Tales from the Crypto How the Baltic states became the hub of money laundering.

Tales from the Crypto: How the Baltic states became the hub of money laundering

Martin Laine, Oliver Kund, Riin Aljas, Marta Vunš, Marta Tuul, Holger Roonemaa (Delfi Estonia) Šarūnas Černiauskas (Siena) Mariusz Sepioło (FRONTSTORY. PL) Illustration: Mart Nigola / Delfi Estonia 2023-10-04

International criminals have taken advantage of Estonia's weak cryptocurrency regulations to turn the small country into a base for financial crimes, laundering and defrauding more than 1 billion euros from victims. Now the same actors are relocating to other countries and repeating the same mistakes.

As of mid-2021, nearly 55% of all crypto service providers in the world were registered in Estonia.
Estonia's liberal crypto licensing regime allows such companies (whose owners and customers are often non-residents) to advertise themselves as EU-licensed financial services.
VSquare and partners analyzed nearly 300 crypto companies and found dozens of cases of large-scale fraud, money laundering, sanctions evasion, and illegal funding of criminal enterprises and paramilitary organizations.
VSquare and partners identified multiple cases where crypto companies' anti-money laundering (AML) officers and managers were clearly inadequate, unprepared for the job, and in dire financial situations. Taxi drivers, welders, and people living on social benefits were in charge of dozens of crypto companies.
As the Estonian state tightened regulations and began stripping licenses from companies, many of them moved to new European countries, such as Lithuania. This shows that fixing one country's system does not change much.

"Usually I just kept to myself," says Sergey Bezrodny, an unemployed plumber living in Tartu, Estonia. His public LinkedIn profile says he has nearly 20 years of experience in finance and banking, but Bezrodny was surprised to learn that and calls it a "mistake."

That said, Bezrodny is a former director of 24 international cryptocurrency companies.

"I don't really want to talk about it. There were enough problems in the past, some time ago," he says.

Banks have begun to close their accounts for fear of money laundering (fund cleaning), and their careers in the Estonia financial industry have been cut off and are currently unemployed.

"We had to open all accounts in Lithuania," explains unemployed piping work.

"I'm just sitting at home now."

The license system of the "virtual asset" established in 2017 was sold to the world as a pioneer and innovative Estonian state, but converted to a wild west by a shadow company active in the jurisdiction. A large amount of fraudulent funds will flow through the European Union (EU).

The word "approved by the EU" was a sales point for international scammers, and the scammers used the judicial jurisdiction to injected the illegal acts into illegal activities. As a result, in the past six years, Estonia has been operated by 1644 approved cryptocurrency companies, one in 800 Estonian residents.

40 % of them are associated with only three companies in Estonia. Two of them offered a "AML (ant i-money laundering) compliance person" to companies. VSQUARE and their partner Delfi (Estonia), SIENA (Lithuania), Fronstory. PL (Poland), Paper Trail Media, Der SpieGel, ZDF (Germany), Der Standard (Austria) are hired by these crypto companies. Many of the "experts" have proved that they have no career as a money laundering compliance and are financially difficult to get paid.

We have identified a taxi driver with a large amount of debt, a welding worker that has been banned from any business activities, a person living in a house with subsidies, and a piping work that is unemployed, and they have a total of 60 crypto companies. He was responsible for a formal director or an AML officer.

Examination of hundreds of approved companies found a connection with the Russian intelligence agency, a huge amount of money laundering, dozens of international fraud cases, and a serious deterioration of transparency.

Our methodology: [Expand]

He asked the Estonia Economic Activities Register data on virtual service providers licensing in Estonia from 2017 to 2022. The data contains information about 1644 companies, license numbers, date, addresses, bank accounts, and those who applied for a license on behalf of the company. Next, this data was lighted on international partnerships and substantial owners, combined with the financial records of Estonian corporate registration and past records.

We then combined this data with a similar dataset from Lithuania and cross-referenced all companies with crowdsourced financial intelligence service Fintelegram to check for existing public warnings. After analyzing the data, we identified 291 of the 1, 644 companies and looked further at those that matched some of our specific criteria: they had not voluntarily given up their licenses, they had established relationships with crypto-licensed companies in Lithuania, they had connections with countries that were flagged for money laundering concerns, or they had been hit by Fintelegram.

Since the Estonian state began fixing its broken regulations, over 1500 crypto companies have lost their licenses, but that did not mean that the operators stopped operating. Many of them moved to other European jurisdictions, like Lithuania, which now hosts over 800 virtual asset companies.

AML office in public housing

According to Estonian crypto license applications obtained and analyzed by Data Reporter, eight crypto companies are associated with one address in Tallinn: Paagi st 10. The building is a social accommodation facility owned by the city government, for underprivileged people who cannot secure housing on their own and need assistance with daily living. The address in question is the residence of 65-year-old Estonian Igor Torshin.

In 2017, Torshin complained about troublesome drunk neighbors in his subsidized housing. By 2020, he was in charge of AML compliance for eight crypto companies from the room shown here. Source Rauno Volmar / Delfi Estonia

For example, until June 2022, Torshin was a member of the Management Committee and AML Officer of BITEEU DCX OÜ, a company that still has a valid crypto services license in Estonia. Biteeu is the European branch of Kazakh exchange Intebix, co-founded in 2019 by Kazakh businessman Talgat Dosanov and Shukrat Ibragimov, son of local oligarch Alijan Ibragimov.

FinTelegram, a website that regularly publishes investor warnings about cryptocurrency companies, named Steveyx, Venus Exchange Services and Paytechno as fraud facilitators that provide payment services to fraudsters. Toshin is in charge of AML procedures at all these companies.

When asked about his investor's warnings, Toshin said he had quit the payout when Interpol began asking questions, but also claims that these issues are confidential. He denies Nominnie's directors and hired officers, but claims to be a real ant i-money laundering expert. "They told me that they needed to study," The people who asked me, "he said.

