Pages

11 October 2022

The Fight to Cut Off the Crypto Fueling Russia’s Ukraine Invasion

ANDY GREENBERG

AS RUSSIAN TROOPS have flooded into Ukraine’s borders for the past eight months—and with an ongoing mobilization of hundreds of thousands more underway—the Western world has taken drastic measures to cut the economic ties that fuel Russia’s invasion and occupation. But even as those global sanctions have carefully excised Russia from global commerce, millions of dollars have continued to flow directly to Russian military and paramilitary groups in a form that’s proven harder to control: cryptocurrency.

Since Russia launched its full-blown invasion of Ukraine in February, at least $4 million worth of cryptocurrency has been collected by groups supporting Russia’s military in Ukraine, researchers have found. According to analyses by cryptocurrency-tracing firms Chainalysis, Elliptic, and TRM Labs, as well as investigators at Binance, the world’s largest cryptocurrency exchange, recipients include paramilitary groups offering ammunition and equipment, military contractors, and weapons manufacturers. That flow of funds, often to officially sanctioned groups, shows no sign of abating and may even be accelerating: Chainalysis traced roughly $1.8 million in funding to the Russian military groups in just the past two months, nearly matching the $2.2 million it found the groups received in the five months prior. And despite the ability to trace those funds, freezing or blocking them has proven difficult, due largely to unregulated or sanctioned cryptocurrency exchanges—most of them based in Russia—cashing out millions in donations earmarked for invaders.

“Our aim is to identify all the crypto wallets being used by Russian military groups and the people helping them; to find, seize and block all this activity that is helping to buy the bullets, the ammunition of this occupation,” says Serhii Kropyva, who until recently served as deputy of Ukraine’s Cyber Police and advisor to the country’s prosecutor general. “With the close cooperation of companies like Chainalysis and Binance, we can see all the wallets involved in this criminal activity, these money flows of millions of dollars. But we can, unfortunately, see that the transfer is continuing all the time.”

In separate reports, the cryptocurrency-tracing firms and Binance’s investigations team each tracked donations to the Russian war effort that very often began with public posts on the messaging app Telegram soliciting crowdfunded donations. Chainalysis, for instance, found Telegram posts from organizations including the pro-Russian media sites Rybar and Southfront, as well as the paramilitary group Rusich—which has ties to the notorious Wagner mercenary group—all posting cryptocurrency donation addresses to Telegram. These posts told followers that the money raised there would be used for everything from weaponized drones to radios, rifle accessories, and body armor. In another instance, Chainalysis points to a fundraiser by a group called Project Terricon that attempted to auction NFTs to support pro-Russian militia groups in Eastern Ukraine, though the NFTs were removed from the marketplace they were hosted on before any bids were placed.

Binance’s investigations team, in its own report, found that a total of $4.2 million in crypto had been funneled to Russian military groups since February. The groups named in its research didn’t entirely overlap with those named in Chainalysis’ report, suggesting that the overall funding could be far greater than either Binance’s or Chainalysis’ total. Binance, for instance, points to a pro-Russian “cultural heritage” group known as MOO Veche that has carried out fundraisers for military equipment similar to the kinds funded by the groups Chainalysis flagged. While Binance, TRM Labs, and Elliptic all name MOO Veche as a major fundraiser, Elliptic traced $1.7 million in crypto donations to the group, far more than the other researchers.

A screenshot of a Russian-language Telegram post from the pro-Russian military MOO Veche group, describing equipment paid for with its fundraising, including “thermal imagers, binoculars with rangefinders, spotting scopes, car radios, collimators and first aid kits.“

 TELEGRAM VIA ANDY GREENBERG

Other organizations that Binance spotted raising money through cryptocurrency crowdfunding on Telegram include the pro-Russian nationalist groups Save Donbas and REAR, as well as the Russian arms manufacturer Lobaev, which it saw directly soliciting donations on the platform. Yet another group, known as Romanov Light, whose fundraising was spotted by TRM Labs and Elliptic, claimed to be collecting crypto for Russian special forces. Romanov Light raised as much as $330,000 worth of donations, according to Elliptic, which it told donors it spent on military equipment like weapon accessories, flashlights, and armor plates.

Despite the relative clarity of all that financial tracing, preventing cryptocurrency from continuing to bolster Russia’s unprovoked incursion into Ukraine hasn’t been simple. Exchanges can block or freeze funds at the points where they’re exchanged for traditional currency. But according to Chainalysis, the majority of the crypto funds the groups have raised have been cashed out through what the company calls "high-risk" Russian exchanges with little to no precautions against criminal money-laundering. In previous reports, Chainalysis has named Chatex, Suex, and Garantex as examples of those Russia-based rogue exchanges—all of which have already been targeted with Western sanctions for their extensive use by criminals. Chatex and Garantex did not respond to WIRED’s request for comment. Suex no longer appears to have a public website, and no contact information for the exchange could be found.

Not every exchange that has served as an ATM for Russian military crypto crowdfunding is hosted in Russia, however. Blockchain analysts who spoke to WIRED pointed to seven other exchange services, some hosted in India and China, that have received funds from the pro-Russian groups they tracked, though they declined to name them on the record, in part because the amounts of those funds in most cases were in the single-digit thousands or less.

In one telling example of how hard it is to prevent these cash-outs, however, analysts saw MOO Veche send more than $150,000 worth of bitcoin to an exchange hosted on the infrastructure of the Chinese cryptocurrency exchange Huobi—a “nested” exchange that essentially uses Huobi as its trading platform. But any responsibility that Huobi might have for blocking or freezing those funds was complicated by another unknown intermediary service that analysts saw the money travel through before entering the Huobi-hosted service. When WIRED reached out to Huobi for comment, it wrote in a statement that it has a “know-your-customer” process “which ensures to the best of our ability that our clients’ source of funds are above board.”

Binance, for its part, says its exchange accounts were also used by four of the groups it tracked and received more than $208,000 worth of cryptocurrencies. It tells WIRED that it froze all four accounts it discovered. “We’re making sure that no harm comes to civilians as a result of the fundraising that happens in these extremist spaces,” says Jennifer Hicks, who manages Binance’s intelligence and investigations team. “When cryptocurrency exchanges know that something illicit is happening that will end in real-world, kinetic effects like this, it’s the exchange’s responsibility to put a stop to it as fast as possible.”

Even when exchanges do monitor for crypto sent from sanctioned groups like these pro-Russian fundraisers, that dirty money won’t always be straightforward to detect, warns Thibaud Madelin, who leads research at Elliptic. He says he’s increasingly seeing Russian sources of illicit funds use “bridges” or “coin swaps”—services that allow easy trading of one cryptocurrency for another, often without offering any identifying information—as money-laundering techniques. He’s watched those tools grow in popularity among dark-web black markets and cybercriminal users and expects the same will happen with those seeking to launder illicit arms funding. “It’s a bit early to say definitively. But what we’re seeing is that it’s likely to become a bigger problem,” says Madelin. “They’re likely to mirror the methodologies seen across dark net services users, enabling large-scale money laundering and potentially sanctions evasion.”

No comments:

Post a Comment