Menu Home

Take one of each: OFAC Cyber, Russia designations

Today, OFAC added the following entity:

GARANTEX EUROPE OU (Latin: GARANTEX EUROPE OÜ), Harju maakond, Kesklinna linnaosa, J., Poska tn 51a/1-3, Tallinn 10150, Estonia; Harju maakond, Lasnamae linnaosa, Peterburi tee 47, Tallinn 11415, Estonia; Moscow, Russia; St. Petersburg, Russia; Website garantex.io; Digital Currency Address - XBT 3Lpoy53K625zVeE47ZasiG5jGkAxJ27kh1; Digital Currency Address - ETH 0x7FF9cFad3877F21d41Da833E2F775dB0569eE3D9; Digital Currency Address - USDT 3E6ZCKRrsdPc35chA9Eftp1h3DLW18NFNV; Business Registration Number 14850239 (Estonia) issued 18 Nov 2019 [RUSSIA-EO14024]. 

under its Russian Harmful Foreign Activities sanctions, and the following entity:

HYDRA MARKET (a.k.a. HYDRA MARKETPLACE; a.k.a. "HYDRA"), Russia; Commonwealth of Independent States; Website http://hydram6esdjf6otepmr5c3vjyndsoddz22afphbbjznwb5ln2c6op7ad.onion/; alt. Website http://hydraclubbioknikokex7njhwuahc2l67lfiz7z36md2jvopda7nchid.onion/; Digital Currency Address - XBT 3K4rjdh8A5yi6LWvft2rbmyZvqEbPSSSX4; alt. Digital Currency Address - XBT 17mhyeBX617ABZ1ffThhUTJkHUcMvCkfd5; alt. Digital Currency Address - XBT 35qwVtMEohWDdBWRiCSR7azoP5cbY8SG1Q; alt. Digital Currency Address - XBT 35KAdTa2vqnJzitF2xiUzZn1Gmcas2Y465; alt. Digital Currency Address - XBT 35LScRJ8hzDvvWh9t9UA8bHGnGNVz3YEfa; alt. Digital Currency Address - XBT 1PJp8diNa89cVHpiT1VPu7EQ8LxYM5HX6v; alt. Digital Currency Address - XBT 17V7THwHMiDJmDwZK4unhE5HgKFJKx7VCe; alt. Digital Currency Address - XBT 3PiCnZrBvGfWAKQ9hr4cCpfaDjy64yNSpE; alt. Digital Currency Address - XBT 14gM1HuLVDELNHaFU22qpabjtiWek4HhV1; alt. Digital Currency Address - XBT 1GYuu9d5HPikafbys3k5Q3DRJq6debGsoB; alt. Digital Currency Address - XBT 3GXdtA6kbb4M5aqzZm5qqxcFDFRMW8LqdJ; alt. Digital Currency Address - XBT 1B11Ezqg3AXjFhMdRq5UpPDpNyriYNVtkn; alt. Digital Currency Address - XBT 16SPDQFFzgsoNSPiFFTfS8Dw8LLXqia4oc; alt. Digital Currency Address - XBT 19pPbUDvoSBZafkUCYkD2Z9AkuqqV6sWm7; alt. Digital Currency Address - XBT 3BQACtiMXYB9JpUMpkEWt9m8BzswpGHq4X; alt. Digital Currency Address - XBT 1DGsY4ww3BJnWXTsnmTgWa6UWdoRXgA1pX; alt. Digital Currency Address - XBT 1GcKLUUXodTQcLcPD7VLMgvCc4hs5Q775; alt. Digital Currency Address - XBT 1EvhBad5wCZYhBoAsGaciV6AvmZ1osLpeJ; alt. Digital Currency Address - XBT bc1qsmv6lkrw65l30yazdqpdjjtwzpvk9f8gfh0cy7; alt. Digital