Public Key Podcast

Unraveling Russia’s Crypto Sanctions Evasion and Disinformation Campaigns: Podcast Ep. 130

Episode 130 of the Public Key podcast is here! Russia has become an international force using cryptocurrency for sanctions evasion, ransomware attacks and most recently malign interference in US and other elections. They just announced legislation that is legalizing crypto for cross border transactions and mining which now has the global crypto community on high alert. We have Valerie Kennedy (Director of Intelligence Solutions, International, Chainalysis) and Andrew Fierman (Head of National Security Intelligence, Chainalysis) to demystify how Russia is actually utilizing crypto. 

You can listen or subscribe now on Spotify, Apple, or Audible. Keep reading for a full preview of episode 130.

Public Key Episode 130: Exploring Russia’s role in cryptocurrency

Russia has become an international force using cryptocurrency for sanctions evasion, ransomware attacks and most recently malign interference in the US elections.

Ian Andrews (CMO, Chainalysis) speaks with colleagues, Valerie Kennedy (Director of Intelligence Solutions, International) and Andrew Fierman (Head of National Security Intelligence) on the heels of Russia enacting significant legislation changes including legalizing cryptocurrency mining and permitting the use of crypto for international payments.

The trio explore Russia’s utilization of sanctioned crypto platforms like Garantex, the rising use of Telegram for illicit activities and the global implications of their election interference and disruptive tactics across the USA, Europe and beyond.

They highlight that Russia’s affiliated media firms were funnelling millions to US-based influencers to spread propaganda, the use of bot networks and the troubling rise of online platforms selling compromised social media accounts.

This is a must listen, as Russia has become the international focus when it comes to geopolitical hotspots. 

Quote of the episode

“You have Garantex, an entity that operates from Federation Tower, which has very close ties to the Russian government, and then you are operating at scale, on a continued basis, post [sanctions] designation, at the volumes that they are.”  – Andrew Fierman (Head of National Security Intelligence, Chainalysis)

Minute-by-minute episode breakdown

2 | Valerie Kennedy’s cyber background and transition into working at a crypto exchange

4 | Is Russia leading the crypto industry in sanctions evasion, elections interference and ransomware attacks? 

6 | Understanding Russia’s secondary sanctions dilemma 

10 | Russian sanctions evasion using crypto and traditional fiat 

14 | Russian media companies bankrolling American influencers to create Pro-Russia propaganda 

20 | The effectiveness of Sanctions against illicit Russian actors in the crypto industry

23 | Russia’s attempt to influence other countries and using spies and crypto to do so

26 | The significant of Telegram Founder getting arrested and the controversial use of the messaging platform

28 | Why are manufacturers of Unmanned Aerial Vehicle (UAV) being sanctioned?

32 | How sanctioned Russian exchange, Garantex is still thriving using stablecoins

35 | Key takeaways for compliance officers navigating Russian connected typologies 

Related resources

Check out more resources provided by Chainalysis that perfectly complement this episode of the Public Key.

Speakers on today’s episode

  • Ian Andrews *Host* (Chief Marketing Officer, Chainalysis) 
  • Valerie Kennedy (Director of Intelligence Solutions, International, Chainalysis)
  • Andrew Fierman (Head of National Security Intelligence, Chainalysis)

Mentioned Episodes:

 

This website may contain links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.

Our podcasts are for informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material.

Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material. 

Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Chainalysis. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Chainalysis employees are those of the employees and do not necessarily reflect the views of the company. 

 

Transcript

Ian:

Hey, everyone. Welcome to another episode of Public Key. This is your host, Ian Andrews. Today, we’re going to talk Russia. I’ve brought two of my colleagues, both experts in the respective fields. Valerie Kennedy, who’s director of Intelligence for International here at Chainalysis, and Andrew Fierman, who’s head of National Security Intelligence at Chainalysis. Val, Andrew, welcome to the show.

Andrew:

Thanks for having us.

Valerie:

Excited to be on. Thanks, Ian.

Ian:

This has been a busy news month or a couple of months when it comes to Russia, so we’re going to dive deep into everything that’s going on related to Russia, crypto, sanctions, which I know our audience is very excited about. But Val, this is your first time on Public Key. Maybe we can start with a little bit of an introduction. How do you find yourself here at Chainalysis leading our Investigations Team?

Valerie:

Yeah. So, first of all, I’m very excited to be on and can’t think of a more exciting topic to get to chat about as this is sort of what I spend my time at Chainalysis nerding out about. But prior to joining Chainalysis, I actually worked at a cryptocurrency exchange called Bittrex on their compliance side, so have a compliance background. And then prior to that, I was doing Fulbright at Tel Aviv University both on the study side, so getting my master’s focused in cyber warfare as well as in research, again focused in cyber.