Looking at the other licenses of the cryptographic companies in Estonia, you can see the pattern. Obviously financial difficulties and no experience in this field have been appointed as AML officers in dozens of international encryption companies. For example, the welding expert, Cyrillic Sucksen, has bankruptcy since September 2021 as an individual who has been banned. Saxen is related to 22 cipher companies, of which five of them work as an official AML expert. One of them, ReliabilityStability Income Oü, which operated a Russian exchange called RSI Capital, has been on the Black List of the Russian Central Bank since 2021, assuming suspected financial pyramids.

Since then, he has since quit working in the cryptocurrency AML.

"I'm going to weld something," said AML officers, a no n-sentence welding worker. "I like doing something manually," he explains.

Providing AML experts is a general service among Estonian company establishments, which attract Estonia a large number of international cryptographic investors. Approximately 668 crypto companies can go back to only three companies established. For example, Eesti Firma (translated as an "Estonian company") is a company related to 266 cipher companies and is related to Igor Torsin companies. The company's web pages include "effective payments and the implementation and integration of AML/KYC (Knowing Customers)" as official services.

The company's representative Ilya Nikiforov says there is no reason to doubt Torcin's abilities.

"But their abilities are checked by Estonia's FIU, and FIU has determined that they are complying with the requirements arising from law," he explained.

When Eesti Firma undertaken Garantex Europe Oü, questioned how the AML service was implemented.

Donations to Russian mercenaries and funds from drugs

"They smelled good," Russian mercenary Alexei Mirchakov explained in an infamous interview with Czar. tv. Mirchakov said he deeply enjoyed the smell of burning enemy corpses and loved collecting body parts from Ukrainians as trophies.

In his youth, he made headlines by decapitating a puppy.

He is the founder and central figure of the neo-Nazi private military group "Rusich" that has been fighting in Ukraine since Russia invaded the eastern region of Ukraine in 2014. Rusich, who was central to the creation of the Wagner PMC, is one of the most notorious military groups that have fought for Russia in Ukraine.

The Rusich Telegram channel applauded (but did not take responsibility for) the video of the beheading of a Ukrainian prisoner, explaining: "You'll be amazed at how such videos will gradually increase."

Although it is very difficult to donate to this kind of group through the traditional banking system due to strict money laundering regulations and SWIFT sanctions against Russia, Rusich's numerous crypto wallets show how this military group was able to raise hundreds of thousands of euros in donations through cryptocurrencies.

In April 2022, the US Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Garantex Europe OÜ, a cryptocurrency company with offices in the Moscow Federal Building and operating in Estonian jurisdiction. Prior to this, in November 2021, OFAC had already sanctioned another Estonian company linked to Chatex (Izibits OÜ, formerly run by the plumber Bezrodnoy), a Telegram-based crypto exchange also operating in the same Moscow high-rise. Both exchanges are linked to huge criminal proceeds.

With the help of OCCRP's investigative dashboard, we looked at nine Rusich cryptocurrency wallets used in the fundraising campaign. According to the Elliptic blockchain analysis tool, cryptocurrency wallets linked to Rusich have raised approximately 200, 000 euros in total. For example, Elliptic shows that approximately $8, 697. 26 was moved from Garantex to Rusich and $5, 122. 92 was moved from Rusich to Garantex. This means that whoever ran the Rusich donation campaign used Garantex (among other things) to circumvent Western sanctions regimes and the banking sector.

There is a wallet cluster that is interconnected by mixing the funds of Rusich and Garantex Europe, making it very difficult to track these funds. This is one of the eight Russich wallets we analyzed.

The flow to the RUSICH wallet is only a small part of the fraudulent funds leaked via the Garantex exchange. According to the materials provided to us by quoting the Global Ledger blockchain analysis tool by the International Investigation Journalist Federation (ICIJ), Garantex (handling illegal products, drugs and documents to enable money laundering services. Currently exchanged huge revenue with the abolished Russian dark net market).

HYDRA's wallet received about 2, 505 bitcoin sent from Garantex between April 2021 and April 2022, and was operated by Estonia. As a result, 966 bitcoin was sent to Garantex Europe wallet from Hydra wallet. According to the value of bitcoin in that time frame, it is equivalent to at least € 138. 6 million, associated with a crime market that sells drugs and provides money laundering services.

For example, Garantex is a North Korean cyber criminal group Lazarus Group, and Conti, a cyber criminal group connected to the Russian intelligence group, a cyber criminal who is connected to Conti. There is a connection with many wallets that are trading with "Mushroom". According to the United States, Garantex's unauthorized transactions with Conti are $ 6 million. The network also has a blac k-net market, a dark net market specializing in drugs in Russian, which has gained many former Hydra former customers.

Five months before Galantex was sanctioned in the United States, in December 2021, the company's "office" in Tallinn (actually provided by a law firm) was searched by the Estonia's Financial Instruments and Exchange Law (FIU). Ta. From the survey, FIU determined that Galantex had no identity of the customer in a 90 % case. The company did not submit a suspicious activity report to the FIU.

The Financial Services Agency broke Garantex EUROPE's license on February 24, 2022 (the day Russia started a ful l-fledged war against Ukraine), but the company's business continued. VSQUARE's partner, Delfi, has revealed that Estonia's prosecutor has begun a criminal investigation for Estonia's Garantex EUROPE and its management based on unauthorized economic activities. According to the sources of DOSSIER CENTER Russian survey journalists, Garantex is active during the Ukrainian War, and in the sanctions system, people can convert cash into cryptocurrency so that they can move abroad, the owner is Russia. It is said that there is also a connection with an intelligence agency.

The anonymous ruble problem

On June 26, Bloomberg reported that the shor t-term uprising of Evgeny Prigododzin and his private Wagner PMC in Russia had generated a major traffic in the cryptocurrency market, and blockchain moved Russian assets. It suggested that it is an important channel.

One of the Estonian cryptographic exchanges called Coinsbit also contributes to this phenomenon, and users can exchange Russian Louvre into bitcoin.

COINSBIT representatives explained in February 2023 and October 2022 in the company's official Telegram chat, "There is no limit on Russian citizens on our exchanges."