Currency Address - XBT bc1qs9u6j78e3utj08mwvqkkmqm9de5xk3g4yh8qtq; alt. Digital Currency Address - XBT 12VrYZgS1nmf9KHHped24xBb1aLLRpV2cT; alt. Digital Currency Address - XBT bc1q202ajnhxgg9d9jjczmg0g4usp6haqldyy2eakl; alt. Digital Currency Address - XBT 1NbGwQwt4uEhg2srAKppLf8QaF6fbp3PZG; alt. Digital Currency Address - XBT 13LQJQ1oJ9K7PsqsGfjNhoVv6UeU6hgzQz; alt. Digital Currency Address - XBT 1CG1aSCxUnbmv9G34ofxTQoHtuVnMLJtQV; alt. Digital Currency Address - XBT 3Kp8Qc5z7yevDeoQxhS5RSSKnEi5x7AQ43; alt. Digital Currency Address - XBT 331TS6DyASY7iU5CRA8UryBnkPS78fP2B1; alt. Digital Currency Address - XBT 1NvJm3jfZxENNyqws5BKQvhkLxg9chLJdo; alt. Digital Currency Address - XBT 1Licqjca74n8pmNaoARXLLqcTUTHFpxbXH; alt. Digital Currency Address - XBT 175BUqf8JCU1uoG1iTRKTacDa4uvJDUCw2; alt. Digital Currency Address - XBT 1ANpca7g93BwptUJg1zV116v49zn9gjDi3; alt. Digital Currency Address - XBT 1BCWMwpR4M1nYUuuYe2bmzrNuwGoF9ZAbA; alt. Digital Currency Address - XBT 18cFGAdYcvNHkuhXLBE7izQKCyUW8TzCJE; alt. Digital Currency Address - XBT 1QHxyuLGRMHfbNPJikV4Dwhfx45HWfUMWB; alt. Digital Currency Address - XBT 1GnFTy5F9qi5MfaRZfgdg2jkyT5xtAHvd8; alt. Digital Currency Address - XBT bc1quyc6j8ca84q9gjej5jjd2n8hra0vfu0j60fefs57p6e5rerkq07q0l5u3w; alt. Digital Currency Address - XBT 16p2UWTZwXRyK5bTHNVjdDyy1D3EQGsZf2; alt. Digital Currency Address - XBT 1CddRqw7oSPrT4tt5oXKyx2LiHJDPszy7y; alt. Digital Currency Address - XBT 1Hhe61Bwxs8Hd2WxzWY9FQyZicBiZGeSNW; alt. Digital Currency Address - XBT 1D3GuaS9eqKw8dWj9JFQtNufdRtysjSLxZ; alt. Digital Currency Address - XBT 1PWRKxkR5AU7Tc9zPqjdhtu1eGW1QZzs4y; alt. Digital Currency Address - XBT 1D1ej7zQzywWBDNXKNYpmH7Hso2U9koDG4; alt. Digital Currency Address - XBT 3KGQ3hX6eFYtBjTBFSdvdkzHmwZyYWLRQh; alt. Digital Currency Address - XBT 1LKE3XA9bf5JFqtGtCHzWj5QGxKGwMfXZw; alt. Digital Currency Address - XBT 1MtsQsw6n2jvJCWhpCw7jifTfD9Q3rBBVg; alt. Digital Currency Address - XBT 1KkaKujnqwJf7Cbm7JKAZGF3X9d4685m8n; alt. Digital Currency Address - XBT 1Ge8JodC2HiBiEuT7D3MoH6Fak6XrcT9Kf; alt. Digital Currency Address - XBT bc1qsmqpalp3gtgkltag4x3ygevmhh9y2hzk73t2ug; alt. Digital Currency Address - XBT 1E9uUnLbyfToazo95vmM3ysYnzgkrL7GeC; alt. Digital Currency Address - XBT 1HH8eiuaTMucTNyvGCUmAvmCZCtdMi8SqK; alt. Digital Currency Address - XBT 19FQzHibWDhSP8pKmJS3uagFYoisXtehzw; alt. Digital Currency Address - XBT 