The U.S. Treasury Department on Tuesday sanctioned SUEX OTC s.r.o., a virtual currency exchange registered in the Czech Republic but largely operating in Russia, for its role in facilitating financial transactions for ransomware actors.

The designation of SUEX is the first by the U.S. against a virtual currency exchange, the Treasury said. Though most virtual currency transactions are legitimate, they can be used for illicit activities; some exchanges are exploited by malicious actors, but others, like SUEX, facilitate the activity for their own gain, according to the Treasury. More than 40 percent of SUEX’s known transaction history was associated with illicit actors, according to the Treasury. In addition to the designation, the Treasury also identified SUEX’s digital currency addresses.

“Treasury will continue to use its authorities against malicious cyber actors in concert with other U.S. departments and agencies, as well as our foreign partners, to disrupt financial nodes tied to ransomware payments and cyber-attacks,” the department said.

Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity; SUEX itself facilitated transactions involving illicit proceeds from at least eight ransomware variants, the Treasury said. 

Ransomware is a form of software designed to lock up a user’s data in which a malicious actor then demands payment for its release. In 2020, ransomware payments reached more than USD 400 million, more than four times the amount a year ago, the Treasury said, acknowledging that the U.S. government believes the figure “represents just a fraction of the economic harm caused by cyberattacks.” Also Tuesday, the Treasury issued an updated advisory on the potential sanctions risks for facilitating ransomware payments.

SUEX allows users to buy cryptocurrency with a credit card, and it takes about 30 minutes to complete an order, according to its website. There is a maximum limit of USD 200 worth of virtual currency for a user’s first transaction, but the ceiling rises the longer a user stays on SUEX and becomes limitless after a month, the website says.

Egor Petukhovsky, a co-founder of SUEX, owns a 40 percent stake in the company and is its largest shareholder, corporate records show. Petukhovsky describes himself as a financial technology entrepreneur and has founded several companies since graduating from Moscow Power Engineering Institute, according to a resume posted online and reviewed by Kharon. His most recent venture is a cryptobank that allows transfers of cryptocurrencies through the Telegram app.

Since its launch in 2018, SUEX moved hundreds of millions of dollars worth of cryptocurrency, mostly in bitcoin, ether and tether, according to an analysis published Tuesday by Chainanalysis, a blockchain data firm that said its tools were used by the U.S. government to investigate the exchange. SUEX took in tens of millions worth of cryptocurrency payments from addresses associated with several forms of cybercrime, Chainalysis found. 

The exchange received nearly USD 13 million from ransomware operators, more than USD 24 million from cryptocurrency scam operators and more than USD 20 million from darknet markets, according to Chainalysis. It also received more than USD 50 million worth of cryptocurrency from addresses associated with the now-shuttered illicit cryptocurrency exchange BTC-e well after it had been shut down, Chainanalysis said.

Operating as a “nested” exchange, SUEX used digital currency addresses hosted by larger exchanges to tap into a larger liquidity pool and trading pairs, according to Chainalysis. 

Nested exchanges can present customers with a custom-made interface while taking advantage of the access provided by larger partners, which enabled SUEX to convert illicit client funds into physical cash “at an alarming scale,” said TRM Labs Inc., a blockchain analysis firm. 

“SUEX filled an essential niche in the ecosystem of underregulated exchanges that, either through willful ignorance or witting cooperation, facilitate the conversion of illicit crypto ransoms into real-world currency,” TRM Labs said. “Major exchanges are now on notice that high-risk nested services like SUEX are in the government's sights.”