The United States unsealed charges against two Russian nationals accused of operating the cryptocurrency services Cryptex and PM2BTC, alleging they ran billion-dollar money-laundering infrastructure used by cybercriminals to process ransomware proceeds, darknet market payments, fraud revenue, and sanctions-evasion transactions. Treasury simultaneously moved against the network: FinCEN labeled PM2BTC a primary money laundering concern and barred certain fund transfers involving the service, while OFAC sanctioned Cryptex and alleged facilitator Sergey Sergeevich Ivanov. The action was coordinated with the U.S. Secret Service, Dutch law enforcement, and a State Department reward offer of up to $10 million for information on Ivanov.
The case extends a broader U.S. campaign against Russian cybercrime finance channels that previously targeted Hydra Market and the exchange Garantex. Treasury has described Hydra as a major darknet marketplace that enabled ransomware-as-a-service, stolen data sales, and other illicit trade, while Garantex allegedly processed more than $100 million tied to illicit actors despite anti-money-laundering deficiencies. Together, the latest charges and sanctions show U.S. authorities escalating efforts to cut ransomware operators and other Russian-linked cybercriminals off from the virtual-currency services they rely on to move and cash out illicit funds.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
U.S. authorities unsealed an indictment charging Sergey Sergeevich Ivanov and Timur Shakhmametov in connection with operating major money laundering services used by cybercriminals. The case was announced alongside Treasury sanctions and other coordinated disruption measures.
The U.S. State Department announced a reward of up to $10 million for information on Sergey Ivanov in connection with the cybercrime-enabling financial services case. The offer accompanied Treasury sanctions and related law enforcement actions.
In coordination with Treasury's actions, the U.S. Secret Service, Netherlands Police, and Dutch FIOD carried out seizures targeting infrastructure associated with the illicit Russian virtual currency services. The operation formed part of a broader multinational disruption effort.
The U.S. Treasury announced coordinated actions against Russian cybercrime-enabling financial services, with FinCEN designating PM2BTC as a primary money laundering concern and OFAC sanctioning Cryptex and Sergey Sergeevich Ivanov. The measures were described as aimed at disrupting ransomware proceeds, sanctions evasion, and other illicit cyber-enabled finance.
The U.S. Treasury sanctioned Hydra Market and the Russia-based virtual currency exchange Garantex as part of a multinational action against Russian cybercrime infrastructure. German authorities also shut down Hydra's servers in Germany and seized about $25 million in bitcoin.
Estonian authorities terminated Garantex's license after identifying critical anti-money-laundering and counter-terrorist-financing deficiencies. Treasury later said the exchange continued operating despite losing the license.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
justice.gov
Open sourcehome.treasury.gov
Open sourcehome.treasury.gov
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.