder illicit funds


Law enforcement action dismantles Bitzlato crypto exchange allegedly used to launder illicit funds

French authorities, working with Europol and partners in Spain, Portugal, and Cyprus, dismantled digital infrastructure of Bitzlato, a Hong Kong-based cryptocurrency exchange that allegedly processed more than $700 million dollars’ worth of illicit funds, including more than $15 million in ransomware payments.

The US Department of Justice has also announced the arrest of Anatoly Legkodymov (aka “Gendalf” and “Tolik”), a Russian national and Bitzlato’s founder. Legkodymov has been arrested on Tuesday night in Miami and charged with money laundering.

According to officials, Bitzlato sold itself to criminals as a no-questions-asked cryptocurrency exchange, specifying that “neither selfies nor passports [are] required.”

“As a result of these deficient know-your-customer (KYC) procedures, Bitzlato allegedly became a haven for criminal proceeds and funds intended for use in criminal activity,” the DoJ said.

Bitzlato is said to have facilitated $700 million in direct or indirect transfers of sales on the now-defunct Hydra Market, one of the largest darknet marketplaces that sold illegal drugs, stolen financial data, fraudulent identification documents, and money laundering and mixing services. Hydra saw its demise in April 2022 following a joint law enforcement operation conducted by the US and German authorities.

Legkodymov and other Bitzlato managers were also allegedly aware that Bitzlato’s users were “known to be crooks,” and that many users registered their accounts using stolen identities. Legkodymov is also accused of conducting Bitzlato transactions from Miami in 2022 and 2023, and of receiving reports of “substantial traffic” to its website originating from US-based IP addresses, including more than 250 million visits in July 2022.

Back to the list

Latest Posts

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

The new infostealer was observed in attacks targeting Ukrainian organizations.
8 February 2023
CISA releases tool to recover encrypted VMware ESXi servers

CISA releases tool to recover encrypted VMware ESXi servers

According to CISA’s list of bitcoin addresses, over 2,800 ESXi servers have been encrypted to date.
8 February 2023
Threat actors target Ukrainian government agencies with Remcos spyware

Threat actors target Ukrainian government agencies with Remcos spyware

The attack involves a phishing email ostensibly sent by Ukrtelecom, a major Ukrainian internet service provider.
8 February 2023