Justice and the French gendarmes have just carried out a major international police operation against the Bitzlato cryptocurrency exchange, investigations that could escalate the charge of nearly 5,000 court files, according to the first count.
On Wednesday, January 18, US judicial authorities announced the arrest of Anatoly Legkodymov, a Russian living in China, who is suspected of being the founder of Bitzlato. This crypto exchange, with little regard for its customers, where a dozen cryptocurrencies could be exchanged, is suspected of being one of the cybercrime dirty money launderers.
The suspect, nicknamed “Gandalf” – one of the magicians of the “Lord of the Rings” writer J. R. R. Tolkien – was arrested the day before in Miami. At the age of 40, this former Shenzhen resident arrived in the United States in October 2022, from where he continued his work as the head of the exchanger.
There were also five other arrests in Europe of platform executives, as well as the confiscation of the site and 16 million euros of criminal assets in France. Founded in 2016 in Hong Kong, Bitzlato “used at least one host in France from which the company rented dedicated servers,” the Paris prosecutor’s office explained in a press release.
According to Marc Boguet, boss of the cybergendarmes, this international investigation, led by a French cell, involved 250 investigators, including fifty gendarmes from France. These investigations, launched in France, began after the transmission of “information by a partner service”, he explains to Zdnet.fr without further details. Then on September 6, 2022, the cybersecurity department of the Paris prosecutor’s office launched an investigation into money laundering offenses related to computer hacking or extortion.
According to the prosecution, several suspects, mostly Russians and Ukrainians, played a key role in the development of this exchanger. A platform used to launder funds from illegal activities such as fraud, black market sales, or ransomware. These investigations, in particular, mobilized methods of covert surveillance of the platform “above the spectrum,” Marc Boget continues – a press release from the Paris prosecutor’s office refers, in particular, to “captured data.”
Gang use of ransomware
As Paris prosecutor Laure Becquo notes, these first investigations reveal the opaque mechanisms of laundering international organized crime and thus should form the basis for several thousand judicial investigations, including cybercrime cases. The cryptocurrency platform, for example, is suspected of laundering the equivalent of $15 million in ransomware proceeds.
“All the major ransomware gangs have used this platform,” notes Mark Boget. According to Chainalysis, which identified a significant proportion of suspicious transactions in the activity of the exchanger, suspicious flows associated with Phobos, AstroLocker and Dharma ransomware were observed in this way. Now the investigators will have to unroll the thread of the ball and see if there are any new interesting elements.
Important links to Hydra
But most of the illicit flows that, according to the prosecution, should have passed through the Bitzlato exchange, are connected to the Hydra black market. This Russian-language site, intended mainly for the sale of drugs, liquidated by the Americans and Germans last year, has become the number one black market in the world.
Thus, its users would trade over $700 million for Bitzlato, which would be satisfied with an email to sign up without asking for copies of identification documents. For American justice, this illegal use was well known to the company, one of the company’s leaders noted, for example, in an intercepted exchange, that their clients are drug addicts who buy drugs on Hydra.