3DLGfN7hgsWXXSp9euXcnmWXLpFQuswW2t; alt. Digital Currency Address - XBT 1PXxwPVtYxZiCRp9LKq7aKMDFrhAQztvUE; alt. Digital Currency Address - XBT 1Q4tJjH2aBr3AJrzxqa4Z3jPpf5SDgF4jK; alt. Digital Currency Address - XBT 1PYtgFS2t6i57WdDvbRa7kPcsagGMBxzfg; alt. Digital Currency Address - XBT 16ZSAEfYpPCj3D94fsNt2okYj9Ue8mxy6T; alt. Digital Currency Address - XBT bc1qvlzfn6kmezv44d8kw0p5jsmxe6wchv3zc7gsxs; alt. Digital Currency Address - XBT 3QVyoH4u3qT88uChAeJVhfB3r6maZt431y; alt. Digital Currency Address - XBT 1FFS6pX1TCKTNy668Mbk2Lyoem1qB48kYX; alt. Digital Currency Address - XBT 1Dpddb1TMjvmNQeYDqgyd1ww6cmwPJRdSk; alt. Digital Currency Address - XBT 3AjiWiUdKB5mcGUSS9mBeoHCeYJw3Zo8r6; alt. Digital Currency Address - XBT 1EtMuBPQnPCa3cecerdSH1SzydxnhbTmw; alt. Digital Currency Address - XBT 3CCmt5LjQ5yKkaFY1DWC2SbERVEtWRnSRD; alt. Digital Currency Address - XBT 1MQBDeRWsiJBf7K1VGjJ7PWEL6GJXMfmLg; alt. Digital Currency Address - XBT 1MbtT2ZsTtLp7EKZUV9r74cTyqvsMtTP2M; alt. Digital Currency Address - XBT 36yS87PLuW7sErLg1TY26WzaVarTim7AcC; alt. Digital Currency Address - XBT 3AYU365Tcjef7j9pdKF9Xe8rWpEpsH196t; alt. Digital Currency Address - XBT 148LKmyZT3FGE4x1GjsFN6RsAwcjzk5iuE; alt. Digital Currency Address - XBT 16EKTes8ahD8xvwisqjc2xSNLiG3fDHatW; alt. Digital Currency Address - XBT 3GuQjr7kkrR5EjpanMgyAuxuLgrjEUwe21; alt. Digital Currency Address - XBT 35eanEz5iYg2eYaxCtMrR4SCoypFqrBWUH; alt. Digital Currency Address - XBT 3QWUdP5taP4GrRuueVDud1eWetb7hc3wDH; alt. Digital Currency Address - XBT 3Czhm6xqn8odwz6jgTcjRrUjog28v6aVS8; alt. Digital Currency Address - XBT 1F7UL41qYm6TvnExZzPHBCyeENvX3XDEMS; alt. Digital Currency Address - XBT 123WBUDmSJv4GctdVEz6Qq6z8nXSKrJ4KX; alt. Digital Currency Address - XBT 3BCN3WgMRJwULTz1vsEQ7NZrBjwaUBf5Ca; alt. Digital Currency Address - XBT 35SwVFxosV3AsvnrBfzdXarqavRbvDyyxv; alt. Digital Currency Address - XBT 32pCmCWEjwhkLwh5BgLNAeBQFp5Gi1hv81; alt. Digital Currency Address - XBT 1G64TFMFVJTjhJXra6x74BBhsfSyiWaFtT; alt. Digital Currency Address - XBT 1A3iYY4c3dkgNYGewzYzr7EsqfBuWXibGo; alt. Digital Currency Address - XBT 3GAUBtrTtWp1D9yeXgr3wMg8B599QHa5m5; alt. Digital Currency Address - XBT 3HJN4jRa4mdfkey9JR9jUhr86yPwL86A3C; alt. Digital Currency Address - XBT 1EuUMPBCZtSd5pVVFEqmRqUSfU1qy6ASuL; alt. Digital Currency Address - XBT 1Pu1nAW7kCoSMThMs8QcpM8JxuByQDZgH; alt. Digital Currency Address - XBT 