.avif){kind=small}
The Office of Foreign Assets Control (OFAC) has intensified its unwavering commitment to combating the deplorable web of unlawful activities that plague the crypto-sphere. With a firm resolve, they have established stringent requirements and comprehensive frameworks to stem the tide of illicit trade.
Criminal networks profit from the trafficking and illegal trade in narcotics, arms, human lives, tobacco, counterfeit goods, and plundering wildlife. Billions of dollars seamlessly flow through the veins of the global economy, distorting multiple industries and diminishing the hard-earned revenues of legitimate businesses.
The tireless efforts of the OFAC, and other dedicated forces of justice stand resolute, with their aim unwavering. In this battle against the forces of malevolence, penalties and sanctions play a crucial role in deterring illicit actors, since these individuals tend to engage in a trade where potential rewards are highest and the risks are lowest. Criminal networks, especially those involved in transnational organized crime, adapt their behavior based on the risk-reward dynamics. These dynamics are influenced by international legal frameworks, national laws, and enforcement policies.
Biggest Sanctions this Quarter
Genesis Market - one of the largest illicit markets sanctioned by the OFAC
NAME
GENESIS MARKET
TYPE OF BUSINESS
CYBERCRIME FACILITATION WEBSITE
AVAILABLE IN
ENGLISH
PRODUCT
STOLEN CONFIDENTIAL DATA OF THE VICTIM, INCLUDING PASSWORD AND LOGIN CREDENTIALS
On April 4, 2023, law enforcement agencies carried out a global operation known as ‘Operation Cookie Monster’, resulting in the closure of a well-known fraudulent platform Genesis Market and the arrest of numerous individuals involved in its malicious activities. Furthermore, on April 5, the Office of Foreign Assets Control (OFAC) imposed sanctions on the criminal marketplace.
Treasury’s 2022 National Money Laundering Risk Assessment identified that darknet markets provide an opportunity for criminals to profit from unauthorized access to victim computers by selling stolen data to other criminals for further exploitation. Furthermore, FinCEN’s “Advisory on Illicit Activity Involving Convertible Virtual Currency” warns that darknet markets frequently include offers for the sale of illicit goods and services for exploitation on the internet that use virtual currencies as a method of payment.
Genesis Market was actively involved in the theft and sale of illegally obtained confidential data of innocent victims. Believed to be located in Russia, the business had its presence on Clear net (traditional internet) as well as the darknet.
Its website compiles stolen victim data—including computer and mobile device identifiers, email addresses, usernames, passwords, and other credentials—from malware-infected systems around the globe and packages it for sale.
As of Feb 1, 2023, approximately 460,000 individually compromised packages were listed for sale on Genesis Market. These packages contained stolen passwords and personal information for a variety of online accounts, including email, social media, and video streaming platforms, among others.
The expanding Dark-web economy and its obsession with stolen credentials
Due to the widespread use and continuous progress of technology, cybercrime, and online identity fraud have adapted and diversified through various means. Typically, the objective of identity fraud is to achieve financial benefits, but the strategies employed can be executed in different ways. These can range from sophisticated and meticulously orchestrated data breaches to manipulative social engineering techniques, as well as the creation of false online identities to establish trust and extract information from unsuspecting individuals
A parallel economy thrives within the realm of the darknet, characterized by its rapid increase and affinity for engaging in transactions of stolen digital identity. The analysis of the most popular topics from underground forums reveals that stolen credentials and the sale of initial access continue to dominate cybercriminal markets.
As a result, individuals, governments, and industries need to be more vigilant about their safety on the internet. Identity theft can happen to anyone but you can reduce the risk of becoming a victim by taking simple steps to protect your information online.
The Crackdown: Efforts to Curb DPRK’s illicit objectives
“According to reports, DPRK cyber actors were able to steal an estimated $1.7 billion worth of virtual currency through various hacks in 2022 alone.”
The malicious cyber operations of the Democratic People's Republic of Korea (DPRK) pose a significant threat to the integrity and stability of the global financial system. In order to generate funds for its weapons programs, the DPRK has increasingly relied on illicit activities like cybercrime.
In response to the escalating danger of cybercrime by the DPRK, the US government released a report on June 23, 2020, addressing its concerns regarding this trend and outlining countermeasures to mitigate the DPRK's cyber threat.
In its recent action, the US Treasury went ahead to sanction malicious entities and individuals who were providing support to DPRK. The designated individuals’ list includes Wu HuiHui (Wu) for providing material support to the Lazarus group (the group controlled by the Reconnaissance General Bureau (RGB), the DPRK’s primary intelligence bureau and main entity responsible for the country’s malicious cyber activities), and Cheng Hung Man (Cheng) for helping Wu.