The company's website has mentioned Estonia's Itecosystem Oün, but the company has already lost its cryptographic license in July 2020. Coinsbit was jointly founded by Ukrainian IT businessmen Nikolai Woodian Sky. However, he claims that it sold Coinsbit shares in 2019, and the current owner is unknown.

According to Estonia's corporate registry, Itecosystem is officially established and owned by a Ukrainian named Yaroslav Yarovenko. The management of international companies, which boasts a huge sales, has become a great success story for Yarovenko, who was convicted of stealing women's shoes from Kiev's clothing store ZARA in 2014.

Former Ukrainian pocket money thieves, which operate international cipher companies, have no public connection with their business. At the same time, billions of dollar cryptocurrencies are traded via Coinsbit every month. VSQUARE could not track him because there were no public profiles or contacts by Yarovenko. CoinSbit did not answer the questions sent by vsquare by email.

There are also hundreds of warnings about scams related to Coinsbit's services on the Internet. According to Trustpilot, its trust score is 2. 2 out of 5 from 212 reviews.

Although the website still has references to an Estonian company that was its main operator at least until a few years ago, the official operating company of Coinsbit has now been moved to the Seychelles, and we are not closer to understanding who the owner of this multi-billion company is.

The creation of broken law

For decades, Estonia has built an international reputation with the brand "e-Estonia". The small country has a fast-growing information technology sector and is also a front-runner in several initiatives such as e-government and e-residency. Another success story that contributes to this story is that in 2017 it became the first country in the EU to establish a "licensing" regime for cryptocurrency companies.

But this regulation was a terrible failure.

"This is a classic example of bad law. It was never going to work," explains a former government official involved in the creation of the Virtual Asset Licensing Act.

After the law was adopted, only four companies had obtained virtual asset licenses in the country by the end of 2017. However, things changed drastically the following year, when company formation agencies made Estonian crypto licenses their business model and started attracting non-residents en masse.

Send us your tips

Have you been a victim of crypto scams or have information that can help us investigate this issue? We would appreciate it if you could cooperate with us and share any relevant information. We guarantee confidentiality, but when you contact us, please also provide your contact details. This will enable us to ask you further questions. You can contact us at [email protected] or [email protected].

A company formation agency called E-Advisors provides services to 69 crypto companies in Estonia. Its owner, Estonian lawyer Richard Wittisman, explains how the licensing regime has become a profitable business: "Apparently the country didn't quite understand what this meant, but it saw an opportunity for us. "There were a lot of entrepreneurs out there who needed to demonstrate that they had a marketing license for what they were doing. Our clients wanted an opportunity for a country to take a stand about the legitimacy of their business."

When asked if his company had a customer who intended to deceive customers from the beginning, the wheelman replied: "It's very difficult to say that it wasn't, probably."

The Financial Instruments and Exchange Act has few options to refuse license. As a result, the application was rejected, and when the applicant was appealed in a trial, the Kim was lost many times.

"In the spring of 2018, I received a call from the Ministry of Commerce. I was told that it was a miserable situation that I was sued every time I issued a license," explained. "I told them that they should have more resources and not all licenses."

As the situation worsened, FIU often received fraudulent complaints from international partners, but their hands were tied.

Cryptocurrency has begun using Estonia's license to inject trust into their activities. The license number quoted here is genuine, but the "certificate" sent from the website of a Chinese company's establishment agency is completely made up, and the reason is unknown, but a hammer and a sickle mark has been added.

"At some point, I realized that Estonians could not do anything. Most of these companies were paper companies that had nothing to do with the local economy. Altur Kuchumovski, a Polish lawyer who specializes in registering company in Estonia, without hiring it without hiring.

According to Estonia's financial information agencies (FIU), nearly 2021, nearly 55 % of the world's all cryptocurrency service providers were registered in Estonia.

Since then, Estonia has begun a larg e-scale reform to wipe out the system. At the time of this writing, only 78 companies are now approved, as most companies have not agreed (or could not follow) new regulations.

Matis Mäeker, head of Estonia's FIU, indicated that the US sanctions have helped this kind of company to provide funds to Russian mercenary groups and North Korea's nuclear development plan. Confirm that there is.

"But there is nothing that connects these companies with Estonia. However, the service provider created an address and found a proper name and AML representatives in the city in the city. Maeker doesn't even know which company's executive.

"At the time of money laundering (fund cleaning), our hands are tied up. In both criminal and coaches, they are not here. They are only here on documents.

Sanction evasion via P2P

Crypto exchanges have implemented s o-called individual transactions (P2P) to detour Russian sanctions.

For example, MEXC, an international encryption exchange, has a daily transaction revenue of about 500 million euros at the time of this paper, owns a branch in Estonia, and has a license for virtual assets in the country. I am.

MEXC also provides the Louvre by P2P method: remites money to a Russian personal bank account and receives cryptocurrency to MEXC wallet. MEXC cannot directly withdraw funds, but there is no restriction on transferring cryptocurrencies to exchanges that support US dollars and euro drawers using European and US banking systems.

MEXC has enabled Russians to deposit the ruble on an exchange via a personal bank account.

According to a spokeswoman õ Nne Mets of Estonia FIU, this activity of MEXC is known to national institutions and is currently judging the company's license. "This procedure has been going on for more than a year, and it will be resolved when all the related facts are revealed," said Mets.

MEXC ESTONIA OU's Ljudmila Budnikova Manager acknowledged that the company was waiting for Estonia's FIU to extend the license. She claims that the European branch of Estonia is a completely different company from MEXC Global.

"Simply put, MEXC Estonia Oü is a company operated as a franchise to provide services to European customers. This company can use the" MEXC "global brand name. It has nothing to do with the brand owner, "she claims.

Actors and fake profiles

The fact that the hands of the stakeholders were tied is not surprising for Nico S in the Netherlands (the full name in the editorial department). In January 2022, he stated to the Estonian police several times, as the "Estonia" cryptographic company, called Arbismart, did not return funds. The criminal procedure was not started. He was told that the Arbismart owner was not an Estonian, not a base in Estonia. Arbismart was not based in Estonia.

