Looking through hundreds of licensed companieswe found links to Russian intelligence, extensive money laundering operations, dozens of cases of international fraud and a serious lack of transparency: contract workers, fake profiles and suspicious company owners.
We requested data on licenses of virtual service providers in Estonia for the years 2017-2022 from the Estonian Register of Economic Activities. The data included 1,644 companies, license numbers, dates, addresses, bank accounts and information about people applying for licenses on behalf of the companies. We then combined this data with financial and historical records from the Estonian company registry, shedding light on international connections and beneficial owners.
We then combined this data with similar data sets from Lithuania and matched all companies with a crowdsourced financial intelligence service FinTelegram for any existing public warnings. After analyzing the data, we identified and studied 291 of the 1,644 companies that met several of our specific criteria: they did not voluntarily relinquish their license; they have established connections with a crypto-licensed company in Lithuania; they had ties to a country flagged for money laundering concerns; or they were written about in FinTelegram.
Although more than 1,500 crypto companies have lost their licenses since the Estonian state began correcting regulatory flaws, this has not meant that operators have gone out of business. Many of them have moved to other European jurisdictions, such as Lithuania, where there are now more than 800 virtual asset companies.
The flow to Rusich wallets represents only a small part of the illegal funds flowing through the Garantex exchange. According to materials provided to us by the International Consortium of Investigative Journalists (ICIJ), citing blockchain analysis tool Global Ledger, Garantex exchanged huge profits with Hydra – a now defunct Russian darknet market that sells illegal goods, drugs, documents and allows you to receive money and money laundering services.
Between April 2021 and April 2022, approximately 2,505 Bitcoins from Garantex entered Hydra wallets, although it was managed from Estonia. In turn, 966 bitcoins received from Hydra wallets ended up in Garantex Europe wallets. Based on the value of Bitcoin at the time, this amounts to at least €138.6 million in proceeds linked to the criminal market selling drugs and offering money laundering services.
For example, Garantex also has connections to a number of wallets transacting with the Lazarus Group, a North Korean cybercrime group, and with Ivan Vasilievich Vakhromeyev (also known as “Mushroom”), a wanted cybercriminal associated with Conti, a cybercrime group with ties to Russian intelligence. According to US data, Garantex’s illegal transactions with Conti amount to $6 million. Also included in the network is Blacksprut, a Russian-language drug-focused darknet platform that has attracted many former Hydra clients.
In December 2021, five months before Garantex was sanctioned in the US, its “offices” (essentially premises provided by a law firm) in Tallinn were searched by the Estonian FIU. Based on its findings, the FIU found that in 90% of cases, Garantex did not verify the identities of its clients at all. The company did not submit any suspicious activity reports to the Pension Fund.
The FIU revoked Garantex Europe’s license on February 24, 2022, but this did not stop the company from continuing its business. VSquare Delfi partner has learned that as a result, the Estonian Prosecutor’s Office has opened a criminal investigation against Garantex Europe and its board of directors in Estonia for unauthorized economic activities. According to sources of Russian investigative journalists from the Dossier Center, Garantex was active during the war in Ukraine, allowing people to convert cash into cryptocurrency and export it abroad during sanctions regimes, and its owners are also associated with people associated with the Russian intelligence.
dossier.center, 12/19/2022, “Moscow City” – office of deputy Lugovoy – crypto exchange – bank account”: The Dossier Center correspondent continues his crypto-travel through Moscow City. This time we are in the Garantex office – this is not just an exchanger, but the largest crypto exchange in Russia. Let us remind you that American hacker researchers from Chainalysis believe that over three years Garantex received $645 million worth of cryptocurrency from dirty or suspicious addresses.
Paradoxically, Garantex was originally conceived as a legal crypto business – a unique phenomenon for Russia. The founder of the project is Sergei Mendeleev, a former municipal deputy of the Moscow Yasenevo district and a well-known person in crypto circles. In the fall of 2019, he and two business partners registered Garantex Europe OU in Estonia. A year later, the company received a license to provide services as a virtual currency provider and was legalized in the EU. However, then a series of strange events followed. First, in February 2021, Stanislav Drugalev, co-founder of Garantex, Mendeleev’s business partner, died in Dubai. His car fell off a bridge at a road junction. The crypto community is still full of rumors that this is a very strange accident. And in March, Sergei Mendeleev sold his share to a certain Irina Chernyavskaya.