And then prior to that, a combination of working in UNICEF’s emergency field office in Ukraine, as well as various issues surrounding Russia to include disinformation at the German Marshall Fund. So here at Chainalysis, it’s sort of a combination of all of these things combined, really excited to really focus specifically on the cryptocurrency angle of all of these subjects.

Ian:

I’m curious. How did you go from cyber warfare generally into cryptocurrency? What drew you into that opportunity at Bittrex?

Valerie:

The reality is I was in Tel Aviv looking at jobs in Washington DC, and this bizarre cryptocurrency compliance job came on my radar. So I remember running around professors asking them if we think this is legit or not. It was still earlier stages of cryptocurrency. I think many have a similar story. And I just decided to take the risk and it turned out to be one of the best decisions in my career. At Bittrex, I was actually a Chainalysis user, so that’s how I initially heard about Chainalysis.

Ian:

That’s amazing. What was the response when you asked your professors? Did they laugh at you and say, “No way, this crypto thing’s crazy, Val. Don’t do that to your career?”

Valerie:

He was like, “How bad can it be? Why not? Why not try it out? You’re already in cyber. You’re crazy enough so this is a far shot.”

Ian:

The best advice ever. Now, Andrew, this is your second time on the program. So people that are regular listeners maybe remember our past episode. But give us a quick rundown on your background prior to joining Chainalysis, and what sets you up as an expert in this world of international sanctions.

Andrew:

I spent about a decade in financial crimes compliance in the traditional finance world, primarily focusing on sanctions compliance. And I think one of the things that I realized pretty early on is that people who are subject to sanctions aren’t going to be overly willing to put their information through the know-your-customer process at a mainstream financial institution. And so I kind of started begging the question of, “How do bad actors evade detection, assuming that they are still utilizing traditional finance as part of their laundering mechanisms?” And so with that, really focused a lot on sanctions and building out proactive investigative sanctions compliance programs.

And when it comes to entities that are trying to avoid detection, they’re typically going to try to use the newest mechanism or the newest technique out there to try to get around it. And that inevitably led my investigative research and intelligence collection to the world of crypto. And I was introduced to Chainalysis through some work meetings, and all went from there. This has been the most fascinating unique field echoing Valerie’s sentiment on that.

Ian:

And I think the collision of the work that each of you do at Chainalysis, probably has an epicenter right in Russia where the activity, be it ransomware or elections interference or sanctions evasion, Russia ticks the box on all three.

For listeners that maybe haven’t been paying attention, we’re deep into election season here in the United States, and there’s been quite a lot of news recently about Russia and their attempts to interfere in the election through propaganda. The topic of Russia, the election interference, sanctions evasion, but they’ve also started adopting crypto. It appears to circumvent some of the sanctions that are maybe restricting international commerce. So, Andrew, maybe I can start with you because there’s been some recent legislative changes that have happened in Russia to enable businesses to actually use crypto for international payments. Talk to us about what the significance of that change is.

Andrew:

Absolutely. So there have been two real major legislative points that have come into play in Russia. And Russia’s kind of gone back and forth over the last few years on where they stand with crypto. But most recently, it’s already been enacted in the beginning of September. It was essentially a bill to facilitate cross-border payments, particularly via cryptocurrency within Russia.

And then there’s a second legislation around cryptocurrency mining, which will take place in November. And so what both of these do is facilitate the oversight and control by the Central Bank of Russia in order to drive cryptocurrency usage mainstream for both profiting within Russia as well as facilitating cross-border payments. But this really comes a lot in the light of a lot of the sanctions that have been happening. I mean, we’re talking about massive broad sanctions within Russia.

And I think one of the recent ones that really came to focus for me is the secondary sanctions risk that’s been applied to traditional financial institutions in Russia. So essentially, what that means is that if you’re not just sanctioned and put on the SDN List, but you’re also subject to secondary sanctions, which means that any company or individual that is considered to be doing significant transactions with any of those entities also may be subject to sanctions. So it can be used as a deterrent in third countries getting involved in doing business with sanctioned Russian banks that are subject to secondary sanctions.

And so in light of this, I think this has potentially been part of the driver to build out some of this new legislation to facilitate some of these other mechanisms as far as how they move money, evade sanctions, and all of the above.

