Treasury’s OFAC has sanctioned the Russian developer of LockBit, who transferred crypto to various illicit services, including sanctioned Russian exchange Garantex, Chainalysis says.
Dmitry Khoroshev, a Russian developer of the ransomware program called LockBit which has been recently sanctioned by the Treasury’s Office of Foreign Assets Control (OFAC), frequently interacted with sanctioned Russian crypto services like Garantex and Bitzlato.
According to a blog post from Chainalysis, a blockchain intel firm, at least one Bitcoin address associated with Khoroshev (also known as LockBitSupp, LockBit, and putinkrab) received “several thousands of dollars” in crypto from a mixing service to his personal wallet.
As per the on-chain activity of the address, it received over 0.75 BTC worth around $36,000 at current prices, with the latest transaction recorded in September 2021. However, as noted by U.S. attorney Philip Sellinger for the District of New Jersey, Khoroshev “personally pocketed $100 million extorted from Lockbit’s victims.” The full list of crypto addresses associated with Khoroshev remains undisclosed.
Crypto.news reached out to Chainalysis and will update this article should we hear back.
The New York-headquartered firm says Khoroshev transferred funds to various illicit services, including OFAC-sanctioned services like Russian exchange Garantex, crypto mixer Sinbad, and Bitzlato, “in addition to bulletproof hosting services, malware, fraud shops, and underground exchanges without KYC protocols.”
According to U.S. authorities, Khoroshev allegedly acted as the LockBit ransomware group’s developer and administrator from its inception in or around September 2019 through May this year, emphasizing that the group attacked over 2,500 victims in at least 120 countries, including 1,800 victims in the U.S.
The U.S. Department of Justice says Khoroshev and his co-conspirators “extracted at least $500 million in ransom payments from their victims and caused billions of dollars in broader losses, such as lost revenue, incident response, and recovery.”