A recent investigation has shed light on a financial firm based in Canada that is serving as a payment processor for numerous Russian cryptocurrency exchanges and websites specializing in cybercrime services geared towards Russian-speaking individuals. The research, conducted by blockchain analyst Richard Sanders, uncovered that this Canadian company, Cryptomus, is facilitating transactions for a variety of cybercrime services, including abuse-friendly hosting providers, sites selling aged accounts, anonymity providers, and anonymous SMS services.
Sanders discovered that all 122 of the cybercrime services he examined were channeling their transactions through Cryptomus, which claims to be a cryptocurrency payments platform headquartered in Vancouver, British Columbia. Cryptomus’ parent company, Xeltox Enterprises Ltd., is registered as a money service business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). Among the findings, Sanders revealed that at least 56 cryptocurrency exchanges are utilizing Cryptomus for processing transactions, allowing users to exchange cryptocurrencies and cash out through various Russian banks, despite many being sanctioned by western nations.
Further analysis of the technology infrastructure of these exchanges revealed that they predominantly use Russian email providers and are hosted in Russia or by Russia-backed ISPs in Europe. Most of these platforms also leverage services from Cloudflare, a global content delivery network based in San Francisco. Sanders noted that these platforms primarily facilitate transactions with sanctioned Russian banks and provide infrastructure for cyber attacks, rather than offering legitimate goods or services for sale.
The investigation also delved into the physical address listed by Cryptomus, Suite 170, 422 Richards St. in Vancouver, BC. A prior investigation by CTV National News and the Investigative Journalism Foundation (IJF) found that this address is associated with multiple money service businesses (MSBs) incorporated without the knowledge of the actual occupants of the building. At least 76 foreign currency dealers, eight MSBs, and six cryptocurrency exchanges were registered at this address, with some entities having their registrations revoked.
The suspicious clustering of MSBs at specific addresses raised concerns about the legitimacy and risk associated with these businesses. Peter German, a former deputy commissioner for the Royal Canadian Mounted Police, highlighted the abuse of the registration system by having multiple MSBs located in the same building without conducting actual business activities there. This practice violates Canada’s requirements for registering high-risk businesses susceptible to money laundering and terrorist financing activities.
Moreover, the investigation exposed potential sanctions evasion tactics employed by Russian cryptocurrency exchanges through Cryptomus following restrictions imposed by major exchanges on Russian banks. Sanders observed a shift towards Cryptomus as a means of processing transactions with increased anonymity and obfuscation, enabling transactions with sanctioned entities and jurisdictions.
The complex network of businesses associated with Cryptomus and its parent company, Xeltox Enterprises, raises questions about their legitimacy and actual presence in Canada. An examination of related entities in the UK and the Czech Republic revealed convoluted directorships and connections to various offshore jurisdictions, hinting at potential shell company operations.
Overall, the investigation underscores the challenges posed by the illicit use of cryptocurrency transactions and the significance of regulatory oversight in detecting and preventing money laundering, sanctions evasion, and other criminal activities facilitated through digital platforms. As the cryptocurrency landscape continues to evolve, authorities and industry stakeholders must remain vigilant to combat illicit financial activities and protect the integrity of the financial system.