On November 3, 2023, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Russian national Ekaterina Zhdanova for using cryptocurrency to launder money on behalf of Russian elites, ransomware groups, and other bad actors. Below, we’ll explore the three Bitcoin addresses included in OFAC’s designation that she used to facilitate these illicit activities.
Ekaterina Zhdanova: Who she is and why she was sanctioned
Zhdanova employed her knowledge of cryptocurrency and connections with illicit actors around the world to launder money for Russian elites. According to OFAC, in March 2022, Zhdanova helped a Russian client launder more than $2.3 million, moving the money to Western Europe via fraudulent investment accounts and real estate purchases.
In another instance, a Russian oligarch contacted Zhdanova to move approximately $100 million to the United Arab Emirates (UAE). She helped similar clients obtain tax residency in the UAE, as well as identification cards and bank accounts based in Dubai. Zhdanova used similar tactics to move ill-gotten funds for the Russia-based ransomware group, Ryuk.
How did Zhdanova successfully execute these activities? Typically, she transferred funds through crypto platforms without Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) controls. One such platform is Garantex, an OFAC-designated Russian crypto exchange we previously wrote about for its role in money laundering and which accounted for the majority of sanctions-related transaction volume between 2022 and 2023. Zhdanova also leveraged her connections with other money launderers to expand her global reach, and gained access to more traditional high-end businesses, such as a luxury watch company, which opened doors to financial systems in other countries.
A search of her email address also reveals a small hotel she is selling in Russia, as well as pages related to other similar business ventures. While it’s unclear whether these initiatives are related to her money laundering activity, they show the breadth of her business operations overall.
Zhdanova directly assisted Russian oligarchs in circumventing recent sanctions enacted by the U.S. in response to Russia’s invasion of Ukraine. By working with Zhdanova, these individuals were able to access international markets — despite the sanctions — and provided an origin of funds that would not come into question with international authorities. Due to these activities, Zhdanova was designated under Executive Order 14024, for laundering on behalf of oligarchs and ransomware groups.
Zhdanova’s on-chain activity
OFAC identified three Bitcoin addresses as associated with Zhdanova:
- 1Ljk8RNNabkZ9bfDYQBn98XfFozJhTjqcZ
- 3685sEusmTwZBiKJ4cgV73EAhpVD1nbgbe
- 39p8qWp1bkBNhi4vPpFTetKPtH7goqNDZf
The Chainalysis Reactor graphs below paint a more detailed picture of Zhdanova’s on-chain activity.
Starting on the left side of the first graph, we see that Zhdanova received several millions of dollars from a service provider to her personal wallet via a group of intermediary wallets. Those funds were then transferred to Zhdanova’s two exchange deposit addresses that were highlighted by OFAC, one of which is hosted at a high-risk exchange and the other at a Russian exchange. Those deposit addresses likely represent cash-out points at services that have limited or no AML/CFT controls in place. Multiple large deposits to Zdanova’s personal wallet can be traced back to the service provider and were cashed out at these deposit addresses on the same day, demonstrating how Zdanova was able to quickly move funds on behalf of her customers.
Are you a Reactor user? Click here to see this graph for yourself.
As mentioned by OFAC, Zhdanova also laundered money on behalf of ransomware groups. In the graph below, you can see how ransomware funds were transferred to Zhdanova’s wallet via a counterparty. Zdanova then transferred millions of dollars to deposit addresses at mainstream exchanges, as well as to the aforementioned Garantex. This shows the breadth of her utilization of cryptocurrency throughout the ecosystem, leveraging mainstream exchanges and those with AML/CTF deficiencies to launder funds on behalf of Russian oligarchs.
Click here to see this graph for yourself.
Monitoring cryptocurrency laundering and ransomware crimes
As we recently identified, ransomware is on the rise in 2023, with the majority of active ransomware groups linked to Russia. Additionally, many high-risk exchanges operating in Russia continue to launder money and work with ransomware groups to orchestrate other crimes. These malicious activities highlight the need for law enforcement across the globe to utilize blockchain analysis to target and disrupt these organizations.
OFAC’s actions today demonstrate their commitment to safeguarding the United States financial system by monitoring and sanctioning illicit actors using cryptocurrency. As a result of Zhdanova’s designation, exposure to any of the three Bitcoin addresses poses sanctions risk.
We have labeled the relevant address as associated with the sanctioned entity in our product suite.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.