Russian-speaking groups dominate crypto-related cybercrime: TRM Labs

According to the latest report from TRM Labs, Russian-speaking threat actors originating from the former Soviet Union are the main drivers of several types of crypto-related cybercrime, including ransomware, illegal crypto exchanges and marketplaces from darknet.

In fact, Russian-speaking ransomware groups were also found to be responsible for at least 69% of all ransomware revenue in 2023, totaling more than $500 million.

Russian-speaking threat actors dominate

In its latest report, prominent crypto research firm TRM Labs revealed that the two largest operators of the year, Lockbit and Russian-speaking ALPHV/Black Cat, generated a combined revenue of at least 320 million of dollars from their attacks.

In addition, Russian-language Dark Web Markets (DNMs) account for 95% of all dark web drug sales conducted in crypto worldwide. These DNMs are multi-vendor platforms that facilitate the global trade in illegal drugs. As a well-established form of transnational organized crime, DNMs integrate anonymization networks, cryptography and encryption technologies.

TRM Labs said the top three Russian-language DNMs processed $1.4 billion in crypto in 2023, which is roughly 33% more than in 2022. By comparison, the entire Western DNM ecosystem handled less than $100 million dollars in 2023, about 20% less than in 2022.

Garantex dominates sanctioned crypto transactions

Garantex, a Russian-based crypto exchange sanctioned by OFAC in April 2022, handled 82% of crypto volumes associated with all sanctioned entities globally in 2023. This included exchanges and individuals under US sanctions and international

Interestingly, some of this volume involved crypto sent by Russian actors to sanctioned Chinese manufacturers for military equipment and components used by Russian forces in Ukraine.

The report also noted that at least $85 million has been sent to wallets linked to Russian and Chinese entities involved in the manufacture, transport and sale of military and dual-use equipment and components since 2021. This volume, likely will increase as there are more entities. are identified, it may also include the sale of other goods unrelated to the war effort, part of the broader cross-border trade between Russia and China established in crypto.

“Some Russian-speaking threat actors maintain ties to the Kremlin and have been actively using crypto to acquire foreign equipment for the Russian war effort. Over the past three years, more than $85 million has been sent to wallets used by Russian and Chinese entities involved in this type of cross-border shopping and trading.”

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

2024 LIMITED OFFER on BYDFi Exchange – Up to $2888 Welcome Reward, Use this link to register and open a 100 USDT-M position for free!