However, the public believed the exact opposite. Arbismart advertised itself as being “fully EU licensed and regulated” and “regulated by the Estonian Financial Intelligence Unit (FIU).” To boost its credibility, Arbismart published “articles” on numerous crypto blogs. The articles featured CEO Mike Myers, CTO Andras Steiner, and Head of Business Development Dennis Müller. According to their public LinkedIn pages, Meyers is from a small village called Risti in Estonia, Steiner is from a small town called Rakvere, and Müller is described in the blog as an IT graduate from Tallinn University.

A series of videos uploaded to YouTube showed alleged Arbismart employees standing in an office and praising the service. In reality, these were actors. According to one of the participants who spoke to VSquare, the videos were shot in 2019 at Moscow's design center ARTPlay. In the studio, two representatives of Arbismart in their 30s were in charge of all the work. One of them was called Eli, and spoke Russian with the actors and Hebrew with his business partner. They paid the actors in cash.

VSquare was unable to discover the true beneficiary of the operation. In the eyes of the Estonian state, Arbismart belongs to a 34-year-old Ukrainian, Dmytro Averyanov. Averyanov owes money for utilities and pays child support. During the alimony hearing, Averyanov's ex-wife explained that Averyanov is unemployed in the winter, but occasionally takes on work in the summer, roofing and siding apartment buildings.

To become an investor, one had to buy the so-called RBIS tokens that the company created, promising to buy back at a higher value in 2022. Niko invested one Bitcoin in 2019, which was worth 6, 000 euros at the time. "By December 2021, the theoretical value of my assets in RBIS tokens plus arbitrage profits was about 95, 000 euros," he explains. But soon, investors began to understand that there was no promised buyback program.

In the end, Arbismart repaid Niko 6, 000 euros in January 2022. But Arbismart kept holding the Bitcoin, by which point the coins were worth 40, 000 euros. Others were not so lucky. According to victims' chats on Telegram, numerous customers still have not received anything, and the amount lost ranges up to 50, 000 euros.

In February 2022, Arbismart introduced Telegram and Estonia's FIU introduced an "no n-forced new regulation", so Arbismart "regulatory authorities have more experience" and "Fintech companies are more welcomed by FinTech companies. He wrote that he is planning to relocate to Lithuania.

In September 2021, ARBISMART UAB was founded in Vilinus (initially changed to Arbismart in November 2021).

Migration to Lithuania: a full start over

Even after moving from Estonia to Lithuania, ARBISMART has been stating that it is a "safe, recognized Wallet and exchanges that produce interest in interest."

After relocating to Lithuania, Arbismart has revealed the existence of Pablo Havrylov, another Ukrainian owner with an address in Ukraine's front city, Nova Kahovka.

ARBISMART argues that it has an "active business license issued by Lithuania's FCIS (Financial Criminal Investigation Bureau)". FCIS has not issued a license or other "approval" to the encryption exchange, and VSQUARE told VSQUARE, Deputy Director Audrius Valeika of FCIS.

This is not the only part that is not accurate in the official statement of Irismart. The company claims that it is necessary to provide "appropriate capital". In fact, Lithuania and Estonia are trying to work on cryptographic companies by demanding the minimum equity capital to businesses. Lithuania requires at least 125, 000 euros. ARBISMART's stock capital is 2, 500 euros.

Arbismart's official facilities in Lithuania are limited to 12 square meters in the Soviet industrial park. Source Andrias Schwitra / Siena

VSQUARE called the two phone numbers in the Lithuanian registry to ask ARBISMART for comments. One was a response in recording. Another number seemed to be the agent who supported the establishment of Arbismart's Lithuania corporation. Lithuania's judicial authorities also confirmed that he had made a call to contact Irismart, and agreed to teach Pablo Havlirov's phone number. But the number was offline.

VSQUARE succeeded in finding Pablo Havrilov. The 3 4-yea r-old Ukrainian confirmed that his personal information was described in the Lithuanian company's documents, but he did not know about Arbismart and had no connection with the company in general.

what? Who am I? And Haburirov answered in a telephone interview.

This is not the first time that the ID was stolen. "When asked to the authorities, I was asked how I had a company that I was a director. I don't know anything."

If the Lithuanian authorities investigated Iris Mart, Haburirov, who was asked if he would testify, said he was now worried because he was enrolled in the Ukrainian army.

Albismart did not respond to the request for comments by email.

Migration to Lithuania: a familiar story

ARBISMART is only one of many examples that indicate that encrypted companies have been expelled from Estonia due to severe regulations implemented in 2022. VSQUARE has proved a clear connection with at least 68 encrypted companies in Lithuania with the same brand, company name, or Internet domain operated in Estonia. 39 Lithuania encrypted companies are connected to Estonian service providers and company establishment organizations.

For example, GOFAIZEN & AMP; SHERLE in Estonian law firms is related to 11 Crypto companies in Lithuania. GOFAIZEN & AMP; SHERLE also has a job advertisement for the AML/ MLRO (Ant i-Money Laundering/ Money Laundering Report), and is "a job that requires a minimum of 1 to 20 hours a month". And the best source of income. " There are no qualification requirements for job advertisements, and it is proposed as an opportunity for university students to earn pocket money. Egre Lucosiene, head of Lithuania's Ant i-Maneraux Ring Excellence Center, argues that this is not an explanation of the actual MLRO position.

"That's a ful l-time job. Lucosenne said to the VSQUARE interview," If transactions are made, we must monitor it. "

Siena's internship was a student at Vilinus University, reacting to Gofazen & Shell's job advertisements. She called the company, pretending to be a candidate, and asked if this job would need experience in that field. The answer was: "No".

VSQUARE sent GOFAIZEN & AMP; SHERLE an email for comments on the quality of the AML/MLRO person employed for Lithuanian clients. The company did not reply to e-mail and tried to contact Gofaizen & Shell with the Estonia and Lithuanian phone numbers, but all were all over the place.