The arrival of the new owner coincided with the literally explosive growth of Garantex. If in January 2021 7 thousand people used the exchange, then in January 2022 – almost 70 thousand. And the turnover by this time exceeded $10 million per day, or $300 million per month. At the same time, Garantex Europe OU became interested in the Estonian Financial Intelligence Bureau (RAB). The company made critical mistakes in the fight against money laundering: the identities of 90% of clients were not verified, and part of the cryptocurrency came to the exchange from criminal wallets, the head of the Estonian service listed in an interview. […] In early April, Garantex Europe OU fell under American sanctions for connections with the darknet and hackers. Soon the company changed owners and name. The new owners – a legal office – have begun liquidation procedures, as can be seen from the Estonian register of companies. — Insert K.ru
On the company’s website you can find a mention of the Estonian company ITEcosystem OÜ, which actually lost its crypto license in July 2020. Coinsbit was co-founded by Ukrainian IT businessman Nikolai Udyansky. However, he stated that he sold his stake in Coinsbit in 2019 and the current owner is unknown.
Officially, according to the Estonian business registry, ITEcosystem was founded and owned by a Ukrainian citizen named Yaroslav Yarovenko. Running an international company with huge turnover has been a great success story for Yarovenko, who was convicted in 2014 of stealing women’s shoes from the Kyiv clothing store Zara.
The Ukrainian former petty thief who ran an international cryptocurrency company has no public connection to the business. At the same time, billions of dollars worth of cryptocurrency transactions are made monthly through Coinsbit. There is no public profile or contacts for Yarovenko anywhere, so VSquare was unable to track him down. Coinsbit did not respond to VSquare’s emailed questions.
There are also hundreds of scam alerts online regarding Coinsbit’s services. According to Trustpilot, it has a trust rating of 2.2 out of 5 based on 212 reviews.
Although the website still contains a link to the Estonian company that was its main operator at least a few years ago, the official operating company of Coinsbit has now moved to the Seychelles, which brings us no closer to understanding who is the owner of this multi-billion dollar enterprise.
“At some point, the Estonians realized that they had no control over this. Most of these companies were shell companies with no connection to the local economy. They are not [платили] taxes, didn’t hire [кого-либо] and exposed the country to a loss of reputation,” adds Polish lawyer Artur Kuczmowski, who specializes in registering companies in Estonia.
According to the Estonian Financial Intelligence Unit (FIU), as of mid-2021, almost 55% of all virtual currency service providers in the world were registered in Estonia.
Estonia has since initiated a major reform to clean up the system. Since most companies did not agree (or were unable) to follow the new rules, at the time of writing there are only 78 licensed crypto companies left out of 1,644.
The head of the Estonian FIU, Mathis Mäker, confirms that US decisions on sanctions show how these types of companies helped finance Russian mercenary groups and even North Korean nuclear programs.
“But there is nothing to link them to Estonia, only that the service providers created their address, provided random nominee directors and anti-money laundering contacts [людей], found on the street who do not understand anything. They don’t even know which companies they are directors of,” says Mäker.
“When they launder money, our hands are tied. In the criminal sense or in the sense of supervision, they are not even here. They are only here on paper.”
Estonian FIU spokeswoman Eunne Metz says that these activities of MEXC are known to the government agency and it is currently reviewing the company’s license. “This procedure has lasted more than a year and will receive a decision when all the relevant facts are clarified,” says Metz.
Manager of Mexc Estonia OÜ Lyudmila Budnikova confirms that the company is waiting for the renewal of the Estonian FIU license. She claims that the European subsidiary in Estonia is a completely different company from MEXC Global.
“Simply put, Mexc Estonia OÜ is a franchise unit serving European clients. This means the company can use the global brand ‘MEXC’ but has no corporate connection to the brand owner,” she claims.
Since its inception in 2012, Payeer has operated in various jurisdictions. By 2023, it lost its license in Estonia and re-established its activities in Lithuania as Payeer UAB, registering there a company engaged in cryptocurrency exchange activities. The actual beneficiary of the enterprise was never clear because the operator’s ownership information was different in each incarnation. In Russia, its first incarnation, Payer RUS LLC, was founded by a woman named Evgenia Kosolapova, who does not appear to have a public profile related to payment and crypto services.
While working in Georgia, Payeer was officially owned by Ukrainian Konstantin Buryachenko. The same Buryachenko established a Czech subsidiary, BlackShire United LP, which was owned by Dexberg Inc and Montbridge Inc from the Marshall Islands, notorious for hiding the true beneficiaries of suspicious companies. Mother Jones journalists linked Scottish company Blackshire with a network of Russian-backed shell companies linked to suspicious political donations to Albania.
During Payeer’s operations in Estonia, a Russian citizen named Lyubov Svezhentseva was listed as the UBO (ultimate beneficial owner) of Payeer. However, she is officially Payeer’s chief marketing officer, and VSquare was unable to confirm her position as founder/owner. According to Payeer’s homepage, the service provider also claims to have a financial license from Vanuatu.
In Lithuania, Payeer now declares another Russian citizen as a beneficiary – Ekaterina Olegovna Gorshkova with an address in the Netherlands.