“Simple registration without the “know-your-customer” procedure: no selfies or passports are required” – this is how Bitzlato, a peer-to-peer cryptocurrency exchange platform, attracted new customers from its main page. Now the service’s website is unavailable, and its founder, Russian Anatoly Legkodymov, has been arrested in the United States. As the US Department of Justice points out, due to the fact that Bitzlato did not pay attention to KYC (know-your-customer) procedures, the service became a “haven” for “dirty” money – with its help, criminals could profit from illegal business, including drug trafficking and stealing money with malware. In total, according to investigators, more than $700 million of criminal money passed through Bitzlato.
The actions of U.S. law enforcement “send a clear signal: whether you are violating our laws from China or Europe, or abusing our financial system from a tropical island, you can expect to answer for your crimes in the United States courtroom,” said Lisa Monaco, Deputy Attorney General of the United States.
It is not yet clear when Bitzlato customers who have stored their assets on the service’s wallets will be able to receive them. On the morning of January 18, on the eve of the announcement by the US Department of Justice about the arrest of Legkodymov, the Bitzlato News Telegram channel announced that the service had been hacked, and part of the funds had been withdrawn. The message also said that the withdrawal of funds “will be suspended indefinitely.” At the same time, the exchange assured users that the withdrawal will work “in two or three days, after the completion of technical work.” Bitzlato later reported that the company’s servers in France were “taken over by the FBI” as well as some of the users’ funds. Since January 20, there have been no new messages in the Telegram channel of the Bitzlato team. A plaque on the main page of the Bitzlato website states that the site has been “arrested by the French National Gendarmerie to Combat Organized Crime and Cybercrime” as part of an international operation.
Who is Anatoly Legkodymov and how did his service attract the attention of the FBI and American financial intelligence?
What is known about Legkodymov and Bitzlato
In the court documents in the Bitzlato case, Legkodymov’s biography is sparingly covered – it is only indicated that he is 40 years old, he constantly lives in the Chinese city of Shenzhen, and at the end of last year he arrived in Miami (Florida). In the SPARK-Interfax database, there is only one person whose name and age match the name and age of the person involved in the case – Anatoly Viktorovich Legkodymov, a native of Krasnodar, born in 1982. In 2014, he registered an individual entrepreneur, indicating “development of computer software” as his main activity. On popular forums for programmers, including on Habré, you can also find a user with the nickname legkodymov – in the profile in the column “From” he has the Krasnodar Territory. His blog posts on Habré are devoted, in particular, to digital currencies, bitcoin mining, and the collapse of the MtGox crypto exchange.
In 2016, Legkodymov, according to SPARK, becomes a co-owner and director in A-XVT. The company, as stated on its YouTube channel, is developing its own models of miners and building data centers. However, a year later he leaves the company.
It is on the development and production of mining equipment, as well as the construction of data centers, that the Bitzlato business was initially focused, follows from the information on the company’s website. However, in 2016 the company decided to develop a new direction — peer-to-peer crypto exchanges in Telegram. The first exchanger – BTC_CHANGE_BOT – allowed to change bitcoins, subsequently bots were launched to exchange five more cryptocurrencies – Ethereum, Litecoin, Dash, Bitcoin Cash and Dogecoin. One of these bots was advertised on Reddit by a user named legkodymov in 2018, noting that it was “a bot with a two-year history.” In the same year, after the Russian authorities blocked Telegram, the creators of the bot created a web version of the exchangers – the website bitzlato.com.
Total quotes from TradingView
Bitzlato has never been a classic crypto exchange, it is a platform for exchanging cryptocurrencies for fiat funds and back through peer-to-peer, Dmitry Machikhin, founder of the BitOK crypto asset analytics service, notes. Bitzlato positioned its p2p service as “a reliable way to get hryvnias, rubles and tenge to accounts in Privatbank, Sberbank or Qiwi”, exchanging cryptocurrency for them.
As stated in the testimony of US FBI Special Agent Ryan Rogers, filed in the US District Court for the Eastern District of New York, Bitzlato Limited was registered in Hong Kong. Since May 2018, it has processed about $4.58 billion worth of cryptocurrency transactions. Rogers points out that Legkodymov is not the only beneficiary of Bitzlato, but does not disclose the name of his partner with whom the Russian shared control of the company. Despite the fact that the company was registered in Hong Kong, de facto, according to FinCEN (American financial intelligence) with reference to “a study conducted by a blockchain analysis company,” Bitzlato operated from Moscow City. In November 2021, Bloomberg wrote that the Vostok tower of the Federation complex in Moscow City has become one of the world’s centers for cashing out digital currencies.
If you look at how much cryptocurrency was stored on Bitzlato, then the figure will be quite modest – according to Arkham Intelligence, at the maximum amount was only $6.6 million. For comparison, Binance, the largest crypto exchange in the world, this figure exceeds $60 billion. However, this is the specificity of small crypto exchanges – unlike Coinbase or Binance, users mainly use them not as a place to store their cryptocurrency assets, but as a “bridge” between the sender and the recipient. On such platforms, the cryptocurrency can be only a few minutes, notes CNBC.