A Lithuanian company called CAML claims to provide MLRO to 20% of Lithuania's crypto industry. In July, CAML had more than 20 employees, with an average salary of less than 800 euros before tax, below the Lithuanian minimum wage. The company's average salary varies widely, but rarely exceeds 1000 euros before tax.

In Lukosiene's view, these figures bear no resemblance to what real AML officers earn. "Inexperienced specialists earn up to 2, 600 euros before tax. Experienced ones earn more than 2, 600 euros," she claims.

Audrius Valejka, deputy director of Lithuania's FCIS, acknowledges that MLRO and AML competencies are falsified, similar to what happened in Estonia.

Another journalism student from Lithuania also called CAML, asking to be considered for an AML/MLRO position. A company representative confirmed that the position had virtually no requirements and asked him to submit his resume. The hourly rate was between 10 and 20 euros. The candidate was then rejected because the only position currently open required some experience.

CAML director Povilas Norkunas was also reached by phone for comment. He did not dispute that the company's AML/MLRO personnel are paid below the minimum wage on average.

"So what?"

When asked about the qualifications of AML/MLRO personnel and the fact that the company offers jobs to university students, Norkunas did not answer further questions and asked that they be sent by email.

The call for comments was held over the weekend. In a written response, Norkunas maintained that the company values "integrity, quality and value" and that all employees have at least two years of experience in the field. The CAML director did not directly answer questions about hiring university students for AML/MLRO positions.

“We have no control over the decisions employees take regarding their leisure time, their future, their careers and additional studies,” he said.

Migration to Lithuania: sanction evasion

In March 2022, a YouTuber uploaded a Russian-language tutorial titled “Bypassing Sanctions Without VPN.” In the video, the uploader instructs Russians how to circumvent payment sanctions via Payeer, a popular crypto exchange and payment processor in Russia. Numerous similar tutorials can be found on Russian forums and websites. At the time, Payeer operated in Estonia (Payeer OÜ) and boasted millions of customers, many of whom were based in Russia.

Payeer can deposit funds via a Russian bank and withdraw it in US dollars via ADVCASH and PerfectMoney.

Since its establishment in 2012, Payeer has been operated in various jurisdictions. By 2023, he lost his license in Estonia, r e-appeared in Lithuania as a Payeer UAB, and registered a company in Lithuania. The actual beneficiaries of this company are not clear because the owner information is different each time the business changes. In Russia, the first form, Payeer Rus LLC, was established by a woman Evgenia Kosolapova.

During his business in Georgia, Payeer was officially owned by Ukrainian Kostiantyn Buriachenko. The Czech spi n-off company of the Blackshire United LP, founded by the same Buriachenko, was owned by Dexberg Inc and Montbridge Inc, a notorious Marshall Islands, who hide the true beneficiary of a suspicious company. Mother Jones journalists have associated Scotland's Black Chair, a paper company network with Russian support for suspected political donations to Albania.

While Payeer was doing business in Estonia, a Russian named Liubov SVEZHENTSEVA was listed as a Payeer UBO. However, she was officially a Payeer's marketing director, and VSQUARE could not confirm her position as a founder / owner. According to Payeer's homepage, the service provider claims that it has a Vanuatsu financial license.

In Lithuania, Payeer is currently filing another Russian as a beneficiary. The address is in the Netherlands in Ekaterina Oregovna Gorchukova.

A mirage of funds

VSQUARE has found some cases using cryptocurrencies to claim that encrypted companies meet the minimum capital requirements (125, 000 euros). This method may be used as a method to avoid strict regulations implemented with the hope of purification of the market. For example, in January 2023, Payeer uploaded an official asset evaluation report created by an expert in Lithuania, and the amount of cryptocurrency owned by Ekaterina Olegovna Gorshkova is the minimum capital required by Lithuania. He argued that it was exactly the same as the amount of euro required to reach the money.

The document showed a specific crypto wallet with a unique ID. According to several publicly available wallet analysis tools, 125, 000 euros worth of cryptocurrency (USDC) was transferred from the wallet on January 17, 2023, and the wallet does not actually have the necessary assets to meet the requirements.

Lukošiene of the Center of Excellence in Anti-Money Laundering concludes that cryptocurrency is not a reliable asset in terms of share capital.

“The way you describe it does not guarantee that it will provide security to customers, users and the company itself, which is [why] share capital is needed in the first place: to provide security to customers, users and the company itself,” Lukošiene told VSquare.

Like Arbismart, the phone number that Payeer filed with the Lithuanian registrar was offline. The Lithuanian incorporation agent, who provided Payeer with the company registration and his address, claimed to have no contact with clients. He also said the company is obliged to move out of its premises within 12 months.

Payeer's official address in Vilnius. Source Andrias Švitla / Siena

Payeer did not respond to an emailed request for comment.

Connection to Sberbank leadership

Like Payeer, another international crypto company, MoneySwap OÜ, which operates virtual asset platform Mercuryo, has set up a new entity in Lithuania called MoneyAmber UAB.

Estonia's FIU (Financial Intelligence Unit) rejected MoneyAmber's license extension, citing a lack of transparency in the ownership structure and adverse information on the internet about the service provider. The FIU noted that investor alert website FinTelegram had noted that Mercuryo brokered numerous crypto scams and was popular among Russian clients.

The shares of both Mercuryo's Estonian and Lithuanian entities are managed through Cypriot company MRCR Holdings. One of the shareholders of this Cypriot company is Akshin Dzhangirov. In cooperation with Siena, a Lithuanian investigative journalism center, we found out that Dzhangirov is the younger brother of Dzhangir Dzhangirov, Group CRO of Sberbank, one of Russia's most important state-owned banks.

Akshin Dzhangirov has been a direct shareholder of MRCR Holdings since October 2020. He is the third largest shareholder after Moneybag, an offshore company based in the Cayman Islands, and Target Global, registered in Delaware, USA.

However, the data that DZHANGIROV is one of the beneficiaries of Lithuania's company was not provided to the national registration. The Lithuanian company Money Anber, managed by MRCR Holdings, lists only one beneficiary.

