PM2BTC

đź”´ High Risk

PM2BTC, a Russian-based cryptocurrency exchange operated by Sergey Sergeevich Ivanov, has been critically identified as a major facilitator of money laundering and ransomware payments tied to Russian illicit finance. Nearly half of its transaction volume is connected to criminal activity, underscoring its central role in cybercrime financing and sanctions evasion schemes. The exchange employed sophisticated obfuscation and layering techniques to hide illicit transactions, facilitating the conversion of virtual currencies directly into Russian rubles through U.S.-sanctioned financial institutions. This undermines global efforts to combat ransomware proliferation and financial crime. U.S. authorities including FinCEN and OFAC have acted decisively, imposing sanctions and prohibiting U.S. financial interactions with PM2BTC to disrupt its operations and cut off access to the international financial system, highlighting the urgent need for enhanced regulatory oversight of crypto platforms involved in global illicit finance.

PM2BTC is a Russian-based cryptocurrency exchange controlled by Sergey Sergeevich Ivanov that operated since 2014 as a major conduit for laundering proceeds from ransomware attacks and other illicit cyber activities linked to Russian cybercriminal networks. It offered direct convertible virtual currency to ruble exchange services via U.S.-sanctioned financial institutions, aiding sanctions evasion and facilitating the monetization of funds stolen through ransomware and fraud schemes. FinCEN’s investigation exposed that nearly half of PM2BTC’s transactions were connected to illicit activity, with the exchange employing advanced obfuscation methods to mask the money trails, setting it apart as a significant facilitator in global ransomware finance. The U.S. Treasury and international enforcement agencies coordinated to freeze assets, shut down operations, and sanction involved individuals, marking a critical step in disrupting Russian crypto-enabled money laundering on a global scale.

Countries Involved

Primarily Russia, with significant global connections involving the United States, the Netherlands, and international regulatory cooperation. PM2BTC operates out of Russia but impacts global financial systems through illicit cryptocurrency laundering.

PM2BTC’s illicit activities were formally exposed and sanctioned in September 2024 by the U.S. Financial Crimes Enforcement Network (FinCEN) and related international law enforcement agencies.

Bitcoin (BTC), other Convertible Virtual Currencies (CVC)

Money laundering, sanctions evasion, ransomware payment facilitation, cybercrime financing.

Operated by Russian national Sergey Sergeevich Ivanov; associated with criminal ransomware groups such as Conti and Trickbot; cooperation involving U.S. Treasury, FinCEN, OFAC, Dutch authorities, and law enforcement.

N/A

PM2BTC facilitated direct CVC-to-Ruble conversions through U.S.-sanctioned financial institutions, circumventing sanctions. The exchange used sophisticated obfuscation techniques that severely hindered law enforcement’s ability to attribute transactions to illicit actors. These techniques included anonymization and transaction layering to disguise money trails. Nearly half of PM2BTC’s exchange volume was linked to illicit finance, including ransomware payments and cybercrime proceeds. This obfuscation mimics patterns used by other sanctioned exchanges and mixing services to prevent detection and accountability globally.

Estimates indicate PM2BTC handled over $1 billion in funds, with nearly 50% linked to illicit activity. The U.S. and international agencies seized approximately €7 million (~$7.8 million) in cryptocurrency assets as part of enforcement actions.

Transaction data revealed that PM2BTC’s exchange services were heavily used by Russian ransomware groups for laundering proceeds, enabling cybercriminals to convert illicit crypto assets into Russian rubles. It engaged in transactions exhibiting high levels of layering and obfuscation to mask the origin and destination of funds. PM2BTC’s transaction patterns showed a significantly higher proportion of links to illicit finance compared to 99% of other virtual asset service providers, highlighting its central role in global ransomware and cybercriminal finance networks.

In September 2024, FinCEN designated PM2BTC as a “primary money laundering concern” under the Combating Russian Money Laundering Act, prohibiting any covered U.S. financial institutions from transacting with PM2BTC. The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Sergey Ivanov and the PM2BTC platform. Coordinated actions with Dutch and other international law enforcement included shutting down related domains and seizing cryptocurrency assets worth €7 million. A reward of up to $10 million was offered for information leading to the arrest or conviction of key operators. These efforts are part of a broader operation targeting Russian-linked crypto laundering and cybercrime facilitation.

  1. U.S. Treasury official press release on sanctions and enforcement actions against PM2BTC

  2. The Hacker News report on U.S. sanctions of PM2BTC and Cryptex for facilitating laundering of cybercrime proceeds

  3. TRM Labs blog detailing coordinated Treasury actions against PM2BTC, including its role in ransomware payments

PM2BTC
Case Title / Operation Name:
PM2BTC Money Laundering Facilitation Case
Country(s) Involved:
Netherlands, Russia, United States
Platform / Exchange Used:
PM2BTC
Cryptocurrency Involved:

Bitcoin (BTC), other Convertible Virtual Currencies (CVC)

Volume Laundered (USD est.):
Over $1 billion with nearly 50% linked to illicit transactions
Wallet Addresses / TxIDs :
Multiple wallets involved; specific transaction hashes undisclosed due to obfuscation tactics
Method of Laundering:

Direct CVC-to-Ruble conversions, layering and obfuscation, sanctions evasion, conversion via U.S.-sanctioned banks

Source of Funds:

Ransomware payments, cybercrime proceeds, illicit Russian cybercrime networks

Associated Shell Companies:

N/A

PEPs or Individuals Involved:

Sergey Sergeevich Ivanov (Operator); No direct PEP involvement identified

Law Enforcement / Regulatory Action:
Sanctioned by U.S. FinCEN and OFAC, asset seizures worth €7 million, coordinated international law enforcement action
Year of Occurrence:
2024
Ongoing Case:
Ongoing
AML Network Risk Rating:
đź”´ High Risk
Quick Links:
Popular Pages:
Disclaimer & Legal:
Facebook-f Twitter Youtube Pinterest-p Instagram Tiktok
© 2025 AML Network. – All Rights Reserved.