It seems that in the near future Russia will be able to lay claim to a new global brand: “Russian crypto-launderers” may be added to the “Russian hackers”. The US Treasury began this week by imposing the first ever sanctions against a cryptocurrency company - the Russian-based exchange Suex, which, according to Washington, helped to launder money for hackers and cyber fraudsters, and at the same time made payments to the largest drug marketplace in Russia, Hydra. We figured out the business of the mysterious crypto exchanger and the biographies of its founders.
Last Tuesday, the US authorities, fulfilling a pledge to fight money launderers made after the Colonial Pipeline, the largest oil pipeline operator in the United States, was hacked, imposed sanctions against a cryptocurrency company for the first time in history. The crypto exchanger that fell under the sanctions (surprise) turned out to be Russian. We are talking about the SUEX OTC S.R.O platform, registered in the Czech Republic and having an office in Moscow City and several physical exchangers in Russian cities. Almost all of Suex's shareholders and executives are Russian.
According to the US Treasury Department, Suex "facilitated operations involving illegal proceeds from at least eight methods of extortion." In three years, $ 481 million from illegal transactions went through the platform. More than 40% of transactions on the platform are related to criminal activity, the department added. The sanctions provide for the freezing of the company's assets in the United States. In addition, citizens of the country are prohibited from interacting with the service.
For the United States, ransomware attacks have recently become a national problem. In early May, hackers attacked the Colonial Pipeline, which triggered a gasoline crisis in the country. Behind the break-in was the DarkSide group, young at that time, which immediately found a "Russian trace": people from Russia and Eastern Europe work in DarkSide, and the group operates in countries where they do not speak Russian. The group was reputed to be professional and very effective - the amount of ransoms received is estimated at tens of millions of dollars a year. We talked in detail about her business and principles here.
In early July, US President Joe Biden discussed the ransomware attacks on a call with Vladimir Putin, asked Russia to stop such attacks, and warned that the US would take action to protect people and critical infrastructure. The first thing the American authorities took seriously was cryptocurrency services, with the help of which hackers received rewards from the attacked companies. In July, Bloomberg reported that the US authorities tightened control over crypto transactions, and a special commission appeared in the White House to combat hackers using ransomware viruses. The first major victim was Suex - again a company with a very noticeable “Russian footprint”.
What is known about SUEX
The Suex crypto exchanger, as follows from the OFAC documents, is registered at two addresses. One of them is in Prague, and the second is in Moscow City, in Suite Q on the 31st floor of the Federation Tower. The blog of Chainalysis, a blockchain-tracking company that helped investigate the US Treasury Department, details how Suex's business has been organized since 2018.
Suex is called an OTC cryptocurrency broker - it is not an exchange that has a centralized management and where users hold accounts to buy and sell cryptocurrency, but a platform where users bring cash and cryptocurrency and exchange them. That is, in simple words, a crypto exchanger. For such a business, the presence and location of offline offices is a fundamentally important point: all transactions were conducted with large clients, and in order to make an exchange, their personal presence in one of the company's offices was required, the researchers write.
The investigation revealed that the platform converted the cryptocurrency into cash at branches in Moscow and St. Petersburg, as well as possibly other offices in Russia and the Middle East. In Prague, the company was registered only legally - nothing is known about its physical presence there.
Chainalysis calls Suex a money laundering marketplace. Another company, TRM labs, which is also engaged in blockchain analytics, wrote that Suex, either intentionally or unknowingly, took an important place in the market for cashing illegally obtained cryptocurrencies. It was only possible to become a client of Suex on a recommendation - a random person could not get there. Communication with clients went through Telegram, but the deal itself could only be concluded in person, having arrived at the office. The company worked only with large checks, the minimum allowable transaction was $ 10 thousand, writes TRM. The company itself did not store the cryptocurrency, but instead used the infrastructure of a large cryptocurrency exchange - this helped to conduct transactions faster and cheaper, the researchers write.
According to a source for The Bell in the cryptocurrency market, Suex, like other similar exchangers in Moscow City, was in fairly high demand. Cash got there mainly from Moscow markets, like Sadovod or the market in Lyublino. Each of them has a cash acceptance point, where they are counted and taken to the exchanger. The entrepreneurs themselves in the markets need cryptocurrency to pay with sellers abroad, for example, in China. Goods are often imported across the border at discounted prices, and in order to make real payments, you need a cryptocurrency - Tether stablecoins (USDT).
The crypto exchanger practically did not check the sources of money of its clients in any way, says the interlocutor of The Bell in the market. Until recently, this was indirectly mentioned in the profile on LinkedIn of one of the founders of the platform: he promised that the deal in Suex would take less than 24 hours - without long proceedings and supporting documents.
By accessing a large cash flow and links with a major exchange, Suex was able to bring the volume of cashing out illegally obtained cryptocurrencies to alarming proportions, TRM wrote. It was not specified which exchanges Suex could work with, but after the company was included in the sanctions list, it became known that it used the accounts of the Binance and Huobi exchanges.
