In a coordinated international effort, the US Internal Revenue Service-Criminal Investigation (IRS-CI), the Department of Justice (DoJ), and the Federal Bureau of Investigation (FBI), along with Germany's Federal Criminal Police Office (BKA) and the Attorney General’s Office in Frankfurt, seized the domain of online crypto wallet Cryptonator. The platform was taken down for its failure to implement appropriate anti-money laundering controls and its role in facilitating illicit activities.
Cryptonator, an online cryptocurrency wallet launched in 2014, allowed users to perform direct transactions and instant exchanges between different cryptocurrencies within one personal account. Cryptonator's website has now been replaced with a notice of the takedown from the US Justice Department, IRS, and German law enforcement agencies.
The US authorities have also filed a criminal complaint against Russian national Roman Pikulev, accusing him of founding and operating Cryptonator. The DoJ alleges that Cryptonator was an unlicensed money service business (MSB) that processed over $235 million in illicit funds.
Pikulev faces charges of operating an unlicensed MSB and money laundering, with the platform lacking of anti-money laundering (AML) processes and effective AML program. Users were reportedly able to register with just a username and password, bypassing mandatory Know Your Customer (KYC) requirements.
Since its establishment, Cryptonator is said to have processed criminal proceeds from numerous cybercrimes, including computer intrusions, ransomware scams, fraud markets, and identity theft schemes.
According to the DoJ, Cryptonator offered API keys to darknet marketplaces, bulletproof hosting services, and shops selling cached credentials for credit card companies.
The indictment said that Pikulev was aware of the illicit nature of the funds handled by Cryptonator, as hackers, darknet market operators, ransomware groups, and sanctions evaders used the platform to exchange cryptocurrencies and convert crypto into fiat currency. Pikulev allegedly incorporated functions to anonymize the source of cryptocurrencies, further enabling criminal activities.
Evidence includes chats where Pikulev discusses onboarding cryptocurrencies popular on darknet markets, such as Monero, and offering API integrations with illegal platforms. Prosecutors claim Pikulev used the alias “Boss” and operated the platform through numerous US-based technology providers while advertising on US social media sites. He allegedly registered websites and email addresses using both Russian and German IDs and documents.
The investigation uncovered that Cryptonator facilitated over 4 million transactions worth a total of $1.4 billion, with Pikulev taking a cut from each transaction. Blockchain intelligence revealed that of this $1.4 billion, Cryptonator's addresses were linked to:
-
$25,000,000 with darknet markets, fraud, and carding shops
-
$34,500,000 with scam addresses
-
$80,000,000 with high-risk exchanges
-
$8,000,000 with ransomware groups
-
$54,000,000 with hacks and crypto theft operations
-
$34,000,000 with cryptocurrency mixing services
-
$71,000,000 with sanctioned addresses
Last week, the UK's National Crime Agency (NCA) dismantled Russian Coms, a major caller ID spoofing platform responsible for over 1.8 million scam calls. The platform, used by criminals in over 107 countries including the UK, US, and France, allowed scammers to disguise their identity by mimicking phone numbers from financial institutions, telecom companies, and law enforcement.
Between 2021 and 2024, Russian Coms facilitated over 1.3 million calls to 500,000 unique UK numbers. Three individuals linked to the platform's creation and development have been arrested and released on conditional bail. Joint actions against users of the platform are planned with support from Europol. Russian Coms, marketed via Snapchat, Instagram, and Telegram, offered services like “unlimited minutes,” “encrypted phone calls,” and voice changing.
