|
Date
|
Entity
|
Charge
|
Resolution
|
|
May 1, 2023
|
Poloniex, LLC (crypto asset trading platform)
|
Treasury’s Office of Foreign Assets Control (OFAC) determined Poloniex was potentially liable for tens of thousands of individual sanctions violations over nearly six years. According to its press release, OFAC found that Poloniex significantly delayed the establishment of its sanctions compliance program and, following implementation, did not sufficiently block the use of its platform by IP addresses in sanctioned jurisdictions.
|
Poloniex paid over $7.5 million in its OFAC settlement.
|
|
Apr. 14, 2023
|
BitPay Inc. (U.S.-based payment processing solution for merchants to accept digital currency)
|
The NYDFS found that BitPay “failed to establish a system of internal controls designed to ensure ongoing compliance with the relevant AML laws and failed to provide for independent testing of its AML program.” Further, the NYDFS determined that BitPay did not “establish an OFAC quality assurance process”, and it failed to meet various cybersecurity requirements.
|
BitPay agreed to a NYDFS settlement of $1 million.
|
|
Mar. 27, 2023
|
Binance (digital asset trading platform) and its owner and CEO, Changpeng Zhao
|
The Commodity Futures Trading Commission (CFTC) filed a civil enforcement action against the entities that operate Binance as well as the platform’s owner and CEO for allegedly “knowingly disregard[ing] applicable provisions of the [Commodity Exchange Act (CEA)] while engaging in a calculated strategy of regulatory arbitrage for commercial benefit.” Allegedly, the company failed to require customers to provide identifying information, instructed some U.S.-based customers on how to evade its compliance controls, and failed to implement compliance procedures to prevent AML and terrorist financing.
|
Litigation is ongoing in the Northern District of Illinois, as of June 2023.
|
|
Jan. 18, 2023
|
Anatoly Legkodymov, executive of Bitzlato Ltd. (Hong Kong-registered cryptocurrency exchange)
|
Legkodymov was arrested for operating Bitzlato, which the DOJ alleged to have transmitted and transported illicit funds, and failed to follow AML laws and other regulatory safeguards. According to the DOJ, Bitzlato required little identifying information from users, and it used this fact as part of its marketing approach. Allegedly, Legkodymov wrote in a message on the company’s chat system that users were “known to be crooks” and registered on the platform under false identities.
|
Litigation is ongoing in the Eastern District of New York as of June 2023.
|
|
Jan. 4, 2023
|
Coinbase, Inc. (U.S.-based digital currency exchange)
|
The NYDFS determined that Coinbase had “significant failures in its compliance program,” including the failure to track, monitor, and report suspicious activity as required under the New York Banking Law and NYDFS regulations (incorporating federal law). The violations were discovered during a routine examination.
|
Coinbase paid $50 million to New York State and agreed to invest $50 million to improve its AML and sanctions compliance program.
|
|
Sept. 22, 2022
|
bZeroX LLC (operator of a decentralized blockchain-based protocol) and its founders, Tom Bean and Kyle Kistner
|
The CFTC charged bZeroX, Bean, and Kistner with “illegally offering leveraged and margined retail commodity transactions in digital assets; engaging in activities only registered futures commission merchants (FCM) can perform; and failing to adopt a customer identification program as part of the [Bank Secrecy Act (BSA)].” In taking this action, the CFTC chairman stated that he was determined to pursue an aggressive approach towards operations that purposefully evade oversight.
|
The CFTC settlement imposed a $250,000 civil monetary penalty on bZeroX, Bean, and Kistner. It also required that they cease and desist from further violations of this kind.
|
|
Sept. 22, 2022
|
Ooki DAO (decentralized autonomous organization and successor to bZeroX—see row above)
|
The CFTC filed a federal civil enforcement action against Ooki Dao, charging Ooki Dao with violating the same laws—described in the row above—that bZeroX violated, including the failure to adopt a customer identification program as part of its AML program. Allegedly, Ooki DAO ran an unregistered digital currency exchange that “operated the same software protocol as bZeroX.”
|
Litigation is ongoing in the Northern District of California as of May 2023.
One key ruling in the course of litigation was that, even though the exchange is a decentralized technological association (comprised of a collective of token holders jointly operating the software protocol) notice can be properly served upon it as though it were an “unincorporated association.”
|
|
Aug. 5, 2022,
and
July 26, 2017
|
BTC-e (digital currency exchange) and its owner, Alexander Vinnik
|
According to the DOJ, BTC-e had a customer base that was heavily reliant on criminals. Allegedly, BTC-e lacked AML processes and other internal controls to prevent the use of its services for illegal purposes. The DOJ stated that BTC-e “had no AML process, no system for appropriate ‘know your customer or ‘KYC’ verification, and no AML program as required by federal law.” As a result, BTC-e allegedly facilitated money laundering and did not report suspicious activity to law enforcement.
|
Aug. 2022: Vinnik was extradited to the U.S. from Greece. Litigation is ongoing in the Northern District of California as of June 2023.
July 2017: The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) assessed a civil monetary penalty of nearly $110 million against BTC-e, and a $12 million penalty against Vinnik. He was arrested in Greece and later extradited to France, serving out an additional sentence in connection with money laundering charges.
|
|
Aug. 8, 2022
|
Tornado Cash (digital currency mixer)
|
OFAC determined that Tornado Cash was used to launder $7 billion in cryptocurrency, including $455 million that was stolen by a hacking group sponsored by the Democratic People’s Republic of Korea (DPRK). OFAC added Tornado Cash to the Specially Designated National (SDN) list on the grounds that its mixer enabled illicit activities and sanctions evasion. OFAC also stated that it considers mixers like Tornado to be “high-risk,” until they have adequate AML controls in place.
|
OFAC added Tornado to the SDN List, where it remains listed.
Oct. 2022: Coin Center (a DC-based think tank that researches and advocates for cryptocurrency) sued OFAC, seeking Tornado Cash’s removal from the SDN List. Litigation is ongoing in the Northern District of Florida as of June 2023.
|
|
Aug. 8, 2022
|
Gregory Dwyer (high-ranking employee at BitMEX)
|
Dwyer, the Head of Business Development at BitMEX, pled guilty to violating the BSA by willfully failing to establish an AML program in his role at BitMEX. According to the DOJ press release, Dwyer knew that purported BitMEX “controls” were inadequate to comply with AML and “know your customer” requirements.
|
Dwyer was fined $150,000 and sentenced to a year of probation.
|
|
May 6, 2022
|
Blender.io (digital currency mixer)
|
OFAC determined that Blender.io was used extensively by a hacking group sponsored by DPRK. The mixer was allegedly used in support of malicious hacking and for laundering stolen cryptocurrency. OFAC designated Blender.io, and stated it will continue to "investigate the use of mixers for illicit purposes and consider the range of authorities [it] has to respond to illicit financing risks in the virtual currency ecosystem."
|
OFAC added Blender to SDN List.
|
|
April 5, 2022
|
Garantex (Russia-based digital currency exchange originally registered in Estonia)
|
OFAC found that over $100 million in Garantex transactions were connected to illicit actors and markets. OFAC described Garantex as willfully disregarding AML and countering the financing of terrorism obligations.
|
OFAC added Garantex to the SDN List.
|
|
Oct. 11, 2022
|
Bittrex, Inc. (U.S.-based digital currency exchange)
|
OFAC and FinCEN took parallel actions, finding apparent violations of multiple sanctions programs as well as willful violations of the BSA’s AML and suspicious activity reporting (SAR) requirements. The company allegedly failed to block thousands of transactions prohibited by U.S. sanctions and identify other suspicious transactions initiated using its platform.
|
Bittrex agreed to pay a total settlement of over $53 million, including $24 million to OFAC and $29 million to FinCEN.
|
|
Feb. 25, 2022
|
Satish Kumbhani, founder of BitConnect (alleged fraudulent cryptocurrency investment platform)
|
According to the DOJ, BitConnect misled its investors about its “lending program,” paying earlier investors with money from later investors. Further, the DOJ press release states that BitConnect did not register with FinCEN as a money services business (MSB), as required by the BSA, thereby evading regulatory scrutiny.
|
Kumbhani charged with “conspiracy to commit wire fraud, wire fraud, conspiracy to commit commodity price manipulation, operation of an unlicensed money transmitting business, and conspiracy to commit international money laundering,” according to a DOJ press release. “If convicted of all counts, he faces a maximum total penalty of 70 years in prison.”
|
|
Feb. 24, 2022,
and Mar. 9, 2022
|
February: Arthur Hayes and Benjamain Delo, two of three co-founders of BitMEX (digital currency exchange)
March: Samuel Reed, BitMEX’s third co-founder.
|
Hayes, Delo, and Reed all pled guilty to violating the BSA for failing to establish, implement and maintain an AML program (including a know your customer program). Further, according to the SDNY, BitMEX purported to withdraw from the U.S. market in 2015 but in effect did not because the purported controls BitMEX implemented to prevent U.S. trading were ineffective.
|
Separate plea agreements for Hayes, Delo, and Reed required each to make a payment of $10 million in criminal fines.
|
|
Nov. 8, 2021
|
Chatex (Russia-based digital currency exchange)
|
OFAC found that Chatex and its associated support network facilitated transactions for ransomware actors. According to OFAC, the support network included three companies: IZIBITS OU, Chatextech SIA, and Hightrade Finance Ltd. OFAC designated Chatex, IZIBITS OU, Chatextech SIA, and Hightrade Finance Ltd.
“Unprincipled virtual currency exchanges like Chatex are critical to the profitability of ransomware activities,” OFAC wrote. “Treasury will continue to use all available authorities to disrupt malicious cyber actors.”
|
OFAC added the four entities—Chatex, IZIBITS OU, Chatextech SIA, and Hightrade Finance Ltd—to the SDN List.
|
|
Sept. 21, 2021
|
SUEX OTC, S.R.O. (Russia-based digital currency exchange)
|
OFAC sanctioned SUEX for “providing material support to the threat posed by criminal ransomware actors.” It found that 40 percent of known SUEX transactions were associated with illicit actors.
|
OFAC placed SUEX on the SDN List.
|
|
Aug. 10, 2021
|
BitMEX (convertible virtual currency derivatives exchange)
|
FinCEN found that BitMex, which operated as an unregistered futures commission merchant and provided money transmission services, violated the BSA and FinCEN’s implementing regulations by willfully failing to comply with the BSA for over six years.
|
FinCEN assessed a $100 million civil money penalty against BitMEX.
|
|
Feb. 18, 2021
|
BitPay, Inc. (U.S.-based payment processing solution for merchants to accept digital currency)
|
OFAC found potential liability for over two thousand apparent violations of multiple sanctions programs. BitPay allegedly facilitated digital currency transactions between merchants based in the U.S. (and elsewhere) and persons in the Crimea region of Ukraine, Cuba, North Korea, Iran, Sudan, and Syria.
|
BitPay agreed to remit $507,375 to settle its potential civil liability.
|
|
Dec. 30, 2020
|
BitGo, Inc. (U.S.-based company that offers wallet management services and implements security and scalability platforms for digital assets)
|
OFAC found nearly two hundred apparent violations of multiple sanctions programs because BitGo’s wallet management service was allegedly used by IP addresses in sanctioned jurisdictions: the Crimea region of Ukraine, Cuba, Iran, Sudan, and Syria.
|
BitGo agreed to remit $98,830 to settle its potential civil liability.
|
|
Oct. 19, 2020, and Aug. 18, 2021
|
Larry Dean Harmon, founder and primary operator of Helix (convertible virtual currency mixer)
|
In Oct. 2020, FinCEN found that Helix violated the BSA and its implementing regulations because it did not register as an MSB, implement an effective AML program, or report suspicious activities.
In Aug. 2021, Harmon pled guilty to a money laundering conspiracy arising from his operation of Helix, which allegedly partnered with several Darknet markets to provide bitcoin money laundering services; Helix moved over $300 million in bitcoin, with a significant portion of this business coming from Darknet markets. According to the DOJ, the laundered bitcoin allegedly included profits from illegal activity, including drug trafficking.
|
FinCEN assessed a $60 million civil money penalty against Harmon.
|
|
April 18, 2019
|
Eric Powers, operator of a “peer-to-peer” digital currency exchange
|
FinCEN found that Powers violated the BSA when he did not register his exchange as an MSB, report suspicious transactions, or have any written BSA/AML compliance policies.
|
Powers cooperated with FinCEN efforts and was given a $35,000 fine as well as an industry bar prohibiting him from engaging in any other activity that would make him an MSB.
|
|
May 5, 2015
|
Ripple Labs Inc. (virtual currency exchanger)
|
FinCEN found that Ripple Labs willfully violated the BSA by acting as an MSB and selling virtual currency without registering with FinCEN, and failing to implement and maintain an adequate AML program.
|
FinCEN assessed a $700,000 civil money penalty against Ripple Labs.
|