Ian:

The idea is if Treasury OFAC hasn’t sanctioned a particular individual or a particular financial institution in Russia, there are still pathways to transfer money there. But this secondary sanctions exposure that you described basically says, “You could be subject to interacting with a sanctioned entity. Really anybody that’s in Russia, if you’re doing business with them, transferring currency, you’ve got that risk, and it sort of makes it very difficult for any sort of international finance to take place.” Is that sort of the layman’s assessment of what’s happening there?

Andrew:

So long as those entities are utilizing the traditional financial institutions in Russia that are subject to secondary sanctions, the involvement of using them would prohibit any sort of activity, and potentially put those other institutions at risk. So when we start talking about relationships with other countries, say China, that may cool some of the effects of that relationship because of the risk to China of having their financial institution sanctioned as a result of engaging with those Russian banks that are subject to secondary sanctions. I see you nodding your head. I don’t know if you have something to add here.

Valerie:

I would be remiss not to add that Russia’s got a serious problem here too in terms of what currencies they’ll use for this type of activity. So in Russia’s perfect world, they would have used central bank digital currency, which they’re in the process of developing like several other states. That’s been pretty slow to develop slow to test, so they’re going to need to use different types of cryptocurrencies instead for these types of payments.

And now, they’re grappling with the idea of whether or not they should be using a stablecoin or other types of cryptocurrencies that they then develop. So I think one interesting point here to watch is what type of currency they’ll end up gravitating to. How quickly compliance officers are able to then respond to that different typology? And the other note that I’d like to make is Russia didn’t want to make this decision. Really in their perfect world, again, they’d use a centralized digital currency. They have full control over this process. But it is really a response like Andrew said, to multilateral strong sanctions regimes where they’re having to seek an alternative.

And internally, within Russia, they’re still framing this as a patriotic effort. It’s both patriotic as it is economic, where Russia is now needing to figure out a way to keep their economy strong. But again, the challenge here will be the response from their partners like Iran and China, and whether or not they want to be subject then to those possible secondary sanctions.

Ian:

It’s interesting takeaway that this is actually a reflection of the success that the sanctions program led by Europe and the US has had over the last two years. You mentioned compliance officers at crypto exchanges. What would you suggest, Val? Particularly since you’ve come from that world, what should they be doing knowing that this is likely to show up on their doorstep here shortly?

Valerie:

It’s a really challenging question. I think it’s going to involve, for better or for worse, taking a more comprehensive look at any services coming out of Russia or in Russia-backed states. Where before, we could just look at sanctioned exchanges or services or ones that we know have a tie to the regime. Now, we’ll be looking at these smaller exchanges and services that may have nexus to the regime. The due diligence process is just going to become in some ways increasingly laborious, ensuring that we check the boxes and we know whether or not there’s any registration within Moscow or any agents within Moscow. It’s going to involve more OSINT than previously. So just a more thorough understanding of basically, any exchange or service that touches Russia.

Andrew:

I think that really kind of dives into one of the things I was thinking about, which is, there’s a certain typology of service that’s already out there today that I think there is a lot of challenges in grappling with which is these Russian-language, non-KYC, instant-exchange style services. So essentially, these are websites that are in Russian, however, there is no corporate entity behind them. There’s no registration behind them in most instances. So there’s no clear confirmation, at least from our perspective, that they are in fact based out of Russia.

But then there’s one really telling part of it, which is these instant services, the goal is to either swap fiat to crypto, vice versa, or crypto to crypto in real-time. And what these services are offering is on and off-ramping with sanctioned Russian banks. So you can quite literally as an individual in Russia who otherwise has a bank account at a sanctioned bank, let’s just pick Sberbank as an example here.

An individual can’t use their Sberbank account to transfer or receive money in traditional fiat currency today. But what they can do is go to one of these instant exchanges, connect their bank account at Sberbank to the instant exchange, put in whatever amount of money they want, and they’ll get crypto kicked out to whatever predetermined address that they have. And all you’re going to be able to see on chain is that this Russian-language, no-KYC instant service has swapped funds out of its infrastructure to an unknown wallet. There’s no indicator of that off-chain aspect that can be identified. So it’s essentially sanctions evasion for individuals or entities that are looking to avoid that concern of flagging Sberbank on your transaction.

Ian:

Andrew, who do we think is operating these? This sounds like a service that maybe even Sberbank themselves would be setting up for their customers. Is there any indication of that?

Andrew:

It’s a great question. There are a lot of these services that operate out there. Some of them have interesting overlaps with one another. Some of them seem to act independently. They do have a pretty long list of sanctioned Russian banks that they do facilitate for. So Sberbank just being an example, but most instances there’s going to be a list of about a dozen sanctioned Russian banks that you’re allowed to on or off-ramp your fiat to these services. So it may just be something created by Russian nationals who are looking to help people on and off-ramp money internationally, or there could be a more illicit intent.