Drugs, hackers, pyramid schemes
Where did the assets come from to Bitzlato and where did they end up? According to FinCEN, the bulk of the funds came from Hydra, the world’s largest black marketplace, where users bought and sold weapons, drugs and other illegal goods and services. In April 2022, thanks to the joint efforts of Germany and the United States, Hydra was closed, and cryptocurrencies worth more than $25 million were seized from its bitcoin wallets. At the same time, FinCEN is convinced that the bulk of clients and service providers on Hydra were from Russia. In total, Bitzlato conducted almost 1.5 million transactions with Hydra in less than four years, becoming the second largest counterparty for this darknet market. A significant portion of the cryptocurrency received by Hydra was sent directly from wallets to Bitzlato, the FBI points out. After analyzing the blockchain, the bureau’s specialists determined that from May 2018 to April 2022, Hydra users sent about $170.6 million in cryptocurrency to Bitzlato wallets. Another $218.7 million from Hydra was first sent to other services, but then eventually transferred to Bitzlato anyway. Moreover, even after the closure of Hydra, Bitzlato continued operations with other darknet markets – BlackSprut, OMG!OMG! and Mega.
Large volumes also went to the stock exchange from Finiko, which was recognized in Russia as a financial pyramid, and a criminal case was opened against the creators. All calculations within the framework of the pyramid were carried out in the internal currency – “digits”, which had to be bought for bitcoins or Tether steinecoins. Bitzlato’s smaller counterparties include the sanctioned “crypto bank” Chatex and Russian hackers from the Darkside group, which was behind the attack on the US pipeline operator Colonial Pipeline in May 2021.
The cryptocurrency was withdrawn from Bitzlato primarily to Binance. The next counterparties in terms of transaction volume are the same Hydra and Finiko. According to the blockchain analysis cited by FinCEN, in 2019-2021, $206 million from darknet markets passed through Bitzlato, $224 million from fraudulent projects, another $9 million from ransomware hackers, including from the Russian group of “hackers- Patriots” Conti. As a result, such transactions accounted for 48% of the total volume of Bizlato transactions in these two years. This is even more than that of another crypto exchange from Moscow City – SUEX, which in September 2021 became the first crypto exchange to fall under the toughest US sanctions – on the SDN list.
To illustrate Bitzlato’s reputation with scammers, Rogers of the FBI cites a correspondence dated late 2021 from one of the Russian-language cybercrime forums on the dark web. A forum participant said that he met people in one of the Asian capitals who have a lot of bitcoins and asked for advice on how to steal them and launder money. Another user noted that when laundering, it is better to avoid cryptocurrency exchanges that are compatible with Western standards, and it is worth using exchangers from the CIS, such as Bitzlato, which “are unlikely to give you up to some clowns from an Asian hole.”
Anarchy in KYC
All this happened because Bitzlato did not implement a high-quality Know Your Customer (KYS) system, a procedure in which a financial service can identify its users. So, when registering customers, Bitzlato did not ask them for passport data or a selfie with documents. The only thing needed to become a Bitzlato customer was email. Such an approach – “no KYC” – was noted among the advantages in internal correspondence even by the marketing director of the company (the FBI later got acquainted with the document).
At the same time, Bitzlato employees and management were aware of how their service was being used, Rogers emphasizes. There were constant questions in the Bitzlato support chat about transactions with Hydra and money laundering. Although users were sometimes blocked for such transactions, in other cases, Bitzlato employees provided the necessary advice. Support was also calm about buying accounts and using fake bank cards.
The fact that Legkodymov knew about dirty money on the exchange is also evidenced by his correspondence with colleagues, which was at the disposal of the FBI. Thus, in correspondence with Legkodymov, the second co-owner of Bitzlato, whose name was not named, indicates that “if we seriously declare the fight against drug dealers, they will simply dump them on another site.” The co-owner offered Legkodymov “to fight them formally, that is, to block them once a month, when they (drug dealers) can clearly be detected.”
Later, the second co-owner again wrote to colleagues and Legkodymov that “Bitzlato clients are drug addicts who buy drugs on the Hydra website and similar resources.” Legkodymov responded that Bitzlato could expand by offering anonymous financial services to ordinary people, such as taxi drivers, since everyone wants to keep their identities private. “You understand that 90 percent of clients do not trade under their real name,” Legkodymov noted in another letter.
Despite the fact that there was a section on the Bitzlato website that indicated compliance with the principles of KYC and anti-laundering practices, this had almost no effect on the real state of affairs, states FinCEN.
Dangerous business
Although Bitzlato is registered in Hong Kong, the fact that the service had customers from the United States was sufficient reason for US law enforcement to investigate its activities. To prove this, the FBI used their secret informant, who is listed in the documents under the name CHS-1. He tried to register on the service with non-US documents, but from a US IP address, and the service did not block his access. According to internal information from the company, in July 2022 alone, Bitzlato received 264 million visits from US IP addresses. The company also allowed transactions from US bank cards, and customers of US-registered crypto exchanges transferred money from their wallets to Bitzlato. In addition, the activities of Bitzlato, according to FinCEN, fall under the criteria of a special Law on Combating Russian Money Laundering (Combating Russian Money Laundering Act), which prescribes to take action against the company if its main purpose is money laundering and connection with illegal income from Russia . Considering Bitzlato’s largest counterparties, the US authorities considered that the criterion of the law was met.
