Binance CEO Changpeng “CZ” Zhao said that earlier this year the world’s biggest crypto exchange deactivated accounts associated with Suex, designated as a money laundering vehicle by the Office of Assets Control (OFAC) on Tuesday.
The U.S. government blacklisted 25 blockchain addresses for bitcoin, ether and tether that the regulator said Russia-based Suex used for its operations.
“We de-platformed these accounts based on internal safeguards,” CZ said in a blog post on Wednesday. “Information regarding the addresses in the announcement, as well as other information from our internal investigation was shared with the appropriate authorities and we continue to collaborate with law enforcement to cast sunlight on those threat actors that seek to abuse our platforms, such as Suex.”
While some of the addresses listed by OFAC were last active in 2019 or 2020, some were used as recently as August. By press time, Binance had not responded to a request on when exactly the accounts were deactivated.
Earlier, crypto sleuthing firm Chainalysis said it helped OFAC to identify the Suex’s crypto wallets, adding that the OTC firm helped launder money coming from major scams, hacker groups and drug traffickers. Elliptic, another blockchain analytics firm, wrote in a blog post the addresses received about $934 million worth of crypto in total.
Particular pattern of use
Analysis of the 25 addresses listed by the OFAC shows all but two are exchange deposit addresses that had apparently been used by Suex to buy and sell crypto on behalf of its clients.
The addresses have a particular pattern of use: Identical amounts of crypto hit the addresses and leave immediately without accumulating or getting split. This most often indicates an address designated by an exchange for users to deposit money. Crypto flows from such wallets to the exchange’s hot wallets. The pattern can be seen, for example, on this BTC address, ETH address and USDT address.
Further research on the addresses indicated that most belong to two exchanges: Binance and Huobi. When contacted, Huobi declined to comment on whether the listed addresses belonged to it.
It’s also possible that Suex used other addresses, which OFAC has yet to identify, Elliptic co-founder Tom Robinson told CoinDesk over email.
According to Chainalysis, Suex processed almost $13 million of crypto from ransomware operators including Ryuk, Conti, Maze and others, over $24 million from scams, including Finiko, a major crypto Ponzi scheme that operated in Russia and Ukraine, more than $20 million from darknet markets, especially the Russia-based Hydra, and over $50 million from BTC-e, the now-defunct crypto exchange whose alleged operator, Alexander Vinnik, recently went to jail for money laundering in France.
The Finiko scam heavily relied on Suex’ services, said Scott Pounder, head of investigations at the blockchain analytics firm Crystal Blockchain.
“We noticed that most of the USDC fund flows, $11.5 million out of $14 million, came directly from the Finiko Ponzi Scheme, more than $9 million in bitcoin came from Finiko, as well as $2.7 million in ERC20 tether,” Pounder said. “Over $155 million of the overall flow of more than $930 million funds received by Suex OTC could be deemed as high risk,” he added.
Suex founder Egor Petukhovsky declined to comment by press time.
UPDATE (SEPT. 23, 12:13 UTC) Adds Huobi declined to comment in penultimate paragraph.
UPDATE (SEPT. 23, 12:45 UTC) Adds details from Chainalysis research, quote from Crystal Blockchain in last four paragraphs.