3QnWE5GVfQu3wVav91RuFkqip4Ti4NWqAY; alt. Digital Currency Address - XBT 1CNbhgxGRZvsWnEHotfXge7k2E1UPzBDC7; alt. Digital Currency Address - XBT 3HSZc4BLnQBznjSq7JvXgqNCZUUs3M9fZz; alt. Digital Currency Address - XBT 37dDBCexFPraKW4jGSqkE3NyG52YeZQbJx; alt. Digital Currency Address - XBT 1H8sDTTgJPBKw83EBZDLhXvetCbxZUMMZM; alt. Digital Currency Address - XBT 1BvJRBRp9ZZ6zLyuZaZsV7g3xP6JokdZQW; alt. Digital Currency Address - XBT bc1q237mvl0heyw0r38wd3xz8h5mar96rrwpams8pp; alt. Digital Currency Address - XBT 34dxZvijpBM1YkPybczbQ7DuGuKAnULdfS; alt. Digital Currency Address - XBT 1GkLN7DbA9mAtHNzQWNPANcdWbefaz4Gzm; alt. Digital Currency Address - XBT 13hfsQm6oCaDZehfYBSMFiJVAi1jsL6sQd; alt. Digital Currency Address - XBT 1Sf6e4xQv8muMZqYPTdRFf3e5o5eWcg9F; alt. Digital Currency Address - XBT bc1qj6j6p0jdefl6pvdzx3kx8245yy5mz6q4luhzes; alt. Digital Currency Address - XBT 1B3u21itzjgKtm7QsNQNCBpSkwzzeDHqrW; alt. Digital Currency Address - XBT 3JhPsVV3KnL9dBYGSZALS9EbrLr97R865a; alt. Digital Currency Address - XBT bc1qqf8kcc9m57xjqcvsvuf989nnl48ve6d2s24cx3; alt. Digital Currency Address - XBT 1HuYfoEwsfHgZiRhbhJrCd5ST3iksa8KEx; alt. Digital Currency Address - XBT 1J9wJH2bamZVxscXAvoDH4jvtGKb7sYFDm; alt. Digital Currency Address - XBT 34WWXwFKAsXL9zYxbeNPaPV6vDamkjQLUo; alt. Digital Currency Address - XBT 3PDmRwotTkRAFRLGTUrucCERp2JdM1q4ar; alt. Digital Currency Address - XBT 3AFcE2mbSSndcpYFgHoExSmjUc26ef2gQh; alt. Digital Currency Address - XBT 3P6PzdfETr4275Gn3veLkCyDxA1jV8fHKm; alt. Digital Currency Address - XBT 3HRExd8GKFskZC5inmVcpiyy9UWG7FVa6o; alt. Digital Currency Address - XBT 3MP7yBGSW2gkXVRE8S84T2j4KVgPh3rEzv; alt. Digital Currency Address - XBT 1K2fmE9hfhbRNSZoBvCBWZAvsS5idTUxBG; alt. Digital Currency Address - XBT 3ES6pqCueDPCnC4hCqhhYuey6gyiRJZw6E; alt. Digital Currency Address - XBT 3KvBX3jo69Qn8jHy44M33RYoeYcf8DdRBD; alt. Digital Currency Address - XBT 3K26aMKmnrv97Pj6YiFcqiXk2LxeHfhnG3; alt. Digital Currency Address - XBT 3BWP6ZQAhc4j5wR1b95zJAthJEFvhdees7; alt. Digital Currency Address - XBT 3JuSgFrwnrNfuhvR4GpWAPmeJVot4xrEae; alt. Digital Currency Address - XBT 1DKGRGJXGNLAtTeFb9SNPNHtrkZ87q7qKi; alt. Digital Currency Address - XBT 361AkMKNNWYwZRsCE8pPNmoh5aQf4V7g4p; alt. Digital Currency Address - XBT 33fWcMdmsB2Ey4CEbVWbjGFkuevBSyP9nG; alt. Digital Currency Address - XBT 35aTjkBh4yeTypJsi9nuTdoMKHTsawKVgX; Organization Established Date 2015 [CYBER2]. 