Wu, a PRC-based OTC virtual currency trader, played a major role in converting stolen virtual currency to fiat currency on behalf of DPRK actors associated with the Lazarus Group. In 2021, Wu engaged in several transactions that converted millions of dollars worth of virtual currency into fiat currency for DPRK cyber actors.
Cheng, an OTC trader based in Hong Kong, collaborated with Wu to transfer payments to businesses in exchange for virtual currency. Cheng utilized front companies to help DPRK actors evade anti-money laundering measures at financial institutions and gain access to the U.S. financial system. Cheng also worked with Wu and other virtual currency traders to convert virtual currency stolen by DPRK hackers into fiat currency for use by the DPRK government.
The OFAC also designated Sim Hyon Sop (Sim) for acting for or on behalf of the Korea Kwangson Banking Corp (KKBC), an entity previously designated for providing financial services to already designated entities. In his position with KKBC, Sim has coordinated millions of dollars in financial transfers for the DPRK.
How DPRK actors use IT professionals to fund their illicit activities
“The DPRK employs thousands of skilled IT workers around the world who fraudulently obtain employment in the technology and virtual currency sectors to generate revenue for its illicit WMD and ballistic missile programs.”
Sim received tens of millions of dollars in virtual currency, which was partly derived from DPRK individuals who fraudulently secured jobs at U.S. companies and requested payment in virtual currency. These workers then laundered their salaries through a complex process to funnel the illegally obtained funds back to the DPRK. Sim is believed to be receiving money from these fraudulent activities and directing virtual currency traders to transfer payments to front companies for purchasing goods like tobacco and communication devices, on behalf of the DPRK regime.
The OFAC Imposes Sanctions on Entities Engaged in the Supply of Deadly Chemicals
The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury has officially identified and sanctioned two organizations located in the People's Republic of China (PRC) and five individuals residing in both the PRC and Guatemala. These entities have been targeted for their involvement in providing precursor chemicals to drug cartels operating in Mexico, with the purpose of manufacturing illegal fentanyl destined for sale in the US markets
The OFAC designated Wuhan Shuokang Biological Technology Co., Ltd (WSBT), an entity responsible for the sale of fentanyl precursor chemicals, and its owner Yao Huatao (Yao).
OFAC has additionally imposed sanctions on three Chinese nationals due to their affiliation with WSBT. Wu Yaqin (Wu) and Wu Yonghao (Yonghao) served as sales representatives for Yao's company WSBT, who engaged in negotiations and facilitated the sale of precursor chemicals used in the production of fentanyl on behalf of WSBT.
Wu also provided valuable information regarding effective methods for synthesizing illegal fentanyl. Another individual named Wang Hongfei (Wang), a collaborator of WSBT, was the proprietor of a cryptocurrency wallet that has been utilized to receive Bitcoin payments for unlawful drug transactions carried out on behalf of WSBT.
The transaction volume of a Bitcoin address owned by a sanctioned entity (Wang Hongfei) involved in drug dealing.
(To know more about the transactional metrics of this wallet, visit)
The U.S. Department of State’s Narcotics Reward Program announced reward offers from up to $1 million to up to $10 million for information leading to the arrest and/or conviction of several targets indicted today, including Yao, Wu, Yonghao, and Zea. For Yao, Wu, and Yonghao.
In 2021, the Chinese chemical company Suzhou Xiaoli Pharmatech Co., Ltd (SXPC) exported 25 kilograms of N-BOC-4-Piperidone, a chemical used as a precursor in the production of fentanyl, to Guadalajara, Mexico. During the sale of N-BOC-4-Piperidone, the SXPC sales representative was fully aware that the chemical would be utilized to support the illicit manufacturing of fentanyl and/or fentanyl pills. Moreover, the SXPC sales representative explicitly acknowledged that SXPC served as a supplier of fentanyl precursor chemicals to narcotics traffickers operating in Mexico.
OFAC has designated SXPC for its involvement in or attempted involvement in, activities or transactions that significantly contribute or pose a substantial risk of significantly contributing to the global proliferation of illegal drugs or the means of their production.
Ana Gabriela Rubio Zea (Rubio Zea), operating from Guatemala, acted as a broker specializing in fentanyl precursor chemicals, procuring them on behalf of drug traffickers based in Mexico.
Rubio Zea played a pivotal role as the broker for the acquisition of 25 kilograms of N-BOC-4-Piperidone, which was purchased from SXPC and intended for the Sinaloa Cartel in Mexico.
