Menu Home

OFAC adds cyber-related Russians…

OFAC added the following persons to its cyber-related sanctions today:

KARASAVIDI, Dmitrii (Cyrillic: КАРАСАВИДИ, Дмитрий) (a.k.a. KARASAVIDI, Dmitriy), Moscow, Russia; DOB 09 Jul 1985; Email Address 2000@911.af; alt. Email Address dm.karasavi@yandex.ru; Gender Male; Digital Currency Address – XBT 1Q6saNmqKkyFB9mFR68Ck8F7Dp7dTopF2W; alt. Digital Currency Address – XBT 1DDA93oZPn7wte2eR1ABwcFoxUFxkKMwCf; Digital Currency Address – ETH 0xd882cfc20f52f2599d84b8e8d58c7fb62cfe344b; Digital Currency Address – XMR 5be5543ff73456ab9f2d207887e2af87322c651ea1a873c5b25b7ffae456c320; Digital Currency Address – LTC LNwgtMxcKUQ51dw7bQL1yPQjBVZh6QEqsd; Digital Currency Address – ZEC t1g7wowvQ8gn2v8jrU1biyJ26sieNqNsBJy; Digital Currency Address – DASH XnPFsRWTaSgiVauosEwQ6dEitGYXgwznz2; Digital Currency Address – BTG GPwg61XoHqQPNmAucFACuQ5H9sGCDv9TpS; Digital Currency Address – ETC 0xd882cfc20f52f2599d84b8e8d58c7fb62cfe344b; Passport 75 5276391 (Russia) expires 29 Jun 2027 (individual) [CYBER2]. 
 
POTEKHIN, Danil (Cyrillic: ПОТЕХИН, Данил) (a.k.a. “cronuswar”; a.k.a. “SERGEY, Kireev Valerievich”), Voronezh, Russia; DOB 14 Sep 1995; alt. DOB 14 Sep 1990; alt. DOB 08 Aug 1990; Email Address potekhinl4@bk.ru; Gender Male; Digital Currency Address – XBT 1Q9UAQbcDezmyouFrzt94t4dSMxgsUfW1X; alt. Digital Currency Address – XBT 1Kys8fqDen8NGFUJ6AFcXfFW5qquuTH4eh; Digital Currency Address – ETH 0x7F367cC41522cE07553e823bf3be79A889DEbe1B (individual) [CYBER2]. 

A quick glossary of cryptocurrency codes:

  • XBT: Bitcoin
  • ETH: Ehtereum
  • LTC: Litecoin
  • ZEC*: ZCash
  • DASH*: Dash
  • BTG: Bitcoin Gold
  • ETC: Ethereum Classic
  • XMR*: Monero

The ones with asterisks are privacy coins – Dash apparently allows those features to be turned on and off. “Privacy” means untraceable.

And the State Department:

Today, in a coordinated action with the U.S. Department of Justice and the U.S. Department of Homeland Security, the U.S. Department of the Treasury sanctioned two Russian nationals for their involvement in a sophisticated phishing campaign in 2017 and 2018 that targeted customers of two U.S.-based, and one foreign-based, virtual asset service providers, commonly known as cryptocurrency exchanges. American citizens and businesses were among the victims of this malicious cyber-enabled activity, which resulted in combined losses of at least $16.8 million.

The two individuals sanctioned today, Danil Potekhin and Dmitrii Karasavidi, are being designated pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, which targets malicious cyber-enabled activities, including those related to the significant misappropriation of funds or personal identifiers for private financial gain. Potekhin and Karasavidi are also the subjects of an indictment unsealed today by the Department of Justice.

The United States will continue to promote accountability among malign actors seeking to undermine our economic security. Today’s coordinated action demonstrates our commitment to deterring cybercrimes, which would otherwise impose great costs on Americans.

and Treasury Department:

PRESS RELEASES

Treasury Sanctions Russian Cyber Actors for Virtual Currency Theft

Washington – Today, in a coordinated action with the U.S. Department of Justice and the U.S. Department of Homeland Security, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two Russian nationals for their involvement in a sophisticated phishing campaign in 2017 and 2018 that targeted customers of two U.S.-based and one foreign-based virtual asset service providers. American citizens and businesses were among the victims of this malicious cyber-enabled activity, which resulted in combined losses of at least $16.8 million.