under its Cyber-related sanctions. And Treasury spoke about it:

PRESS RELEASES

Treasury Sanctions Russia-Based Hydra, World’s Largest Darknet Market, and Ransomware-Enabling Virtual Currency Exchange Garantex

April 5, 2022

United States, International Partners Carry Out Multilateral Operation Targeting Russian Cybercrime

WASHINGTON – Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the world’s largest and most prominent darknet market, Hydra Market (Hydra), in a coordinated international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site. The operation targeting Hydra was a collaborative initiative joined by the U.S. Department of Justice, Federal Bureau of Investigations, Drug Enforcement Administration, Internal Revenue Service Criminal Investigation, and Homeland Security Investigations. This action was enhanced by international cooperation with the German Federal Criminal Police, who today shut down Hydra servers in Germany and seized $25 million worth of bitcoin.

“The global threat of cybercrime and ransomware that originates in Russia, and the ability of criminal leaders to operate there with impunity, is deeply concerning to the United States,” said Secretary of the Treasury Janet L. Yellen. “Our actions send a message today to criminals that you cannot hide on the darknet or their forums, and you cannot hide in Russia or anywhere else in the world. In coordination with allies and partners, like Germany and Estonia, we will continue to disrupt these networks.”


Darknets are Internet-based networks that individuals use special software to access in a manner designed to obscure the individuals’ identity and their associated Internet activity. Marketplaces that reside on the darknet almost exclusively accept virtual currency as payment for a large range of illegal services and goods, including ransomware-as-a-service (RaaS). Virtual currency is often the payment method of choice on darknet marketplaces because illicit actors who transact on the darknet often incorrectly believe virtual currencies to be an anonymous and untraceable means of exchange. Ransomware payments are also often demanded in virtual currency for similar reasons. Countering ransomware is a top priority of the Administration. Today’s action supports the Administration’s counter-ransomware lines of effort to disrupt ransomware infrastructure and actors in close coordination with international partners. The U.S. and German government’s action today addresses the abuse of virtual currency to launder ransom payments.

Russia is a haven for cybercriminals. Today’s action against Hydra and Garantex builds upon recent sanctions against virtual currency exchanges SUEX and CHATEX, both of which, like Garantex, operated out of Federation Tower in Moscow, Russia. Treasury is committed to taking action against actors that, like Hydra and Garantex, willfully disregard anti-money laundering and countering the financing of terrorism (AML/CFT) obligations and allow their systems to be abused by illicit actors. Wanton disregard for regulations and compliance by persons that run virtual currency exchanges will be rigorously investigated, and where appropriate, perpetrators will be held accountable. Additionally, the United States urges the international community to effectively implement international standards on AML/CFT in the virtual currency area, particularly regarding virtual currency exchanges. The virtual currency industry has a critical role to play in implementing appropriate AML/CFT and sanctions controls to prevent sanctioned persons and other illicit actors from exploiting virtual currencies to undermine the national security of the United States and our partners.

In addition to sanctioning Hydra, OFAC is identifying over 100 virtual currency addresses associated with the entity’s operations that have been used to conduct illicit transactions. Treasury is committed to sharing additional illicit virtual currency addresses as they become available.

As reflected in Executive Order (E.O.) 14067 of March 9, 2022, “Ensuring Responsible Development of Digital Assets,” the Administration supports responsible innovation in digital assets, while prioritizing efforts to identify and mitigate illicit financing risks in the digital asset ecosystem. In the coming month, the Department of the Treasury will publish an updated National Strategy to Combat Illicit Finance, which will highlight planned Treasury efforts to further combat the misuse of virtual currency and exchanges.



HYDRA MARKET: RUSSIA’S MOST PROMINENT DARKNET MARKET


Hydra was launched in 2015 and is the most prominent Russian darknet market, and the largest darknet market left in the world. Hydra’s offerings have included ransomware-as-a-service, hacking services and software, stolen personal information, counterfeit currency, stolen virtual currency, and illicit drugs. Following a sale, Hydra’s vendors have distributed illicit goods dropped anonymously in physical locations, sometimes buried or hidden in an inconspicuous location. Hydra’s buyers received the location after purchase, often using virtual currency, and retrieved the illicit goods.