Certainly, historically, I think what was interesting is these services facilitated a lot of illicit behavior. And by illicit, I’m talking about illicit on-chain activity so darknet markets or ransomware facilitation. But I think more recently, we’re starting to see that they’re being used just to move money for the people because they don’t have access to the financial ecosystem as they did before the sanctions occur.

Ian:

Give us a sense of the scale of the instant exchangers. What’s the volume of funds that we’re seeing go through them monthly over the last year?

Andrew:

We’ll have to come back on that one. That’s actually going to be a teaser for the next sections. We’re going to do a blog post independently. We don’t have those numbers yet today. But I do see Val’s nodding as [inaudible 00:12:53] she might have something to add here.

Valerie:

It’s too good. There’s so much to say. I think we could go on for hours. But just further, to Andrew’s point about the volume of these services, one thing that we’ve been discovering is that there’s such a thing as what are called turnkey exchange services. One is actually located in Federation Tower, home to the world’s largest money launderers. And that actually offers, those interested in setting up their own exchanges, including in instant exchangers, all of the infrastructure, forum, street creds, chat bots, basically everything that you need to stand up one of these exchanges. So when one gets discovered or even designated, it’s really easy and as cheap as an investment of $5,000 to be able to set up another one. So, in some ways, this is really like whack-a-mole, and you can start to see the ease at which these can be stood up.

Ian:

That’s incredible. So only $5,000 fee to stand one of these up. I mean that’s basically available to anyone operating in the space. And I would assume that you’re probably making reasonably good money for that relatively small investment if you’re taking fees on a decent volume of exchange funds, right?

Valerie:

Yes, absolutely. And again, one of the most interesting things to me is that you don’t just get the infrastructure, but you get the street creds on these forums because you immediately get that built-in customer base as well.

Ian:

Yeah, interesting. Have we been able to ascertain who’s behind the exchange as a service offering? Is it any of the overlap maybe to some of the organizations that have offered ransomware as a service platforms?

Valerie:

We haven’t been able to see that yet, but we’re in the process of trying to understand those services better.

Ian:

All right. Well, we’ll have to keep an eye out that for the future. Maybe shifting gears a little bit. So topic number two, big news, at least to me, and I’m maybe even a little bit surprised this hasn’t been talked more widely in the US media that Russia had created an organization. I believe it was called Tenet Media, who was bankrolling a number of online political influencers, mostly Americans to push pro-Russian propaganda.

Val, can you explain what was going on here? I mean, this just blows my mind. It feels like something out of a Cold War spy film, but it was happening in real life here in 2024. What’s the story behind this one?

Valerie:

Yeah, so this is a really big story. And I will say that the Disinfo community is really excited to see this come to light because RT has been such a problem for so long. It’s been recognized across the EU and the United States. But this is really further highlighting that RT, which is a Russian-backed media company, is not just acting sort of as an agent of disinformation. They’re actually recruiting basically agents of disinformation, funneling money into the US system, and in some ways able to subvert US and EU regulation that has otherwise hampered down their ability to operate freely by basically creating clone websites or recruiting American agents, for example, in this case.

The story here is really that RT, a couple of those affiliated with RT, funneled, like you said, somewhere short of $10 million into Tenet Media, which is a Tennessee-based media company that then paid their media influencers to put out Russian messages. And those media influencers were allegedly unwitting to any of this. But the folks at the highest echelons of Tenet Media were aware that they were in fact in cooperation with RT agents. So we see a lot of attention on this, because again, although RT has been recognized as an agent of the Russian government, this is being put out through trusted American influencers or trusted by a certain community, and that has made Russian messaging much more easier to masquerade.

Ian:

It’s one thing to tune into RT, what used to be called Russia today, it was very clear like, “Well, if I’m watching this, I’m getting the Russian perspective on whatever topic they’re discussing.” It’s quite a bit different when you see an American in your Instagram Reels feed kind of covering a topic. And now, of course, we know that that was really Russian disinformation just being funneled straight to them.

Valerie:

Yes, that’s right. And that was actually happening at the same time as what’s called or known as Doppelganger, which was the creation of websites that were meant to clone, again trusted, in this case, US websites. A lot of times, there was a typo of one letter, and they were also recycling Russian language or specifically RT media. So a very similar scenario in which we’re going to what we think is a trusted US-based website, and it’s just a way to hide or obfuscate RT propaganda.

