Justice and the French gendarmes have just piloted a major international police operation targeting the Bitzlato cryptocurrency exchanger, investigations which could strengthen the accusation in nearly 5,000 court files, according to a first count.
On Wednesday, January 18, US judicial authorities announced the arrest of Anatoly Legkodymov, a Russian living in China suspected of being the founder of Bitzlato. This crypto exchanger with little regard for its customers, where you could convert a dozen cryptocurrencies, is suspected of being one of the launderers of dirty money from cybercrime.
The suspect, also nicknamed “Gandalf” – one of the magicians of the Lord of the Rings, the fiction of the writer JRR Tolkien -, had been arrested the day before in Miami. Aged 40, this former resident of Shenzhen arrived in October 2022 in the United States, from where he continued his activities at the head of the exchanger.
Five other arrests in Europe, of the platform’s executives, were also carried out, coupled with the judicial seizure of the site and 16 million euros in criminal assets in France. Founded in 2016 in Hong Kong Bitzlato “used at least one host in France from whom the company rented dedicated servers”, explains the Paris prosecutor’s office in a press release.
Operation led from France
According to Marc Boget, the boss of the cybergendarmes, this international investigation, led by a French cell, mobilized 250 investigators, including fifty gendarmes from France. These investigations, initiated in France, began after the communication “of information by a partner service”, he explains to Zdnet.fr without further details. The cyber section of the Paris public prosecutor’s office then opened an investigation on September 6, 2022 for money laundering offenses linked to computer hacking or extortion offences.
According to the prosecution, several suspects, mainly Russians and Ukrainians, played a key role in the development of this exchanger. A platform used to launder funds obtained through illegal activities such as scams, black market sales or ransomware. These investigations have in particular mobilized techniques of discreet surveillance of the platform, “from the top of the spectrum”, continues Marc Boget – the press release from the Paris prosecutor’s office mentions in particular “captured data”.
Use by ransomware gangs
As the Paris prosecutor, Laure Beccuau, points out, these first investigations reveal the opaque mechanisms for laundering international organized crime, and should thus feed several thousand judicial investigations, including cybercrime files. The crypto platform, for example, is suspected of having laundered the equivalent of $15 million in proceeds from ransomware attacks.
“All the big ransomware gangs used” the platform, remarks Marc Boget. According to the company Chainalysis, which had highlighted the significant share of suspicious transactions in the activity of the exchanger, suspicious flows linked to Phobos, AstroLocker and Dharma ransomware had thus been observed. It is now up to the investigators to unroll the thread of the ball to see if new interesting elements appear.
Important links with Hydra
But most of the illicit flows that allegedly transited, according to the prosecution, through the Bitzlato exchanger are linked to the Hydra black market. This Russian-speaking platform dedicated mainly to the sale of drugs, dismantled by the Americans and the Germans last year, had become the number one black market in the world.
Its users would thus have exchanged more than 700 million dollars on Bitzlato, which was satisfied with an email to register, without asking for copies of identity documents. For the American justice, this illicit use was perfectly known to the company, one of the leaders of the company remarking for example, in an intercepted exchange, that their customers were drug addicts buying drugs on Hydra”.