According to Mercuryo's senior law adviser Adam Barker in a document in Lithuania's partner organization, "Lithuania's entity is established a year and a half ago to expand (company) in Europe. He said that it was incorrect to move to Lithuania.

Regarding Axin Jangirov, Belker stated that he was "early investor in Mercury, the third largest investor after Mercury and target Global founder." "He is considered a small number of shareholders<25%) who does not exercise control over Mercuryo and is not operationally involved in Mercuryo’s business activities,” Berker added.

The Mercari representative claimed that the company is not in a position to comment on the investor.

He further argued that Merculio had no business relationship with Suberbank and had a clear attitude to oppose the advanced war in Ukraine.

The dashboard for Kyiv Independent and OCCRP has contributed to this article.

Initially, the article posted information that Axin Jangirov earned about 285, 600 euros from Suberbank in 2021. This information was deleted by new evidence.

"Estonia" encrypted companies, related to damages of 1 billion yen or more

In addition to the companies mentioned earlier, Estonia is responsible for claiming US sanctions, public billing, prosecution, media, and victims, and more than 1 billion euros. It accepts international cipher companies and misconduct. The following are the examples.

Hashcoins Oü

According to US prosecutors, Estonian Sergey Potapenko and Ivan Turongin have promised investors from the cryptocurrency mine. According to US prosecution, their bitcoin mining capabilities were only about 1 % of the victims. According to US prosecution, the two scams are $ 575 million, the largest in Estonia.

Futurocoin (Futurocoin Oün)

When the F1 driver Max Ferstappen won the 3rd place in the 2019 season as a representative of Red Bull, his lace jersey sleeves had the word "Futurocoin" as part of the sponsor contract. Futurocoin is a cryptocurrency sold on international exchanges, with 1 Futurocoin worth $ 17 in June 2018, but now $ 0. 000026. Out of the $ 451, 00 0-dollar equivalent to the maximum market capitalization, only $ 860 remains. Futurocoin is actually part of a large "mult i-media network" called Futurenet, a series of mult i-commercial laws from Poland. Polish founder Roman Z. was arrested in Italy and was accused of organizing a rat lecture from a Korean prosecutor. Later, he fled abroad and is now appointed by the European arrest warrant issued by the Polish court. The same is true for German business partners, Stefan, M., arrested in Albania in August 2023. Z. and M. have not yet been interrogated by Polish prosecutors, despite their investigative authorities since 2016. Futurocoin Oü has never submitted financial statements to Estonian corporate regulations. Both Z. and M. have stored considerable wealth. Roman Z. is a collector of luxury cars and owns eight real estate in Dubai. Stephen M is also rich. Previously, he lived in Dubai and ran a luxury car garage called The Space. Immediately before being arrested, he was supposed to buy a villa near Tilana. Formally, the company's CEO was Paulina Vochun.

CoinLoan Oün

According to the bankruptcy procedure in Estonia, the bankruptcy of COINLOAN's operating company coinloan Oü has now frozen the funds of an investor of 200 million euros. This is equivalent to more than 12, 000 investors. The company has only 133 million euros assets, of which about half of them are Coinloan's unique tokens. The company's founder is Alexander Farusin from Russia. Coinloan's development director is Mikhail Rozhko, a former local Russian politician in Petersburg and a former Russian propaganda organization of the immortal regiment.

CREX24 (CREX24 Oü)

Crex24 Oü, Russian capital, announced in 2020 that the company was hacked and that customers could not regain investment. Since then, the Internet has been filled with fraud warnings. The following year, the Estonian entity was liquidated. Estonia's Crex24 owner is Elizabeta Cazorina, and his husband, Dormitory Casoline, the founder of 1XBET online casinos, is nominated in Russia by financial fraud. According to the Russian Prosecutor's Office, 63 billion rubles (620 million euros) have been stolen by customers through a 1XBET casino. Kazolina lives in Cyprus and is unknown where she is.

CyFRONCAPITAL OUü

In July 2021, the Russian Public Prosecutor arrested Cyrillic Dronin, the frontman of the Finiko encryption mouse. According to media reports, fraud was about 90 million euros. At the same time, Dronin owned a company called CyFroncapital Oü in Estonia, and the company had a valid cryptographic license for about three years until July 2022. Sephlon is a developer of the Phinico Mobile app and is directly related to Finiko's activities. According to Chainalysis, Finiko's scheme has also been washed via GaranteX mentioned in the article.

CryptoVenience/Cryptanet (Oü)

The two shareholders are Switzerland's Oscar Anselm Schumukchi. He manages Russian assets through Durak Capital, which has an office in St. Petersburg and Moscow. "Schmucki dominated the network of a global shell company and had a close financial relationship with an individual who was charged with financial crime and a company that suspected the connection with Russian organizational crime and money laundering." The US Treasury explained when sanctions to both crypto companies. Until February 2021, Kriptonet had an Estonian cryptocurrency license.

RR Crypto (Roirising Crypto Oü)

According to French media and law firms representing victims, RR Crypto customers have lost up to 58 million euros when investing on the cryptographic platform disappeared. In the spring of 2022, the French police arrested four RR Crypto representatives for fraud. Vincent R., the founder of the arrested RR Crypto, also owns the largest shares of Roirising Cryptoosh, an Estonian company, whose virtual asset license was revoked in July 2021.

Coin Bank (Oü)

Eesti ekspress has written a article last year that Coinsbank Oü refused to refund the 2 million euros to the two customers. Prosecutors and court did not start criminal procedures. The investment platform share dozens of similar experiences on the Internet. Coinsbank was known for a luxurious meeting held on a cruise ship and had a relationship with Belarus and Ukraine individuals. According to VSQUARE, they have a close relationship with the infamous former American lawyer John McAfee, and he hung his head in prison before fraud and encrypted fraud charged. COINSBANK's contact email address is not functioning at the time of writing.