Ian:

It’s incredible. The scale of this operation was quite large too, right? I mean there were millions of dollars that were funneled into Tenet from RT. Is there potential that there’s other recipients of all that money that has yet to come to light? I wonder how big the reach and influence campaign actually was.

Valerie:

Yeah, this is really big. And RT has been in hot water and in the news for similar types of operations over the last few months and even years. What I think is the most interesting one is recent US DOJ takedown of a RT-funded troll farm that took place on X. There was a takedown of 968 X accounts that were also propagating Russian propaganda. And in that case, it was very interesting because the way that they were registering those X accounts actually had a cryptocurrency nexus. So again, similarly funded by RT, another big propaganda network that was in the media just a few months ago. So to your point, Ian, I think we’re going to continue to see this type of news come to light.

Ian:

Talk more about the cryptocurrency nexus inside of the X bot network.

Valerie:

Sure. So the challenge with these bot networks is really how to subvert the verification process because X has of course ramped up their efforts to be able to detect this kind of thing. So in the case of this specific bot network, what they did was they registered some domains on Namecheap, which is again, a US-based company, and they used cryptocurrency to actually pay for those two domains on Namecheap. Those domains were then used to register email addresses. And those email addresses were able to subvert traditional detection methods. That also included the use of AI and other technologies to create believable personas. But the cryptocurrency nexus really was in the purchase of those domains.

Ian:

Yeah. And through the cryptocurrency that was used to purchase the domains. Have we been able to discover sort of linkages back to maybe other interesting activities, illicit activity on chain?

Valerie:

It’s still an ongoing investigation. But what I can say about it is it just further helps us understand the types of typologies that we should be looking for. So the fact that the agents of RT were using Namecheap specifically is not surprising, but again, interesting to note, because I think we’ll continue to see this type of activity from RT and other Russian-backed media outlets.

Ian:

Andrew, bringing you into this one. There were sanctions announced, I think, related to this. What’s the efficacy of something like that? Or is this another game of kind of whack-a-mole where as soon as we apply sanctions to the one group, apparently behind one of these disinformation campaigns, they just respawn elsewhere under a different brand?

Andrew:

I think it really depends on the entity, the operation, and the underlying regarding the sanctions events. So take from 2021, SouthFront was sanctioned by OFAC as a primary Russian disinfo campaign operated by the FSB, I believe.

And in that instance, they’re still soliciting cryptocurrency donations to this day. They’re occasionally changing their addresses and updating it, but the amount of funds coming in via cryptocurrency are pretty limited. And so I think, in reality, it’s not going to be driving their program forward when we’re talking about thousands of dollars. But what that might mean for the broader ecosystem, I’m not so sure. It may help deter donors from donating to them the ability to take action against those donors to the cash-out points that SouthFront is using. But I don’t think that’s really their primary intent of what they’re doing.

Alternatively, you have an individual like Ilya Gambashidze who some of his addresses were sanctioned by OFAC included in his designation, and he was involved in disinformation campaigns. But again, those were the personal accounts that he was using. So that information wasn’t necessarily open-source to anyone outside of those in the know prior to the designation. And so, with that said, that might disrupt the use of those wallets. But I think, ultimately, it is a bit challenging to identify the true efficacy of the cryptocurrency aspect in those examples. But I think there are a lot of unique insights that can be peeled back from that. Val, I’m not sure if you have something else that you wanted to add or share some of those connections that we’ve seen with SouthFront and others.

Valerie:

And just to add to your point too, Andrew, just around sanctions and whether or not they’re effective. One way in which I think sanctions are interesting and in some ways, a more aggressive shift for USG and their partners goes into the technique of naming and shaming. Something that the US government and partners have been talking about for a while in particular since the 2020 elections is how much light to shed on these efforts, and whether or not that’s going to give these actors even more attention than they deserve, whether it should come from the government, whether that’s the right voice for this. And I think these designations are not only to stop the funds going into those addresses or to those individuals but also part of the broader campaign of actually shedding light of this on this activity because they get so much attention. So I do think that it’s showing that it’s being taken really seriously, and it’s really highlighting the techniques that are being utilized, the individuals behind them in a more aggressive way than we’ve ever seen before. So for that reason, I think it is a more aggressive stance.

Ian:

Yeah. It seems like another case where sanctions while not perfect, definitely having an intended effect, and something that we want to see the government continue with. I’m curious maybe outside the US because obviously, the three of us sitting in the United States and in the midst of election season here, it’s where a lot of my focus is. But I believe that this calendar year, we’re going to see more people vote than have ever voted before in the history of the world, so more democratic elections. Is there any sense to Russia’s attempts at influence in other countries around the world? Are they doing similar things to what we’ve discovered here in the US abroad?