Since its founding in 2018, Suex has transferred hundreds of millions of dollars worth of cryptocurrencies, mostly in bitcoins, Ethereum and Tether, and most of the funds have come from illegal and high-risk sources, Chainalysis writes in its investigation. Only transactions with bitcoins amounted to $ 481 million, and the researchers estimated all operations with ransomware hackers and darknet participants at $ 160 million.In another analytical company, Elliptic, the estimates were even higher: $ 370 million of illegal transactions and $ 900 million in total.
In the structure of illegal transactions, about $ 13 million, according to Chainalysis, fell on ransomware operators, and another $ 24 million came from the recently collapsed Finiko pyramid (we told its story in detail here). Suex received more than $ 20 million from Hydra, the largest Russian-language darknet drug marketplace. Another $ 50 million - from addresses listed on the US-blocked BTC-e cryptocurrency exchange (the fascinating story of the fall of this once largest Russian cryptocurrency exchange can be read here and here). Interestingly, transactions with the BTC-e cryptocurrency continued after it collapsed and the assets were frozen, the researchers write. A more detailed diagram of the distribution of illegal transactions can be found here.
Who is behind Suex
The largest shareholder of Suex, Russian Yegor Petukhovsky, now, according to Facebook, lives in Zurich. He denies the connection of his business with any illegal activity: on his page on the social network, Petukhovsky called the news about Suex "discrediting" and said that he intends to defend his name in court in the United States.
Petukhovsky is a serial entrepreneur. In the mid-2000s, he started developing websites for the art of web company, then, according to his own blog, he began to build a "group of companies" that did everything from oil products and games for social networks to a foreign language school that offers to learn language for 16 lessons with polyglot. And in 2014 he created the company m4bank.ru, which made payment devices for banks, and now it is called the Center for Corporate Technologies.
Suex Petukhovsky founded in 2018, as he himself described in the blog (now this page has been removed and can only be viewed in the archive). First, his friend Ivan Petukhovsky (according to both, they are not relatives, but namesakes), co-founder of the Exmo cryptocurrency exchange, told him about buying cryptocurrencies. And then “everything changed when my partner in ART OF WEB Maxim brought Ildar, a very positive and cheerful person, to our office,” wrote Yegor Petukhovsky. Maxim, according to TRM, is another likely investor in Suex. Investigators name two surnames: Subbotin and Kurbangaleev - as if it were one person, but this is not so.
Maxim Subbotin is a lawyer, his law firm Trimfin is registered in the same Federation tower in Moscow City and, judging by the vacancies, specializes in cases related to the purchase and sale of cryptocurrency. Maxim is a native of Kazan, who founded the Blockchain Club there, courses on cryptocurrencies and trading. And also - the founder of the microcredit organization "Finstor", which the Central Bank included in the list of illegal creditors and financial pyramids.
The Ildar mentioned in Petukhovsky's blog is Ildar Zakirov, an OTC trader from Kazan and another co-founder of Suex who publicly associated himself with the company. Petukhovsky called him “a man of success”: it was with the arrival of Zakirov that the Suex business began, he also managed to find the first client, and as a result of the transaction, the company earned decent money - 0.4826 BTC. “The whole piquancy was that Ivan [Petukhovsky. - Approx. editorial staff] was busy and could not deal with our transactions, providing a mechanism for replenishing an account on EXMO, and Ildar, who at that time did not have even the slightest experience of dealing with the exchange, had to make a purchase of cryptocurrencies in real time, placing buy orders right on the exchange ", - wrote Yegor Petukhovsky. Interestingly, after Suex was added to the sanctions list, Exmo stated that it had no connection with Suex.
In addition, the leaders of Suex are called the Czech venture capitalist Tibor Bokor and the Russian Vasily Zhabykin. The latter owns 10% of the shares of the exchanger. Zhabykin confirmed to The New York Times his connection with Suex. According to him, the company was created to develop software for the financial industry. Zhabykin denies any illegal activities of Suex and believes that the US Treasury mistakenly targeted the company. In addition to Suex, Zhabykin was in charge of Neo bank, an experimental subsidiary of MTS Bank. But after this story, he was predictably fired. Kommersant wrote, citing a source, that this decision was dictated solely by US sanctions.
Yegor Petukhovsky also had to part with his other project. In addition to the crypto exchanger, he was the listing director of the popular Telegram cryptocurrency exchange bot Chatex. After the sanctions, he had to leave this business. It is not known whether this will help Chatex - although formally these companies are not connected, they have "extensive corporate and legal relationships," writes TRM: for example, they both belonged at different times to the Estonian company Izibits.
But the story may not end there either: according to Kommersant, the Stopnarkotik movement has already filed applications with the Central Bank and the Ministry of Internal Affairs, in which it described Suex's ties with ExMo, the QIWI group of companies and the Ukrainian bank Concord, which allowed Suex to make payments for drug marketplace Hydra, which has a turnover of $ 1.5 billion per year.