In 2022, Dagcoin's Estonian creator was arrested. According to the Estonia Central Criminal Police, they stealed at least 8 million euros from their customers. In 2019, the Estonia's Interior Agency pointed out that Dagcoin could be used to raise terrorism, as the Jordan Islamic extremists have publicly praised.

Vemarkets (Grau International Oü)

VEMARKETS was constantly changing the entrepreneur behind the scenes, but was operated through the Grau International Oün, which had a license in Estonia until 2020. According to the investor warning site Fintelegram, VEMARKETS, which is now transferred to Estonia, is operated through Montenegro's entrepreneurs by two fraudulients currently arrested, Uve Renhov (Gye Death in 2020) and Gal Barak. It was done. The Dutch Floris Wars was the official manager of Grau International. "My identity is abused and still suffering," he explained to VSQUARE. In the three months of 2018, WAALS and his brothers GAELE DE Graaf have opened six encryption companies in Estonia, all of which have been warned by government agencies or on the Internet. Many warnings have been published. WAALS claims that his identity has been abused, but he was nominated by an official AML expert in all three companies.

"Tales from The Crypto" is a series of articles in which hundreds of foreign entrepreneurs, how Estonia has become a global encryption center for scammers, criminals, and money laundering. 。 The project partners are Delfi (Estonia), Siena. lt (Lithuania), Frontstory. Pl, Paper Trail Media, Der SpieGel and ZDF (Germany), Der Standard (Austria). This series was produced with IJ4EU funding.

Holger Runema, Delfi ESTONIA's investigation desk, has widely investigated the theme of national security, including Russian spy activities, interference, and influence work in a wider area. He is also a member of the International Investigation Journalist Association (ICIJ). Estonia's National Media Association was elected the best journalist in 2020 and 2021.

How Illegal Betting and Related Money Laundering Flourished Despite ‘Crypto Winter’

"Winter of cryptography" (decreased asset value of cryptocurrency and decrease in transactions) hit blockchain speculators, but one cryptocurrency-related industry is immersed in the everlasting summer-illegal gambling.

In May 2021, ARF's comparable gambling and related financial crime Councils have a major threat to both illegal gambling and increasing cryptocurrencies, both legal gambling operations, horse racing and other sports. I warned.

Currently, the situation is worse than ever.

The resilience of cryptocurrency crime

Soon after ARF published this report, the cryptocurrency market had plummeted, and the World Economic Forum [1] estimated that it had wiped out the $ 2 trillion $ 2 trillion cryptocurrency assets in 2022 (although latter half of 2023). From early 2024, the price began to rise again.)

Among the most famous operators in cryptocurrency trading, like Sam Bankman Fried and Champen Zao, founder of the two major cryptocurrency exchanges (FTX and Binance), in fraud and money laundering. Some have been convicted or admitted. Also, some have just escaped from the law, such as Do Kwon, the CEO of the broken cryptocurrency token Terra Luna. [2]

But at the same time, multiple blockchain compliance and analytics companies have recorded a record high. [3]

TRM Labs has announced that the amount of cryptocurrencies related to crime is $ 20. 6 billion in 2022, but this is the revenue of no n-cryptocurrency native crimes washed by cryptocurrency (drug secrets, fraud, of course illegal. He pointed out that it is only a small part of the actual total because it does not contain a profit from a bet. < SPAN> Delfi Estonia's investigative desk, Holger Runema, has widely investigated national security, including Russian spy activities, interference, and influence work in a wider area. He is also a member of the International Investigation Journalist Association (ICIJ). Estonia's National Media Association was elected the best journalist in 2020 and 2021.

Currently, the situation is worse than ever.

Cryptocurrency in illegal betting markets

But at the same time, multiple blockchain compliance and analytics companies have recorded a record high. [3]

TRM Labs has announced that the amount of cryptocurrencies related to crime is $ 20. 6 billion in 2022, but this is the revenue of no n-cryptocurrency native crimes washed by cryptocurrency (drug secrets, fraud, of course illegal. He pointed out that it is only a small part of the actual total because it does not contain a profit from a bet. Holger Runema, Delfi ESTONIA's investigation desk, has widely investigated the theme of national security, including Russian spy activities, interference, and influence work in a wider area. He is also a member of the International Investigation Journalist Association (ICIJ). Estonia's National Media Association was elected the best journalist in 2020 and 2021.

Currently, the situation is worse than ever.

Soon after ARF published this report, the cryptocurrency market had plummeted, and the World Economic Forum [1] estimated that it had wiped out the $ 2 trillion dollar cryptocurrency assets in 2022 (although latter half of 2023). From early 2024, the price began to rise again.)

But at the same time, multiple blockchain compliance and analytics companies have recorded a record high. [3]

The scale of cryptocurrency-driven profits from other illegal activities is orders of magnitude larger, at least in the hundreds of billions. For example, Chinese blockchain analytics firm Bitrace tracked US$115 billion worth of cryptocurrency Tether to addresses linked to illegal gambling operations based in Southeast Asia, as highlighted by the ARF Council in its report How Organised Crime Operates Illegal Betting, Cyber Scams & Modern Slavery in Southeast Asia [4]. [4] Bitrace found that of this, approximately US$37 billion was illegal gambling profits, US$70 billion was money laundering, and US$460 million was fraud. [5]

In 2021, the ARF Council warned that cryptocurrencies are becoming increasingly popular because they are unregulated and decentralised, making them attractive to illegal betting operators and bettors, not only to fund their accounts but also to move profits across borders and pay hundreds of thousands of recruiters and customer support staff.

As we enter 2024, the use of cryptocurrencies (especially Tether) is increasingly becoming the norm in the illegal betting market.

According to an analysis by the ARF Council, a quarter of offshore licensed betting sites that place bets in non-licensed countries will accept cryptocurrencies in 2023,[6] including two of the world's most popular brands.

As shown in the table below, the number of such licensed but poorly regulated illegal betting sites accepting cryptocurrencies has increased by 26% since 2020 (the last time the ARF Council looked at this data). The table shows the top five cryptocurrencies by market capitalization and the number of betting sites that accept each cryptocurrency.