Valerie:

Unfortunately, they are, and really is a global effort. And it’s not just Russia too, we’re seeing similar types of efforts from China and Iran. Russia is just the loudest and possibly most pervasive in this space, but we’re certainly seeing these types of efforts globally. One that we’re watching right now are the Moldova elections, which are coming up where we’ve certainly seen Russia interfere from an election perspective. We’re also seeing Russia fund general disruption campaigns across Europe as well where they’re paying for espionage using cryptocurrency.

A story broke late last year where Russia was paying for spies in Poland using cryptocurrency in a way that can be seen as a form of influence or interference. Similarly, paying for just general disruption around the election cycle across Europe to include setting buses on fire, paying off MPs, all types of activities aimed at one goal, really around subversion and sowing distrust in democracies globally.

Ian:

Yeah, it does seem like an overwhelmingly large problem. One of the recent pieces of news related to Telegram, which I think plays an interesting role in both coordination and information dissemination, the CEO is arrested in France and effectively charged with conspiracy and criminal activity related to things that people were using the Telegram app for. I know that we’ve tracked the use of Telegram. And as far as I understand, it’s used both on the pro-democracy, pro-Ukraine side, as well as the pro-Russia side fairly extensively. Do either of you have a take on the role that Telegram plays here, and what should maybe they be doing better or differently going forward to dump out some of this disinformation campaigning?

Andrew:

I can kick this one off. Yeah. We spoke about this the last time I was on the podcast, and we were talking about Russian militia groups. And an overwhelming portion of them we’re leveraging either Telegram or VK, VKontakte as sources to solicit donations. So essentially, what we would be seeing is these users with public pages soliciting donations for military goods, whether it be drones or sniper scopes, whatever it may be on Telegram, and then including cryptocurrency wallets in order to make those donations.

We’ve certainly seen that subside a bit over the last few years. I think probably in part due to a lot of this activity coming to light and being monitored by the ecosystem and the accountability held from that. So I can’t necessarily say what Telegram could or couldn’t be doing better. But certainly, I have noticed that a lot of the activity did initially occur on those platforms.

Ian:

Yeah. Val, anything you want to add?

Valerie:

I fully agree with everything he said. I don’t have anything to add there.

Ian:

Okay. Now, we recently published a whole report focusing on this topic of malign interference into elections. And one of the companies, I guess was called Ubar Store, an illicit website where people and groups can purchase stolen compromised social media accounts. What’s the story with Ubar? What kind of role are they playing in this whole process of spreading disinformation?

Valerie:

Yeah, great question, Ian. So Ubar is really one example of many, many types of services that allow for payment in cryptocurrency among other types of methods. And Ubar, in particular, was interesting to us because it’s very much targeted at Russian individuals. The reason I say that is because it’s fully and exclusively in the Russian language. The language is clearly written by a Russian native speaker. And the purpose of Ubar is really to offer bulk social media accounts in different Western states at a very cheap price. So you can go onto Ubar and for as cheap as 10 cents an account, buy 50 Facebook accounts instantly.

Ian:

Wow.

Valerie:

It’s a stolen credentials or compromised credentials service that is key infrastructure for disinformation campaigns or other types of illicit campaigns.

Ian:

Hearing that makes me question anybody that I don’t know personally, any content that I see online, I’m sort of like, “Well, is this a real person? Is this a bot? Is it a real person using a stolen account?” It almost seems like we need some sort of online identity system where we can actually verify that humans are behind the content that we’re reading. Right?

Valerie:

I know. I wish there was a technology that would allow for a trustless verification system.

Ian:

It definitely makes you want to question everything that you see online though, and a little bit skeptical, I would say, of news and information unless you truly trust the source.

Andrew:

Good social media hygiene right there, Ian.

Ian:

That’s right. For anybody who’s online. That’s my advice for the day.

Valerie:

It’s definitely true though. Because one thing that I found to be very interesting is these offerings aren’t new. We saw this in the 2020 elections. We saw it prior to then in 2016. What’s really new is the emergence of more advanced technologies that not only make this cheaper and more instant but also more believable. So when we look at the profiling of these accounts, they’re using artificial intelligence. These individual profiles all have souls. They’re literally called souls. And so the profiles of the individuals are much more complex. They’re speaking more authentically. So I agree with you. We really have to be skeptical about everything that’s out there.

Ian:

Unbelievable. All right, Andrew, shifting gears a little bit. There was another sanction that came out recently related to 400 entities across the Russian military supply chain and included a number of manufacturers in the unmanned aerial vehicle or UAV space. And I understand there’s a bit of a crypto nexus there as well. Can you kind of unpack what the sanction was about kind of on-chain perspective that we discovered there?

