Suex

Suex is a Russian-operated over-the-counter cryptocurrency exchange registered in the Czech Republic that played a key role in laundering ransomware and darknet market proceeds. It facilitated converting illicit cryptocurrency into cash and physical assets with high-value, in-person transactions mainly in Russia. The U.S. Treasury sanctioned Suex in 2021 for its material support to cybercriminal ransomware actors, marking the first sanction ever against a digital currency exchange. With over 40% of its transaction history linked to illegal activity, Suex exemplifies the risks posed by underregulated nested exchanges in enabling pro-Russian crypto laundering networks.

Suex is a Russian-operated cryptocurrency exchange registered in the Czech Republic that has been sanctioned by the U.S. Treasury for laundering over $480 million in illicit cryptocurrency linked to ransomware, darknet markets, and scams. Operating mainly through physical offices in Russia, Suex functioned as a nested OTC broker, converting criminal proceeds into fiat and physical assets while obscuring transaction origins. The exchange is closely tied to Russian cybercrime networks, with over 40% of its transaction volume associated with illicit actors. The 2021 sanctions marked the first U.S. targeting of a digital currency exchange for its role in facilitating ransomware payments, signaling a significant escalation in regulatory efforts against crypto-enabled money laundering and pro-Russian financial crimes.

Countries Involved

The primary countries involved in this case are Russia, where Suex operates its branch offices, and the Czech Republic, where it is legally registered. However, no known physical presence exists in the Czech Republic. Suex’s operations extend beyond Russia into other locales in and around the Middle East. The United States is also involved indirectly, as U.S. regulatory bodies imposed sanctions on Suex and its activities due to criminal investigations involving ransomware and money laundering. Russia’s limited oversight on cryptocurrency and its toleration or indirect support for such platforms facilitate illicit money flows, making Suex a focal point in discussions of pro-Russian money laundering within the crypto space.

Date Discovered / Reported

Suex’s illicit activity began surfacing around its inception in 2018 as it was identified moving substantial amounts of cryptocurrency linked to illicit activities. It came under intense scrutiny culminating in the U.S. Treasury sanctioning the company in September 2021. Investigations by blockchain analytics firms like Chainalysis, as well as U.S. authorities, revealed suspicious and criminal flows of funds over several years from 2018 onwards, with continuous illicit transactions being reported up to at least 2025. This regulatory action represents a watershed moment in cryptocurrency enforcement related to Russian-based money laundering enterprises.

Cryptocurrency Involved

Bitcoin (BTC), Ethereum (ETH), Tether (USDT)

Type of Crime

The central crime involved is money laundering, specifically laundering proceeds from ransomware operations, cryptocurrency scams, darknet markets, and other cybercrime-related activities. Suex’s OTC cryptocurrency brokerage functioned as a conduit for converting illicit crypto assets into cash or physical assets such as property and luxury items, thus sanitizing illegal funds. There is evidence that Suex also facilitated ransomware attacks by accepting and laundering payments from notorious ransomware groups like Ryuk and Conti, further entrenching its role in enabling cybercriminal economies closely associated with Russia.

Entities Involved

Suex itself is a key entity, registered in the Czech Republic but operating chiefly in Russia. The company runs physical branches in Moscow and St. Petersburg. Other entities indirectly involved include ransomware groups (Ryuk, Conti, Maze), crypto scam operations such as the Russian and Ukrainian Finiko fraud, darknet markets notably Russia-based Hydra Market, and the BTC-e illicit exchange which was shut down but whose funds continued to funnel into Suex accounts. The involvement of cybercriminal networks and the overlap with Russian geopolitical and economic interests show a complex ecosystem surrounding Suex.

PEP Involvement

While direct naming of Politically Exposed Persons (PEPs) in connection to Suex is not extensively documented, the nexus of Suex’s laundering activities with Russian cybercriminal factions and their connections could imply indirect influence or benefit to Russian-aligned elites or officials. Moreover, the tolerance or facilitation by Russian authorities aligns with broader concerns over complicit PEPs enabling illicit financial flows through crypto. Thus, while no direct PEP names are publicly confirmed, pro-Russian institutional accommodation indicates latent PEP involvement or protection.

