In brief

  • Chatex is a P2P crypto exchange.
  • The Treasury Department says it's been facilitating ransomware payments.

Remember when President Joe Biden vowed to go after ransomware actors? Not only is it happening, but it's bleeding over into the cryptocurrency ecosystem.

The Office of Foreign Assets Controls (OFAC), the U.S. Treasury Department's enforcement agency for economic sanctions, today placed global cryptocurrency exchange Chatex on its sanctions list alongside three companies that allegedly provide it with infrastructure support—Estonia-based IZIBITS OU, Latvia-based Chatextech SIA, and Hightrade Finance Ltd from St. Vincent and Grenadines—as well as a Ukrainian and a Russian national who allegedly operated recent ransomware attacks.

Ransomware is malicious software that hackers use to take control of individual computers or computer networks and lock the owners out; the attackers then demand payment, often in the form of Bitcoin or privacy coin Monero, to restore access.

"Analysis of Chatex’s known transactions indicate that over half are directly traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware," wrote the Treasury Department in a press release today.


The Treasury Department claims Chatex, which facilitates peer-to-peer trades via social network Telegram, has "direct ties" to Suex, a cryptocurrency exchange it sanctioned on September 21 for facilitating payments for hackers. The sanctions mean that any Chatex assets in the U.S. are blocked and that American citizens and companies may not legally conduct most business with Chatex or its affiliates. The governments of Latvia and Estonia have already suspended the registrations of Chatextech and Izibits OU, respectively, according to OFAC. 

OFAC has also added Ukraine national Yaroslav Vasinskyi and Russia national Yevgeniy Polyanin to its sanctions list, the former for his alleged role in deploying ransomware against Kaseya, an IT software provider that was on the receiving end of a $70 million ransomware attack in July. The Treasury believes that both men are involved with Sodinokibi/REvil, an Eastern European hacking group that has raked in more than $200 million in Bitcoin and Monero ransoms.

That's a hefty chunk of the $590 million in reported ransomware payments the administration cited today. 

“Ransomware groups and criminal organizations have targeted American businesses and public institutions of all sizes and across sectors, seeking to undermine the backbone of our economy,” Deputy Secretary of the Treasury Wally Adeyemo wrote, before concluding: "This is a top priority for the Biden Administration.”


Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.