Andrew:

I think what made this particular designation interesting is it’s not the first time that OFAC has designated Russian militia groups. It’s not the first time Russia has designated militia groups with cryptocurrency addresses. But what we’re seeing in this case, which I find to be particularly interesting is that the off-chain aspect of it aligns very clearly, at least from a hypothetical perspective, with what we’re seeing on-chain. So the entity named KB Vostok was designated, and they tout that they have these highly effective, relatively low-price UAVs called Scalpels. And they run about $2,000 per unit.

Now, when we go look at the on-chain aspect of this entity. Most of the transactions that are coming into this UAV manufacturer are roughly in that $2,000 price point or multiple of that price point. So first, we have that indicator that there’s a likely chance of people buying drones from them.

But then secondly, and more interestingly is that most of those purchases are from a single wallet. And when we look at that wallet, that’s a wallet that’s processed over $40 million. And so, at that scale, who’s buying $2,000 UAVs from a Russian UAV manufacturer that has publicly stated that they are selling their UAV products to the Russian military? Then that kind of leads to the question of, “Well, who is this wallet belong to that’s processed over $40 million?”

And then we see that that wallet has off-ramped a lot of its money to surprise, no less, Garentex, which is for those of you not aware is a sanctioned Russian cryptocurrency exchange designated in April of 2022. Unlike its predecessors and counterparts that have been sanctioned, Garentex has continued to operate and has processed almost $100 billion total in its lifespan. And so the fact that this unknown buyer is purchasing cheap UAVs from this producer has processed that kind of money and is off-ramping a lot of its funds at Garentex, which was known for facilitating the off-ramping for a lot of other illicit activity, namely ransomware payments and other illicit aspects of the Russian crypto ecosystem.

It begs to wonder who is this entity and who else are they operating with? And I think this is the first time we’ve really seen that. In a lot of the past designations with crypto, we’ve seen donation amount, 50 bucks, a thousand bucks, 500 bucks, whatever it is. And while they are soliciting donations for specific items to facilitate their militia efforts, we don’t necessarily know exactly what it’s for. But in this case, we have a UAV manufacturer that sells one thing, which is roughly $2,000 UAVs. So that on-chain aspect really aligns interestingly with what we’re seeing off-chain and tells a unique story that might give insights into the Russian government’s military activity.

Ian:

And if I’m doing my math right, $40 million at $2,000 a piece, that means they’ve sold about 20,000 units. That’s a pretty substantial supply of UAVs.

Andrew:

This UAV manufacturer has only done about $30,000 or so. It’s the entity that is buying those $30,000 worth of UAVs has done a total of $40 million. So it does beg the question of what else that wallet is doing with their money and who else they’re buying things from or selling things to.

Ian:

Got it. Thank you for the clarification. I’m curious about Garantex. It was big news when they were sanctioned because of all the illicit activity that was traced directly back to them as you described. They’ve continued to operate seemingly, if anything, maybe even with higher volumes, more user activity post-sanctions than pre-sanctions. How do you think this plays out? And secondarily to that, I think we see quite a lot of stablecoins being sent through Garantex as well, which is surprising to me given the ability for stablecoins to be frozen that we haven’t seen more disruption happening via that channel. I’m curious on your perspective there.

Andrew:

That’s a loaded question for sure. But I do think one of the things with Garantex in its continued operation kind of aligns with what we were talking about at the top of the hour with regards to the legislation around cross-border payments. And I think this is one of the questions that’s still outstanding and something that we’re going to have to see how it actually develops. But if the goal of this legislation is to consolidate control within the Russian government, you have Garantex, an entity that operates from Federation Tower, which is very close ties to the Russian government. And then you are operating at scale on a continued basis post-designation at the volumes that they are, it begs the question of what kind of part they might be taking in this future state of facilitating cross-border payments for the Russian government. So I think that’s my thought on question one. Maybe we parse this into two and go to the stablecoin aspect next. But Val, I don’t know if you had anything you wanted to add there on Garantex.

Valerie:

Yeah, I’ll just say doubling down on Andrew’s point, I fully agree with that. And even from what we’ve seen in mapping out Garantex’s ownership, we’ve seen historic FSB ties. So it’s unsurprising that we’ve seen them continue to sort of run confidently despite designations and even come out and say that designations don’t apply to us, and here’s how you subvert detection. I agree that they’re going to continue to be an important player in this space with the new legislation.