This is not the first time that US intelligence agencies have arrested Russian crypto entrepreneurs. In 2017, the arrest of the founder of the BTC-e crypto exchange Alexander Vinnik, who was accused of money laundering using the crypto exchange, made a lot of noise. The Vinnik exchange, like the Legkodymov service, was not properly registered in the United States. US law requires that financial services organizations be registered within 180 days from the date of commencement of activity. Registration must be renewed every two years. Organizations located abroad, but working with Americans, must be licensed and appoint an agent who will be located in the United States.
BTC-e processed user transactions on American servers, and also allowed US clients to use its exchange. This was enough to link the work of the exchange with American users and arrest its owner. In August 2022, Vinnik appeared before an American court for the first time, he faces up to 50 years in prison. The next meeting is scheduled for February 14, 2023.
In 2020, the FBI arrested another Russian, Maxim Boyko. As a result of the investigation, it was found that Boyko could launder money through the BTC-e exchange since 2015. In 2017, according to the case file, the suspect had approximately $390,000 worth of cryptocurrencies.
A similar accusation of money laundering using a crypto exchange was received in 2021 by Russian Denis Dubnikov. The US authorities believe that Dubnikov helped the “Russian” hacker group Ryuk legalize their income and “laundered” at least $400 million. Dubnikov was detained in the Netherlands, and at the end of the summer of 2022 he was extradited to the United States.
According to Grigory Groysman, a lawyer from the team of Russian-speaking lawyers in the United States Bukh Law, “the US federal prosecutor’s office rarely makes mistakes and carefully prepares for the case.” “When a person is arrested, the case for him is already ready. A person has been followed for many years, taking testimonies from many people from his environment, collecting information from e-mail, requesting data from Google,” Groysman adds. According to him, sister Legkodymova has already applied to their law firm, but so far they have not agreed to sign the contract. The founder of Bukh Law, Arkady Bukh, also represented other Russian citizens in similar cases with the FBI, such as Denis Dubnikov and hacker Alexei Belan, who was accused by the FBI of collaborating with the FSB and spying for Russia. At the same time, according to Groisman, Legkodymova’s sister said that several more Bitzlato employees needed legal assistance, but did not name them. Forbes failed to contact Legkodymov’s sister. Legkodymov himself is now in a Florida prison, and later must be extradited to New York for further investigation and trial, the lawyer adds.
In the meantime, arrests in the Bitzlato case continue, already in Europe. On January 23, Europol announced the detention of the CEO, CFO and marketing director of Bitzlato in Spain. His name is not called. Another person associated with the company was detained in Cyprus, another was interrogated in Portugal. Europol does not disclose their names either. The post of CEO in the company was occupied by Mikhail Lunev, Forbes found that, in particular, in this capacity, he spoke at the “intensive” “How to make stable money on the exchange of cryptocurrencies.” He did not respond to messages from a Forbes correspondent on Telegram. So did the Bitzlato News administrators and Alexander Goncharenko, who, according to his LinkedIn profile, was Bitzlato’s director of marketing until February 2022.
Who is next?
The weak procedure for identifying users of Bitzlato is rather a standard situation in the crypto exchange market, Dmitry Machikhin from the BitOK service admits. So far, only large centralized exchanges and exchangers have reached the stage of KYC, and most crypto-financial services do not conduct a thorough check of their customers and their transactions, he states. The head of the InDeFi Smart Bank financial platform, Sergey Mendeleev, recalls that even a few years ago, even the largest exchange, Binance, did not require identification if the user’s money turnover was small, up to a couple of bitcoins per day. Fraudsters and dark dealers willingly used this, Mendeleev recalls.
However, the “common practice” of not identifying users several years ago is not a basis for exonerating the owners of crypto exchanges, Andrey Kutyin, founder of Match Systems, a provider of data on criminal cryptocurrency addresses, emphasizes. “As practice shows, even after a few years, American justice finds options on how to prosecute those who voluntarily or unknowingly contributed to the activities of malefactors through cryptocurrencies,” Kutyin concludes.
According to Match Systems analysis, Bitzlato clusters contained between 10% and 30% of high-risk assets – stolen cryptocurrencies, money from sanctioned individuals or from the dark web, money obtained through extortion, and so on. He notes that many of these transactions were made several years ago or became high-risk after additional markup was introduced (as is the case with all assets of the Garantex cryptocurrency exchange after it was included in the US sanctions lists). If such transactions are excluded from the overall picture, then the degree of asset pollution on Bitzlato becomes not so high, Kutyin notes.
According to Stanislav Rozhdestvensky, Analyst Director of the CoinKit anti-money laundering system, the operation against Bitzlato should not be called part of the “hunt for Russians”, because funds from dubious transactions did indeed pass through the exchange. In addition, now the attention of law enforcement officers is attracted not only by exchanges with Russian roots – just remember the same FTX, recalls Rozhdestvensky.