Notably, the number of websites that accept Tether, the cryptocurrency of choice for organized crime (see below), is now about four times as high.

Table 1 - Number of betting websites that accept the largest cryptocurrencies. Source: casinocity. com, coinmarketcap. com *Binance Coin and Solana were not covered in 2020 as they were not among the largest coins by market capitalization at the time.

Why Tether is ubiquitous in unlicensed illegal betting markets

The most popular cryptocurrency betting sites are licensed in Curacao, a jurisdiction that has been criticized for its lax regulatory oversight, but has positioned itself as crypto-friendly to capture this business (as other betting license havens such as Malta and the Isle of Man have done).

Some major brands have acquired licenses in more severe jurisdictions, and are not accepting cryptocurrencies on local websites, but this is the other URL that accepts cryptocurrencies. He criticizes it as a means to redirect.

Cryptocurrencies are often more popular on unauthorized illegal betting sites operated by organizational crime. These sites usually actively encourage payments not only by accepting deposits in cryptocurrency, but also by providing attractive bonuses and rebates.

The main reason is clear, because cryptocurrency is much more convenient for the transfer, processing and mixing of funds by illegal acts than in the Fiat (conventional) currency.

It should be noted that illegal betting sites that have not been approved are usually not given the options of cryptocurrency that can be deposited, and are allowed to deposit only the teth (USDT) described later.

Such websites generally have a wel l-developed video tutorial that explains how to open an account of the cryptocurrency exchange and how to deposit to the betting account. Unauthorized illegal betting operators usually provide 2-3%bonuses for deposits with tethers, not on a no n-monetary.

Case study: Zhao Dong

For illegal bookmakers, it is not necessary to explain to conventional banks and other authorities where the deposits of the unpleasant banknotes are transferred to their accounts, so their lives are quite easy. Will be. Cryptocurrency exchanges and blockchain, which are popular with illegal actors, do not ask any such questions.

From January 2021 to November 2023, according to the ARF Council analyzed the website traffic of 20 popular cryptocurrency betting businesses in the world, these sites are on these sites. , Average of 187 million per month from about 57 million.~It is not possible to measure in the same way because it is divided through the thousands of mirror website URLs, apps, and offline agencies vs. customer transactions.

Traffic to the approved cryptocurrency bookmakers is from the no t-approved bookmakers, such as the United States, Brazil, and India. < SPAN> Some major brands have also acquired licenses in more severe regulations, and are not accepting cryptocurrencies on local websites, but this is the other URLs that accept cryptocurrency. He criticizes it as a means to redirect customers.

The main reason is clear, because cryptocurrency is much more convenient for the transfer, processing and mixing of funds by illegal acts than in the Fiat (conventional) currency.

For illegal bookmakers, it is not necessary to explain to conventional banks and other authorities where the deposits of the failed banknotes are transferred to their accounts, so their lives are quite easy. Will be. Cryptocurrency exchanges and blockchain, which are popular with illegal actors, do not ask any such questions.

It is not possible to measure in the same way because it is divided through the thousands of mirror website URLs, apps, and offline agencies vs. customer transactions.

Traffic to the approved cryptocurrency bookmakers is from the no t-approved bookmakers, such as the United States, Brazil, and India. Some major brands have acquired licenses in more severe jurisdictions, and are not accepting cryptocurrencies on local websites, but this is the other URL that accepts cryptocurrencies. He criticizes it as a means to redirect.

The main reason is clear, because cryptocurrency is much more convenient for the transfer, processing and mixing of funds by illegal acts than in the Fiat (conventional) currency.

It should be noted that illegal betting sites that have not been approved are usually not given the choice of cryptocurrency that can be deposited, and are allowed to deposit only the teth (USDT) described later.

Case study – Singapore

Such websites generally have a wel l-developed video tutorial, which explains how to open an account of cryptocurrency exchanges and how to deposit to the betting account. Unauthorized illegal betting operators usually provide 2-3%bonuses for deposits with tethers, not on a no n-monetary.

It is not possible to measure in the same way because it is divided through the thousands of mirror website URLs, apps, and offline agencies vs. customer transactions.

Traffic to the approved cryptocurrency bookmakers is from the no t-approved bookmakers, such as the United States, Brazil, and India.

These include several ARF member states where these websites are not legal, including Hong Kong, Japan, China, South Korea, Malaysia and New Zealand. India in particular is a huge target market, with visitor numbers from India to these operators increasing by around 3000% between January 2021 and November 2023. Customers are overwhelmingly young, with 50% under the age of 34.

Website traffic analysis makes it clear that a large proportion (perhaps all) of the revenue of large licensed cryptocurrency bookmakers comes from customers in unlicensed jurisdictions; that is, illegal betting.

The purpose of accepting cryptocurrencies as betting payments is therefore hard to imagine other than as a means to enable customers to bet illegally.

Figure 2 - A typical Tether promotion by an unlicensed betting site targeting Chinese customers, offering a 3% rebate over other payment methods

Conclusion

Tether is a "stablecoin", a digital currency that seeks to be pegged to traditional currencies like the US dollar. Each Tether token is always worth 1 US dollar and is not supposed to fluctuate wildly like other cryptocurrencies.

This eliminates the volatility of the currency, making accounting easier for illegal betting operators. Other attractions include the fact that Tether is by far the most actively traded cryptocurrency token (twice as much as Bitcoin)[8] and has liquidity with billions of daily trading volumes across all major cryptocurrency exchanges, making it easy to move and exchange funds, and easy to cash out to fiat with minimal impact on price.

Elim Poon - Journalist, Creative Writer

Last modified: 27.08.2024

“Tales from the Crypto” investigated how Estonia and Lithuania became global hubs for cryptocurrency companies – creating the perfect. Cryptocurrency and online financial service companies are utilizing patchwork regulations in the Baltic states to commit illicit acts. Recognizing the gravity of the situation, the Baltic states have implemented stringent anti-money laundering regulations, signaling their.

Play

accepted