Utilizing her connections with suppliers and chemical manufacturers based in the People's Republic of China (PRC), Rubio Zea has facilitated the procurement of fentanyl precursor chemicals for the Sinaloa Cartel.
Furthermore, she has directly linked Sinaloa Cartel traffickers with these PRC-based suppliers, being fully aware that the chemicals obtained would be utilized in the production of fentanyl for eventual distribution in the United States and other locations. Notably, Rubio Zea's primary suppliers of fentanyl precursor chemicals are sales representatives associated with PRC-based chemical companies WSBT and SXPC.
Rubio Zea harnessed her extensive knowledge and wide network, employing cunning strategies to ensure the stealthy transportation of precursor chemicals, evading detection by vigilant customs authorities in Mexico and other nations.
Rubio Zea was sanctioned by the OFAC for having engaged in or attempted to engage in, activities or transactions that have materially contributed to, or posed a significant risk of materially contributing to, the international proliferation of illicit drugs or their means of production.
On April 4, 2023, Rubio Zea faced a federal grand jury indictment in the U.S. District Court for SDNY, charged with multiple counts related to conspiracy, including the importation of fentanyl and money laundering.
The indictment revealed a direct association between Rubio Zea and the infamous "Los Chapitos," a notorious reference to the four sons of the infamous Mexican drug lord, Joaquin "El Chapo" Guzman Loera. Among the members of Los Chapitos are Ivan Archivaldo Guzman Salazar and Jesus Alfredo Guzman Salazar, along with their stepbrothers, Ovidio Guzman Lopez and Joaquin Guzman Lopez, the first three of whom were indicted by SDNY.
As prominent figures within the Sinaloa Cartel, one of the world's largest and most influential drug trafficking organizations, Los Chapitos are deeply involved in various criminal activities, including drug trafficking, money laundering, and acts of violence. The Guzman Salazar brothers, along with Ovidio Guzman Lopez, had previously been designated by OFAC in 2012 under the Foreign Narcotics Kingpin Designation Act. Subsequently, in 2021, the trio received another designation under E.O. 14059, recognizing their significant contributions or potential risks associated with the global proliferation of illicit drugs or their production methods.
Drug overdoses claim hundreds of lives every year
The CDC reports that U.S. drug overdose deaths surpassed 72,000 in 2017, representing a worrying increase from the already high 2016 number. However, the gravity of this crisis further intensified in 2022, as the devastating grip of drug addiction claimed the lives of nearly 107,447 individuals.
Drug overdoses have contributed to a decrease in life expectancy in the United States and are one of the nation’s leading causes of death. During the past two decades, the nation’s overdose deaths have risen dramatically, fueled first by prescription pain pills, then heroin and now dominated by fentanyl, the synthetic opioid primarily smuggled into the United States by Mexican cartels. The nation’s increasingly toxic drug supply is replete with other dangerous synthetic drugs such as xylazine, the animal tranquilizer that causes rotting flesh wounds and has been named by the federal government as an “emerging threat” when mixed with fentanyl.
The United States has been taking rigorous steps to curb the illicit manufacture and trafficking of illicit fentanyl and other synthetic drugs, a major cause of death among adults aged 18 to 45 in the United States.
Sanctions Compliance with Merkle Science
Cryptoasset businesses and financial institutions with compliance teams should be vigilant of possible sanctions evasion activities related and treat these risks with significance. It is crucial to take preemptive measures now to safeguard your business from unintentionally aiding prohibited transactions or engaging with designated persons or entities.
To comply with sanctions against illicit actors and their networks, it is necessary to access wallet and transaction screening capabilities that can enable you to identify potentially prohibited activity.
Compass - our flagship behavior-based transaction monitoring and reporting solution can efficiently assist compliance teams in inspecting the wallets of potential clients and customers in order to uncover any past direct or indirect relations with the wallets of sanctioned parties. We immediately tag sanctioned addresses in our system and assigned them as “Sanctions” with the “OFAC” subtype. The risk level sanctioned addresses are escalated to “Critical Risk” in our system. As an additional compliance measure, addresses that have or have had any exposure to the sanctioned addresses, directly or indirectly are flagged with new alerts per your business’s risk policies.
Moreover, our blockchain forensics solution ‘Tracker’ helps spot sanctions evasion by detecting funds that have been transferred through several intermediary addresses, known as hops, before reaching a cryptocurrency exchange or a financial institution. Tracker can also help investigators visualize the flow of funds associated with sanctioned addresses.