“The individuals who administered this scheme defrauded American citizens, businesses, and others by deceiving them and stealing virtual currency from their accounts,” said Secretary Steven T. Mnuchin. “The Treasury Department will continue to use our authorities to target cybercriminals and remains committed to the safe and secure use of emerging technologies in the financial sector.”

Danil Potekhin (Potekhin) and Dmitrii Karasavidi (Karasavidi) are being designated pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, which targets malicious cyber-enabled activities, including those related to the significant misappropriation of funds or personal identifiers for private financial gain. Potekhin and Karasavidi are also the subjects of an indictment unsealed today by the Department of Justice.

Potekhin created numerous web domains that mimicked those of legitimate virtual currency exchanges. This tactic, known as spoofing, exploits Internet users’ trust in known companies and organizations to fraudulently obtain their personal information. When unwitting customers accessed Potekhin’s spoofed websites and entered their login information, Potekhin and his accomplices stole their login credentials and gained access to their real accounts. The attackers then employed a variety of methods to exfiltrate their ill-gotten virtual currency: using exchange accounts created using fictitious or stolen identities; circumventing exchanges’ internal controls; swapping into different types of virtual currency; moving virtual currency through multiple intermediary addresses; and a market manipulation scheme in which inexpensive virtual currency was purchased at a fast rate to increase demand and price, then quickly sold for a higher price to glean quick profit. Karasavidi laundered the proceeds of the attacks into an account in his name. He attempted to conceal the nature and source of the funds by transferring them in a layered and sophisticated manner through multiple accounts and multiple virtual currency blockchains. Ultimately, the stolen virtual currency was traced to Karasavidi’s account, and millions of dollars in virtual currency and U.S. dollars was seized in a forfeiture action by the United States Secret Service.

Potekhin and Karasavidi’s actions underscore the evolving threat that global financial institutions face from cybercriminals, who employ a variety of sophisticated schemes to profit at their victims’ expense.

OFAC closely coordinated today’s action with the United States Secret Service’s San Francisco Field Office and with the U.S. Attorney’s Office for the Northern District of California. Treasury is committed to collaborating with law enforcement to respond to evolving threats from malicious actors who exploit virtual currencies and target legitimate virtual asset service providers and their customers.

“Since its inception in 1865 to combat U.S. currency counterfeiting, the Secret Service has remained committed to safeguarding the Nation’s financial infrastructure. The Secret Service mission has evolved to combat cyber fraud by tracing and seizing fraudulently obtained virtual currencies. These recent actions highlight the efforts of law enforcement to provide attribution to cybercriminals wherever they may reside,” said Special Agent in Charge David Smith, U.S. Secret Service Criminal Investigative Division.

Today’s action demonstrates the important role that a robust anti-money laundering and countering the financing of terrorism (AML/CFT) regime plays in deterring cybercrimes. As Potekhin and Karasavidi resorted to complex schemes to circumvent exchanges’ compliance controls, they created a trail of evidence that helped investigators to identify them and hold them accountable. Because profit-motivated cybercriminals must launder their misappropriated funds, AML/CFT regimes pose a critical chokepoint in countering and deterring this criminal activity. The United States will continue to lead in AML/CFT regulation and supervision of digital assets to prevent their misuse by illicit actors.

View identifying information on the individuals designated today.

As a result of today’s action, all property and interests in property of the designated persons that are in the possession or control of U.S. persons or within or transiting the United States are blocked, and U.S. persons generally are prohibited from dealing with them.

For additional information regarding illicit activity involving virtual currency, please see the May 2019 FinCEN advisory.

issued press releases.

Links:

OFAC Notice

State Department Press Release

Treasury Department Press Release

Categories: Cyber sanctions OFAC Updates Sanctions Lists

eric9to5

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: