How Much Did Russian Spy Agencies Rely On Bitcoin? New Hints In Leaked Recordings
By Mike Eckel November 28, 2019
When it was seized by U.S. law enforcement in 2017, BTC-e was described as "one of the world's largest and most widely used digital-currency exchanges." It was also one of the most notorious.
Billions of bitcoin and other digital currencies had been swapped since BTC-e's creation six years prior. But that was before one of its alleged founders, Aleksandr Vinnik, was arrested on a Greek beach in 2017 on a U.S. arrest warrant. The following year, Special Counsel Robert Mueller revealed precise evidence in alleging how Russia's military intelligence agency used bitcoin transactions to mask meddling in the 2016 U.S. presidential elections.
Earlier this month, new glimpses into the shadowy world of cryptocurrencies emerged in a BBC Russian Service report that provided more indications of how exactly Russian spy agencies were intertwined with bitcoin exchanges like BTC-e.
"At a minimum, BTC-e was always heavily used by cybercriminals to launder funds, so it would have been a natural place for Russian intelligence to procure hard-to-trace funds as well," says Kim Nilsson, a Tokyo-based programmer engineer who gained renown for helping solve a massive bitcoin theft linked to BTC-e.
"Russia's particular interest in Vinnik's extradition might suggest some important higher-ups may have had their fingers in the BTC-e pie, if not Russian intelligence itself," Nilsson tells RFE/RL.
BTC-e, which was basically a giant online marketplace for buyers and sellers of bitcoins and other cryptocurrencies, had intrigued researchers, analysts, and law enforcement even before the United States seized it two years ago.
Since its inception in 2011, founded and operated by Vinnik and a partner named Aleksandr Bilyuchenko, BTC-e's business model was heavily reliant on the criminal underworld and people and entities interested in anonymity or hard-to-trace transactions, according to U.S. and other officials.
Its website said BTC-e was located in Bulgaria, but based in both Cyprus and the Seychelles.
One researcher who tracks blockchain transactions -- essentially the underlying technology that makes cryptocurrencies function -- estimated that as of 2016 as much as 70 percent of all cryptocurrency criminal cases globally involved BTC-e.
That included what turned out to be the theft of around $400 million from a bigger, older cryptocurrency exchange based in Tokyo known as Mt. Gox. Uncovered in 2014 mainly by Nilsson and colleagues, the theft was the biggest involving cryptocurrencies to date, and helped pushed Mt. Gox into bankruptcy.
Investigators later found that between 2011 and 2014, BTC-e processed transactions involving funds stolen from Mt. Gox.
Three years after the Mt. Gox collapse, on July 24, 2017, Vinnik was arrested on a beach in Greece, where he was vacationing with his family. When he was taken into custody by U.S. agents, Vinnik, who was charged with 21 counts of money laundering and other related charges, was logged onto his BTC-e account on his cell phone.
According to the U.S. Justice Department, Vinnik, now 39, was allegedly the mastermind behind an international money-laundering scheme that had processed over $4 billion in cryptocurrency transactions, including bitcoins stolen from Mt. Gox.
After his arrest and the unsealing of the U.S. extradition order, Russia filed a court order in Greece seeking to have Vinnik returned to Russia, purportedly to face charges in a case of small-scale fraud. France later filed its own extradition order.
Two years after his arrest, on July 25, 2019, U.S. prosecutors filed another complaint against Vinnik and BTC-e, moving to seize about $100 million from frozen BTC-e accounts for alleged violations of U.S. banking laws.
As of this writing, he is still in Greek prison awaiting a final ruling by Greek authorities on where he will be sent.
'The Perceived Anonymity Of Cryptocurrencies'
On July 13, 2018, almost a year after Vinnik's arrest, the first of two U.S. indictments was unsealed, charging 12 officers from the Russian military intelligence service popularly known as the GRU with conspiracy to interfere in the U.S. political system in 2016 and other efforts. The first was brought by Special Counsel Mueller; the second, released in October, by U.S. prosecutors in Pennsylvania.
Among other things, the indictments contained precise identifying information about the GRU units allegedly involved, including a group of hackers known unofficially as Fancy Bear.
"To facilitate the purchase of infrastructure used in their hacking activity, the defendants conspired to launder the equivalent of more than $95,000 through a web of transactions structured to capitalize on the perceived anonymity of cryptocurrencies such as bitcoin," prosecutors wrote.
The indictment also provided detailed information about the bitcoin transactions that were allegedly used by the agents.
Tom Robinson, a scientist at London-based research company Elliptic Enterprises, examined the specific transactions, and in a report published 11 days after the first indictment, concluded there was a strong link between the GRU operatives and BTC-e.
He stopped short of drawing a direct connection, however.
Robinson did not immediately respond to a message left for him with Elliptic's spokesperson.
Heir To BTC-e
Within days after BTC-e was seized, a new Russian-based cryptocurrency exchange appeared, spearheaded, it later emerged, by one of Vinnik's partners at BTC-e, Bilyuchenko. Another man who was a frequent trader of cryptocurrency on BTC-e, Dmitry Vasilyev, was also involved.
Like BTC-e, the exchange, called Wex, saw hundreds of millions of dollars in transactions of digital currencies.
Months after its founding, in early 2018, the exchange collapsed amid the disappearance, according to the BBC Russian Service, of some $400 million in cryptocurrency. Russian users of Wex who were unable to access their holdings filed police complaints with Russian law enforcement.
Prior to Wex's collapse, Bilyuchenko and Vasilyev had sought out investors and patrons who could help stabilize the exchange and provide some protection from Russian security agencies, a common business practice known as a "roof."
Among those contacted by Bilyuchenko and Vasilyev, according to the BBC, were Konstantin Malofeyev, a wealthy Russian businessman known for his ties to the Kremlin and his advocacy of conservative and nationalist causes. The United States imposed financial sanctions on Malofeyev in 2014 for his support of Russia-backed separatists fighting in eastern Ukraine.
Bilyuchenko later testified to police investigators that at around the time negotiations with Malofeyev were ongoing, he had been contacted by officials from Russia's main domestic spy agency, the Federal Security Service (FSB).
In April 2018, Bilyuchenko testified that a man named Anton demanded that he turn over encrypted Wex assets, and the man said that the cryptocurrency would "go to the accounts of the FSB of Russia." Bilyuchenko later said he was held in jail until he agreed to transfer $450 million in cryptocurrency.
The BBC also published a recording of a phone conversation purportedly between Bilyuchenko and Malofeyev in the summer of 2018. In the recording, a man identified as Malofeyev accuses Bilyuchenko of not transferring some of those funds.
"There is a great suspicion among all participants in the process that you have more [money] than you put on the exchange. The fact that you were tied to BTC-e is obvious, but on BTC-e it was much more than it turned out on Wex," the man can be heard saying. "You are kept afloat because I say that you are mine and I am responsible for you."
Neither Vasliyev's nor Bilyuchenko's whereabouts could be immediately determined.
According to the BBC, in late 2018 Vasilyev sold his interests in Wex to a man who is prominent among Russia-backed militias fighting in eastern Ukraine. Vasilyev was arrested in Italy in July 2019, though he was released the same month.
An e-mail sent to the press service of Malofeyev's main investment company, Marshall Capital, was not immediately returned.
Not Just Simply Money Laundering?
Researchers and analysts have for years concluded that Russian's leading spy agencies, the FSB and GRU, were taking advantage of the cover provided by cryptocurrency and their exchanges to fund operations.
For now, there's scant incriminating evidence -- at least publicly -- that would directly expose how the money flows, something that would be of burning interest to U.S. intelligence agencies who have already concluded that the 2016 election interference campaign was authorized by President Vladimir Putin himself.
But there are also indications U.S. authorities have much greater intelligence on the cryptocurrency transactions beyond those hinted at in the 2018 indictments, according to Tim Cotten, a researcher based in Washington, D.C.
"No doubt the U.S. government, as the owners of the seized BTC-e, have much more data than could ever be hoped to be gleaned by a simple blockchain analysis about what funds were used where, when, and by who," he wrote in a blog post in April 2019.
Cotton did not respond to e-mails seeking further comment.
Nilsson notes, "We've all seen plenty of indications from the U.S. intelligence community that Russian intelligence is well-versed in the use of cryptocurrency in their operations, so it should come as no surprise if they're also involved in the shadier side of the market."
The court filings in Vinnik's case hint that one of the reasons the legal fight for his extradition has been so hard-fought may be because his potential value as an intelligence asset -- able to provide details of BTC-e's inner workings, and the agencies that used it.
Louis Goddard, a data investigator with the London-based corruption watchdog Global Witness and author of a recent report exposing a London financial company's ties with BTC-e, says he has not yet seen evidence of a link between the BTC-e's alleged operators and the Russian state.
However, "the lengths that both sides in Aleksandr Vinnik's extradition battle have gone to -- including the filing of separate criminal and civil suits in the United States and the reported lobbying of the Greek government by Vladimir Putin himself -- raise questions about whether this case goes beyond money laundering," Goddard tells RFE/RL.
Copyright (c) 2019. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave., N.W. Washington DC 20036.
|Join the GlobalSecurity.org mailing list|