Andrew:

I think moving over to the second part of your question on stablecoins. I think the interesting thing there is when you’re subject to sanction, you’re in a highly volatile ecosystem. You’re going to be looking for a stable source of funds. So with the ruble value diving all the time. There’s that risk of having any money in ruble. So the goal is to get it into the most stable, safest place. So I think this stablecoin concept kind of applies not just to Russia, but really anywhere where there’s volatile local currency or comprehensive sanctions within that jurisdiction that you’re operating in.

With that said, when it comes to Garantex and disruption, I think one of the big challenges is they are fully aware that they’re sanctioned. They even came out so much two days after they were designated by OFAC on Facebook and announced that like, “We’re not in the US. We’re going to keep working.” So they weren’t really trying to hide any point that they were going to continue operating.

And so I think they’ve just become more complex in the way that they’re operating their service infrastructure in order to avoid detection. So I don’t think this is so much an issue of just stablecoin issuers sitting on the ability to freeze hundreds of millions or billions of dollars. They’re moving their infrastructure around in a way intentionally to attempt to avoid detection.

Ian:

Yeah. And maybe this is a good point to transition to our last few questions here. So, Val, I think we’ve laid out, if I were a compliance officer, I’d be a little bit afraid at the challenge that sits in front of me between the elections and the military sanctions. There’s a lot going on. It all seems to have an element of cryptocurrency of not a direct nexus and focus. If I’m sitting at a cryptocurrency business in a compliance role, what should I be doing to detect and prevent this stuff and protect my platform, fulfilling my job responsibilities?

Valerie:

Yeah, we talked about it at the start here. It’s going to be taking a more comprehensive look at these heavily sanctioned regimes like the Russian Federation. So really looking at mapping out the networks, mapping out location, not just where someone might be listing their registration address, but also which persons are involved in the organization, just ensuring that you’re not on-ramping anyone who you shouldn’t be.

I will say again, a positive impact of the designations is that it does put more of that out in light. I think prior to that, we really held that type of information close to the chest, so it does make it easier for compliance officers to see cryptocurrency addresses actually listed in designations, to see business names listed in designations that will make the plight a little bit easier.

And the other thing that is more specific to malign influence, in particular, disinformation, is the amounts don’t have to be large, like we chatted about. This is pretty cheap to do. In particular, buying infrastructure is inexpensive, so ensuring that we’re not just looking at large amounts, but also the overall typologies. So really understanding the risk associated and the risk profiles associated with this type of activity, whether that be nexus to a sanctioned regime like the Russian Federation, and purchasing certain types of infrastructure and nexus to other illicit types of activity, really ensuring that the risk profile is built out in a way that’s not just looking at amounts. But it’s an ongoing challenge, and I’m hoping that more of this that comes to light, the easier it will get for compliance officers globally, but it’s certainly not an easy task.

Ian:

That’s right. We feel for our friends and colleagues in compliance. It’s a big challenge.

Valerie:

I don’t envy you.

Ian:

Andrew, last thought from you. I’m curious. We’ve talked a lot about Russia here, but I sense that it’s not solely Russian Federation. There’s some allies that are influencing activities here all around the world that we should probably be paying attention to. I know you and the team are working on some interesting research, maybe preview where this is all going what we can expect to hear more about as we go later in the year.

Andrew:

I think there is an unlimited number of topics to unpack here. But first and foremost, I think top of mind with regards to Russia is going to be seeing how this legislation actually plays out in reality. So what does it mean for cross-border payments? Will Russia resort to using services like Garantex? Will they create new platforms? Will it be clearly government-backed, or will they try to have a veil of, “Hey, this is a private business and it’s just being overseen by the Russian government”?

And then when it comes to the mining aspect, how will they monetize? How will they oversee it, and how will that really play into the ecosystem? But when we’re talking more broadly, there’s a lot of other things coming in discussion. There’s the BRICS community, which includes countries like Iran and China in addition to Russia as well as a handful of others. But the question will be whether there’s going to be blockchain initiatives actually followed through on there. There have been talks about it openly. So I think the development of that relationship and where that might go is going to play into things. There’s been talks of Iran, Russia, gold-back stablecoin, or something of that nature. I mean, there’s an endless realm of avenues for us to be taking a look at and monitoring, and just really curious to see where this will go coming into the end of this year and into next year.

Ian:

All right. Well, folks are going to have to stay tuned because obviously this space is not slowing down, and the incredible things just keep coming. So thank you both Val and Andrew for joining the podcast today. Loved all the insights. Great conversation.

Andrew:

Thanks for having me.

Valerie:

Thanks for having us.