Virtual Currency Exchange Sanctioned by U.S. for Facilitating Ransomware Payments

A co-founder of the exchange also helped establish a fintech firm that has partnered with a U.S. credit card company to bring ‘tap to phone’ payment systems to small businesses

(Source: Adobe Stock)

By James Disalvatore and Samuel Rubenfeld

Tuesday, November 9, 2021


The U.S. Treasury Department on Monday sanctioned Chatex, a virtual exchange, along with three companies that set up its infrastructure, as part of a sweeping day of action against ransomware actors.

Chatex, which claims to have a presence in multiple countries, allows a user to receive, exchange or store cryptocurrency through a smartphone, according to its website. The company facilitated transactions for multiple ransomware variants, according to the Treasury. 

Ransomware, a form of software used to hold data hostage, has surged this year, disrupting critical services and businesses across the globe; payments are primarily made in virtual currency, the Treasury said. “Unprincipled virtual currency exchanges like Chatex are critical to the profitability of ransomware activities, especially by laundering and cashing out the proceeds for criminals,” the Treasury said in a statement.

Chatex said Tuesday, after the U.S. designation, that all chains are on hold and that the firm is working to ensure customers can regain access to their funds as soon as possible.

“One of our earliest equity investors has faced a legal case” in the U.S., and Chatex will cancel a token sale as a result, the statement said. “We are deeply sorry for this closure, but the events that led to this are neither associated with our team nor in our control … All customers’ funds are safe and secure, but restricted to be moved during the legal case proceeding.” 

The latest designations came as part of a whole-of-U.S.-government approach against ransomware, including an updated advisory from the Treasury’s Financial Crimes Enforcement Network (FinCEN) about the use of the financial system to facilitate ransomware payments. The U.S. also sanctioned and criminally charged two individuals for their role in ransomware attacks, and seized USD 6.1 million in ransom payments one of them had received.

The prior FinCEN advisory, issued in October 2020, had identified a number of red flags and other issues. The updated advisory reflects information from a recent trend analysis report and identifies new trends and typologies of ransomware and associated payments, including the growing proliferation of cryptocurrencies that enhance anonymity, according to the document. 

In addition to the sanctions on Chatex, the U.S. also designated IZIBITS OU, Chatextech SIA, and Hightrade Finance Ltd. for helping set up the company’s infrastructure. Alongside the U.S. actions, the Latvian government suspended Chatextech’s operations, fined the company and agreed to list members of its board on the national registry of high-risk individuals, the Treasury said. Estonian authorities revoked the license of IZIBITS, according to the Treasury.

Chatex’s virtual currency addresses became active in September 2018 and more than USD 17 million of the USD 77.5 million in bitcoin it received since then came from illicit sources, including darknet markets, according to the blockchain research firm Chainalysis. 

The co-founder of Chatex, Egor Petukhovsky, also helped found SUEX OTC s.r.o., a virtual currency exchange sanctioned in September for its role in facilitating ransomware transactions. 

After the designation of SUEX, Petukhovsky denied any wrongdoing and said he would defend his name in U.S. court. He also announced on social media at the time that he’d withdraw as a shareholder and suspend his activity with Chatex. 

Petukhovsky, who describes himself as a “computer science engineer by education, FinTech entrepreneur in life,” has a personal blog on which he details his lavish lifestyle, dishes on his personal relationships with other Russian entrepreneurs and explains how he developed some of his companies. 

Petukhovsky also co-founded and serves as marketing director for The Center for Corporate Technologies (CCT), a Russian fintech firm that describes itself as “a leading developer of innovative mobile commerce in the field of IT-solutions for the banking and financial sector.” CCT provides services to some of the largest banks in Russia, several of which are subject to U.S. sanctions measures covering the Russian financial sector, and it lists more than 20 other banks and payment processing firms as clients.

In June, CCT announced it had partnered with a major U.S. credit card company to launch “tap to phone” payment technology in the U.S. as part of a pilot for small businesses. 

The technology turns sellers’ mobile phones into point-of-sale acceptance devices, the credit card company said at the time. The company had also credited CCT by name as an initial tap to phone partner in October 2020, when the firm brought the technology to markets in central Europe, the Middle East and Africa. 

On his blog, Petukhovsky had described how CCT would be the “future of mobile contactless payments.” He holds more than a one-fifth stake in CCT, Russian corporate records show.  Petukhovsky’s close friend, Sergey Popov, also owns about 20 percent of CCT, according to records reviewed by Kharon. They both have senior roles at VISO Payment, a Tbilisi-based payment processor, Kharon found.

Popov also wholly owns the firm PayMob and serves as its chief executive officer, which describes itself as part of the CCT group of companies and has developed software allowing vendors to accept bank cards from international payment providers anywhere in Russia.

Egor Petuhovsky speaks on behalf of PayMob and CCT at a fintech conference in 2018. (Source: social media)

PayMob has a corporate presence that extends far beyond the borders of Russia, Kharon found. The firm opened a representative office in Myanmar in June 2020, it announced in a press release. According to a PayMob executive, the company has “a high interest in the promotion of innovative payment solutions both in Myanmar and other countries of Southeast Asia.” PayMob also has an office in Ghana and has participated in conferences there.

The designations and scrutiny also follows recently updated guidance from the Financial Action Task Force (FATF), an international standards-setting body for legal frameworks against money laundering and terrorism financing (AML/CFT), for a risk-based approach to virtual assets and related service providers. The FATF guidance updates a document from June 2019 and forms part of the body’s ongoing monitoring of the sector, it said. 

The inherently global nature of the digital asset ecosystem makes it “particularly well suited” for facilitating international financial crime, the FATF guidance said, noting how customers and services can operate without regard to borders, creating jurisdictional issues. One of the “most important hurdles” for the sector is that it has to convince regulators, legislators and the public that it doesn’t foster money laundering and financial crime, the law firm Polsinelli said recently.

“This guidance will help countries and [virtual asset service providers] understand their anti-money laundering and counter-terrorist financing obligations, and effectively implement the FATF’s requirements as they apply to this sector,” the body said when announcing the update.

Share this story