Since Russia’s full-scale invasion of Ukraine on February 24, 2022, both sides have used blockchain technology to aid their efforts. Many campaigns have sought to take advantage of key developments in the crypto ecosystem to help raise funds – from decentralized finance (DeFi) to crypto pre-paid cards.
Using its internal proprietary data, Elliptic conducted an in-depth analysis of the use of cryptoassets on both sides of the conflict – from humanitarian causes to sanctioned groups suspected of war crimes.
In this excerpt from Elliptic’s new Crypto in Conflict report, we’ll examine how to use blockchain analytics to manage the potential sanctions risks posed by the attack on Ukraine.
Stay safe
To comply with sanctions like those globally imposed on Russia and ensure that they do not deal with sanctioned actors, cryptoasset exchanges and financial institutions can use blockchain analytics solutions like those developed by Elliptic. Blockchain analytics can be used to identify and manage potential sanctions risks involving Russia and Russian-related entities in four primary ways:
Wallet overview: to determine whether crypto wallets can be controlled by sanctioned actors to prevent customers from withdrawing funds to those wallets.
Transaction overview: to identify where the ultimate source or destination of a client’s transactions involves exposure to sanctioned parties.
Investigations: to conduct detailed analysis of fund flows while investigating potential cases of sanctions evasion and suspected violations.
VASP Due Diligence: identify potential exposure to sanctions risk through high-risk crypto service providers
Below, we describe how blockchain analytics can facilitate these areas of sanctions compliance.
Wallet verification
By reviewing crypto wallets before allowing customers to withdraw funds, crypto exchanges can identify whether the wallet is controlled by a Russian entity on the Office of Foreign Assets Control’s (OFAC) list of Specially Designated Nationals (SDN) or sanctions lists maintained by the EU. or other jurisdictions.
Wallet verification solutions such as Elliptic Lens enable exchanges to prevent withdrawals to banned wallets, ensuring they remain compliant with sanctions requirements.
The image below from Elliptic Lens shows a withdrawal attempt from a cryptoasset exchange to one of the Ethereum addresses on OFAC belonging to Danilo Potekhin. Elliptic Lens has flagged the wallet as high risk and assigned it a high risk rating, due to its association with a sanctioned individual.
In this case, the exchange has a clear indication that its client is attempting to send funds to an OFAC-sanctioned entity and may prohibit the withdrawal.
Screening of transactions
Crypto exchanges should also be vigilant about the ongoing risks of exposure to sanctioned Russian actors through their clients’ transactions. Transaction verification software like Elliptic Navigator can help crypto businesses and financial institutions identify potential exposure to sanctioned actors so they can take appropriate action.
The image below from Elliptic Navigator shows a deposit of 1,756 Ether tokens ($2 million) made to a crypto exchange. However, the transaction was flagged as high-risk because all funds sent to the exchange can ultimately be traced back to Danilo Potekhin, a Russian cybercriminal who was sanctioned by OFAC in September 2020.
Knowing that the ultimate source of funds is Potekhin, the stock exchange can take action to meet the relevant sanctions. In that case, the exchange may freeze the funds in the quarantined wallet and report the information to OFAC.
Elliptic’s wallet and transaction verification solutions also include holistic screening, which involves identifying the risks that funds may be exposed to sanctioned actors through services such as cross-chain bridges and decentralized exchanges (DEX).
Investigations
If your compliance team identifies red flags that may suggest you have exposure to sanctioned entities, you need to dig deeper.
You need to have an investigation strategy in place that allows you to look deeper into customer activity and scrutinize it.
A well-designed investigative strategy includes:
- ensuring that all relevant personnel are trained to conduct cryptoasset research;
- the existence of documented investigative procedures and record keeping policies;
- effective use of tools for network analysis and case management;
- having internal escalation processes to raise alerts where positive hits are identified; and
- clearly documenting investigation findings in final reports that can be shared with relevant regulatory bodies, law enforcement or other relevant stakeholders.
Elliptic Investigator software can equip you with blockchain analytics capability to dig deep into complex sanctions cases.
Elliptic Investigator shows transactions between sanctioned exchange Garantex, sanctioned paramilitary group Task Force Rusich and related payments to and from other Russian military fundraisers, malware and – most importantly – regulated virtual asset services.
Elliptic Investigator is able to visually display a breakdown of incoming or outgoing exposure within each node, as a useful risk indicator. It is also able to group a large number of intermediary wallets (in this case 33 of them) to facilitate accessible investigations.
VASP due diligence
Finally, it is critical that crypto exchanges and financial institutions understand the potential sanctions risks they may face from VASP partners.
For example, clients of a financial institution may attempt to purchase cryptoassets on exchanges located in Russia or located outside of Russia but serving the Russian market by offering to exchange bitcoins for rubles. After the Russian invasion of Ukraine, Elliptic identified more than 400 VASPs with a Russian nexus, many of which allow users to create accounts anonymously.
Elliptic Discovery displays company information for the approved exchange Garantex.
Information about these VASPs linked to Russia is found in Elliptic Discovery, our dataset that contains profiles of thousands of VASPs. Using Elliptic Discovery, crypto exchanges and financial institutions can obtain information about VASP including:
- Known countries of registration.
- Regulatory status.
- Fiat currencies offered by VASP.
- Does VASP offer privacy coin trading.
- Blockchain analytics data indicating VASP’s exposure to sanctioned, illegal and high-risk entities, such as mixers.
This information allows crypto exchanges and financial institutions to identify potential exposures to VASPs that pose sanctions risks so they can take steps to appropriately address those risks.
Elliptic Discovery shows monthly suspicious activity volumes for an anonymous spot swaps exchange that accepts rubles.
Download Crypto in Conflict
Compliance with EMEA sanctions