OFAC’s investigation identified approximately $8 million in ransomware proceeds that transited Hydra’s virtual currency accounts, including from the Ryuk, Sodinokibi, and Conti ransomware variants. According to blockchain researchers, approximately 86 percent of the illicit Bitcoin received directly by Russian virtual currency exchanges in 2019 came from Hydra. Before today’s action, Hydra’s revenue had risen dramatically from under $10 million in 2016, to over $1.3 billion in 2020. This growth in profit is enabled by Hydra’s association with Russian illicit finance. Additional details on the illicit financing risks associated with darknet markets can be found in the National Money Laundering Risk Assessment.

Hydra is being designated pursuant to E.O. 13694, as amended, for being responsible for or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.

VIRTUAL CURRENCY EXCHANGE GARANTEX

Garantex is a virtual currency exchange founded in late 2019 and originally registered in Estonia. Garantex allows customers to buy and sell virtual currencies using fiat currencies. The majority of Garantex’s operations are carried out in Moscow, including at Federation Tower, and St. Petersburg, Russia, where other sanctioned virtual currency exchanges have also operated. Analysis of known Garantex transactions shows that over $100 million in transactions are associated with illicit actors and darknet markets, including nearly $6 million from Russian RaaS gang Conti and also including approximately $2.6 million from Hydra. In February 2022, Garantex lost its license to provide virtual currency services after supervision by Estonia’s Financial Intelligence Unit revealed critical AML/CFT deficiencies and found connections between Garantex and wallets used for criminal activity. Estonian authorities coordinated closely with the Treasury Department during this process. This is the second time in the last six months that Treasury has partnered with the Estonian government in relation to a virtual currency exchange facilitating malicious cyber activity. Despite losing its Estonian license to provide virtual currency services following the Estonian Financial Intelligence Unit’s investigation, Garantex continues to provide services to customers through unscrupulous means.

Garantex is being designated today pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.

Today’s action also reinforces OFAC’s recent public guidance to further cut off avenues for potential sanctions evasion by Russia, in support of the G7 leaders’ commitment to maintain the effectiveness of economic measures. This guidance in the form of Frequently Asked Question 1,021 makes clear that Treasury’s expansive sanctions actions against Russia require all U.S. persons to comply with OFAC regulations, regardless of whether a transaction is denominated in traditional fiat currency or virtual currency. Sanctioned Russian persons are known to employ a wide variety of measures in their efforts to evade U.S. and international sanctions. As such, U.S. persons, wherever located, including firms that process virtual currency transactions, must be vigilant against attempts to circumvent OFAC regulations and must take risk-based steps to ensure they do not engage in prohibited transactions. OFAC is closely monitoring any efforts to circumvent or violate Russia-related sanctions, including through the use of virtual currency, and is committed to using its broad enforcement authorities to act against violations and to promote compliance.

While most virtual currency activity is licit, virtual currencies can be used for illicit activity, including sanctions evasion through darknet markets, peer-to-peer exchangers, mixers, and exchanges. This includes the facilitation of ransomware schemes and other cybercrimes. Some virtual currency exchanges are exploited by malicious actors, but others, as is the case with Garantex, Suex, and Chatex, facilitate illicit activities for their own gains. Treasury continues to use its authorities against malicious cyber actors and their facilitators in concert with other U.S. departments and agencies, as well as our foreign partners, to disrupt financial nodes tied to ransomware payments, cyber-attacks, and other illicit activity.

SANCTIONS IMPLICATIONS

As a result of today’s action, all property and interests in property of the individuals and entities described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked. All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt. These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.

Links:

OFAC Notice

Treasury Press Release

Categories: Cyber sanctions OFAC Updates Russian Harmful Foreign Activities Sanctions Sanctions Lists

eric9to5

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: