Cryptex 

🔴 High Risk

Cryptex, a crypto exchange registered in Saint Vincent and the Grenadines but predominantly operating within Russia, is at the center of a major international money laundering scandal linked to cybercrime. Sanctioned by the U.S. Treasury’s Office of Foreign Assets Control (OFAC) in 2024, Cryptex has been implicated in laundering over $51 million from ransomware attacks and processing hundreds of millions in transactions tied to cybercriminal enterprises. The platform, along with associated payment processors like CryptexPay, uses sophisticated methods to anonymize and mix cryptocurrency transactions, enabling criminals to obscure the origins of illicit funds. Cryptex’s role in facilitating Russian cybercriminal networks, including ransomware groups and darknet marketplaces, highlights the challenges that law enforcement faces in combating crypto-enabled financial crime. The involvement of Sergey Sergeevich Ivanov, a key figure in Russian cybercrime, further underscores the exchange’s deep entanglement in illegal activities. International enforcement actions and sanctions against Cryptex reflect a growing global effort to disrupt the financial infrastructure supporting cybercrime and to bring perpetrators to justice.

Cryptex is a Russia-based crypto exchange operating globally, notorious for laundering billions of dollars in illicit funds tied to ransomware and darknet market activities. Managed by Sergey Sergeevich Ivanov, Cryptex and its associated payment processors employ sophisticated techniques to anonymize and mix transactions, enabling cybercriminals to convert ransomware payments and fraud proceeds into seemingly legitimate assets. The platform’s operational registration in Saint Vincent and the Grenadines complicates enforcement, but coordinated international sanctions, asset seizures, and indictments have been launched to dismantle this key facilitator of Russian and global cybercrime finance. Cryptex represents a significant challenge in the ongoing fight against crypto-enabled money laundering and cybercrime on a global scale.

Countries Involved

Russia (primary operational base), Saint Vincent and the Grenadines (registration), with global transactional reach including Europe and the United States.

Discovered and publicly reported in 2024, with official sanctions and enforcement actions announced in September and October 2024.

Bitcoin (BTC), Ethereum (ETH), other major cryptocurrencies

Crypto money laundering linked to cybercrime activities such as ransomware operations, fraud shops, darknet market facilitation, and cybercriminal transaction processing.

Cryptex exchange platform, CryptexPay payment processor, PM2BTC exchange, UAPS payment processor, and Sergey Sergeevich Ivanov as a central operator. Connected to Russian ransomware groups including those linked to Garantex and others.

No direct evidence of Politically Exposed Persons (PEPs) involvement has been published; however, Ivanov’s extensive criminal network suggests high-level criminal enterprise influence.

Cryptex and CryptexPay employ advanced anonymization methods such as generating new wallet addresses for every transaction and mixing deposits to obfuscate fund trails. These techniques facilitate the laundering of illicit proceeds from ransomware and fraud shops by masking sources and destinations of funds within the darknet financial ecosystem.

Cryptex processed over $5.88 billion in transactions since 2018, including laundering over $51.2 million specifically linked to ransomware attacks and $720 million related to cybercriminal enterprises through its platform. UAPS funneled over $97 million to Cryptex alone in 2024, highlighting the scale of the illicit financial flows.

On-chain analysis reveals Cryptex as a critical intermediary in the cybercrime economy, facilitating payments for ransomware groups, fraud shops, and darknet marketplaces. Transactions show complex layering and mixing patterns designed to evade detection, involving frequent generation of new addresses and transfer through multiple intermediaries. The linkages between Cryptex, UAPS, and PM2BTC demonstrate a sophisticated network used to launder cybercrime proceeds, with international jurisdictional challenges due to its operational registration and global reach.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on Cryptex and Sergey Sergeevich Ivanov under Executive Orders 13694 and 14024 targeting Russian cybercrime facilitators. Concurrently, FinCEN designated associated platforms as primary money laundering concerns. Law enforcement agencies in the U.S. and Europe coordinated to seize domains, infrastructure, and assets, including €7 million seized by Dutch authorities. The U.S. State Department offered a $10 million reward for information leading to Ivanov’s arrest. These enforcement actions are part of Operation Endgame aimed at disrupting Russian cybercrime financial flows globally.

  1. Dutch authorities seized €7 million of cryptocurrency and took Cryptex servers offline for facilitating criminal money laundering flows connected to ransomware. Cooperation involved FIOD, NHCTU, and US Secret Service.

  2. Russian law enforcement arrested nearly 100 individuals linked to Cryptex and the UAPS payment system for laundering cybercriminal proceeds, with activities worth over $1.2 billion in 2023.

  3. The U.S. Treasury’s OFAC sanctioned Cryptex and its operator Sergey Ivanov for laundering ransomware and other cybercrime funds, listing multiple crypto addresses on the SDN list. FinCEN designated related platform PM2BTC as a primary money laundering concern.

Cryptex 
Case Title / Operation Name:
Cryptex Money Laundering Case
Country(s) Involved:
Russia, Saint Vincent and the Grenadines
Platform / Exchange Used:
Cryptex, CryptexPay, PM2BTC, UAPS
Cryptocurrency Involved:

Bitcoin (BTC), Ethereum (ETH), other major cryptocurrencies

Volume Laundered (USD est.):
Over $5.88 billion since 2018, incl. $51.2 million ransomware-related
Wallet Addresses / TxIDs :
Various anonymous, rotating wallet addresses used for mixing
Method of Laundering:

Wallet address rotation, transaction mixing, layering through darknet financial ecosystem

Source of Funds:

Ransomware payments, darknet market sales, fraud operations

Associated Shell Companies:

Not publicly detailed, but linked to offshore registrations including Saint Vincent and the Grenadines

PEPs or Individuals Involved:

Sergey Sergeevich Ivanov (operator), no direct PEP reported

Law Enforcement / Regulatory Action:
OFAC sanctions, asset seizures (€7 million seized), $10 million US reward for arrest, domain shutdowns
Year of Occurrence:
2024
Ongoing Case:
Ongoing
AML Network Risk Rating:
🔴 High Risk
Quick Links:
Popular Pages:
Disclaimer & Legal:
Facebook-f Twitter Youtube Pinterest-p Instagram Tiktok
© 2025 AML Network. – All Rights Reserved.