The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) designated Bitzlato, a Hong Kong-registered cryptocurrency exchange, as a “primary money laundering concern” in the first use of a law that targets entities that facilitate illicit Russian financial transactions.

FinCEN announced Wednesday that Bitzlato “plays a critical role in laundering convertible virtual currency (CVC) by facilitating illicit transactions for ransomware actors operating in Russia, including Conti, a ransomware-as-a-service group that has links to the government of Russia.” A multinational law enforcement effort shut down Bitzlato and seized its assets, officials said.

FinCEN and the Department of Justice (DOJ) said Bitzlato became a haven for laundering the proceeds of criminal activity, and its administrators knew the platform was “rife with illicit activities.” Many of its users were criminals who could access the platform without providing their identities or were conducting their activities under others’ identities, the DOJ said.

Bitzlato also allegedly had numerous connections to Hydra, a Russian-connected darknet market, and facilitated illicit transactions across its platform for Hydra users. Hydra was shuttered in April by German law enforcement officials working in coordination with the DOJ.

All covered financial institutions should cease doing business with Bitzlato, FinCEN said.

In a separate action, the DOJ on Wednesday announced the arrest of Bitzlato’s founder and majority owner Anatoly Legkodymov, a Russian national who resides in China, on charges he oversaw and facilitated $700 million in illicit transactions on the platform, including for drug trafficking, money laundering, and ransomware.

Legkodymov was charged with conducting an unlicensed money transmitting business; if convicted, he faces a maximum penalty of five years in prison, the DOJ said.

Law enforcement officials in France, Spain, Portugal, and Cyprus dismantled Bitzlato’s digital infrastructure, the DOJ said, and seized its cryptocurrency among other enforcement actions.

“This is a unique step that has only been taken a handful of times in Treasury’s history for some of the most egregious money laundering cases and is the first of its kind specifically under new authorities to combat Russian illicit finance,” said Deputy Secretary of the Treasury Wally Adeyemo during a press conference. “… Treasury’s action today sends a clear message that we are prepared to take action against any financial institution—including virtual asset service providers—with lax controls against money laundering, terrorist financing, or other illicit finance.”

The law cited by FinCEN, Section 9714(a) of the Combating Russian Money Laundering Act, is an example of the agency “using its available tools to target Russian illicit financial activity and counter the ransomware threat,” it said. FinCEN said most ransomware incidents in the second half of 2021 were “conducted by Russia-related ransomware variants” and that Bitzlato is part of that larger Russian ecosystem. The DOJ said Bitzlato received more than $15 million worth of ransomware proceeds.

Other cryptocurrency exchanges have been accused of being money laundering vehicles or having insufficient anti-money laundering (AML) controls. Tornado Cash was sanctioned by the Office of Foreign Assets Control (OFAC) in August for allegedly laundering more than $7 billion in cryptocurrency since 2019, while virtual currency mixer was also sanctioned in May.

Earlier this month, the New York State Department of Financial Services (NYDFS) ordered cryptocurrency exchange Coinbase to pay $100 million for AML-related compliance lapses.

In October, Bittrex paid a $29 million penalty to FinCEN and OFAC for Bank Secrecy Act (BSA) violations involving AML and suspicious activity reporting requirements. Robinhood Crypto paid a $30 million fine to the NYDFS in August for failures in its AML and cybersecurity procedures.

In August 2021, BitMEX agreed to pay $100 million to settle allegations by the Commodity Futures Trading Commission and FinCEN that it violated the BSA and other AML laws.