Laundering Techniques Used

Suex employed OTC brokerage services acting as nested services within large cryptocurrency exchanges, leveraging liquidity and trading pairs to convert illicit crypto into cash or other assets. The laundering techniques included:

Accepting direct crypto payments from compromised ransomware wallets.
Converting crypto to fiat currency at physical branch locations in Russia.
Layering funds through multiple cryptocurrency transactions across various tokens.
Facilitating rapid exchange between different cryptocurrencies to obscure trails.
Using conversion into physical assets like real estate, luxury vehicles, and yachts, thus enabling integration of dirty money into legitimate asset classes.
These methods allowed Suex to mask ownership and origin while profiting from illicit flows, creating a sophisticated laundering infrastructure supportive of Russian cybercrime ecosystems.

Estimated Value Laundered

Suex reportedly handled over $480 million worth of Bitcoin since 2018, with more than $160 million traced to ransomware groups, scams, and darknet markets alone. Additionally, over $50 million was received from BTC-e addresses that remained active post-shutdown, indicating continuous laundering activity. Including other cryptocurrencies like Ether and Tether likely increases the total estimated value of laundered assets beyond half a billion USD, highlighting Suex’s major role in facilitating large-scale money laundering in and through Russia’s crypto environment.

Transaction Analysis Summary

Blockchain analysis reveals Suex as a central hub for illicit cryptocurrency flows, exhibiting a high volume of deposits from ransomware operators (Ryuk, Conti), scam networks (Finiko), and darknet markets (Hydra). Suex’s nested service model operated by hosting addresses within larger exchanges maximized liquidity and obfuscated transaction origins. The transaction timeline shows persistent active laundering with patterns of inter-exchange transfers, layering, and cash out transactions at physical branch offices. The continuation of BTC-e related transactions years after BTC-e closure suggests active cooperation or mutual facilitation within the illicit crypto ecosystem surrounding Russia.

Regulatory/Enforcement Actions Taken

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Suex in September 2021, designating it on the Specially Designated Nationals and Blocked Persons (SDN) List, prohibiting U.S. persons from conducting business with Suex. This was a critical action aimed at disrupting key money laundering facilitators tied to ransomware and cybercrime. Chainalysis and other forensic firms provided investigative support. This sanction represents an escalation in targeting Russian-linked crypto laundering platforms and is part of broader U.S. government efforts to counter illicit financial activities benefiting Russian actors.

Links to Reports / Sources

Case Title / Operation Name:

Suex Cryptocurrency Exchange Money Laundering Case

Country(s) Involved:

Czech Republic (Czechia), Russia, United States

Platform / Exchange Used:

Suex OTC cryptocurrency exchange

Cryptocurrency Involved:

Bitcoin (BTC), Ethereum (ETH), Tether (USDT)

Volume Laundered (USD est.):

Over $480 million (Bitcoin) with $160 million linked to illicit sources

Wallet Addresses / TxIDs :

Deposit addresses hosted at large exchanges, BTC-e linked addresses

Method of Laundering:

OTC brokerage conversion, layering, multi-token exchange, physical cash conversion, asset purchases

Source of Funds:

Ransomware (Ryuk, Conti), darknet markets (Hydra), scams, BTC-e illicit exchange funds

Associated Shell Companies:

N/A

PEPs or Individuals Involved:

No direct PEPs named; implied Russian-aligned networks and institutional tolerance

Law Enforcement / Regulatory Action:

U.S. Treasury OFAC sanctions in Sept 2021; Suex added to SDN List; Binance delisting

Year of Occurrence:

2018–2021 (discovered and sanctioned in 2021)

Ongoing Case:

Ongoing

AML Network Risk Rating:

🔴 High Risk