Since the Russian invasion of Ukraine on February 24, 2022, both sides have used blockchain technology to aid their efforts. Many campaigns have sought to take advantage of key developments in the crypto ecosystem to help raise funds – from decentralized finance (DeFi) to crypto pre-paid cards.
Using its internal proprietary data, Elliptic conducted an in-depth analysis of the use of cryptoassets on both sides of the war – from humanitarian causes to sanctioned groups suspected of war crimes.
In this excerpt from Elliptic’s new “Crypto in conflict” In the report, we will investigate some of the sanctioned oligarchs, entities and organizations that facilitated crypto donations to finance Russia’s war in Ukraine.
Russian Crypto Fundraising
We found that pro-Russian entities – including those raising funds for the Russian military and affiliated militias – had raised $4.8 million in crypto donations by the end of November 2022. Meanwhile, Elliptic identified around 50 military fundraising campaigns advertising crypto donation wallets – raising a total of 3.2 million dollars worth of cryptoassets.
Types of pro-Russian fundraisers by value of cryptoasset donations in USD
Harsh sanctions designed to isolate Russia from the international financial system have been continuously enforced since its invasion of Ukraine. The measures were also aimed at preventing Russia and its entities from using crypto-assets to evade sanctions or to fight those who support hostile activities aimed at Ukraine.
Many pro-Russian military fundraisers have actively promoted ways to avoid sanctions, and some offer reasonably detailed guides for enabling anonymous donations. Such strategies may still involve the use of compliant virtual asset services and therefore remain a cause for concern.
Tutorials on evading crypto sanctions published on a pro-Russian Telegram channel.
With a significant proportion of pro-Russian crypto-asset fundraising efforts attributed to illicit activities, virtual asset services require effective risk management and mitigation strategies to prevent inadvertent exposure to their transactions.
Below are some of the sanctioned actors, entities and organizations involved in financing the Russian war in Ukraine.
Operational group Rusich
Task Force Rusich (aka DSHRG Rusich) – a paramilitary fighting group – traces its origins back to 2009. A far-right fighting group known for neo-Nazi symbolism on the battlefield, Rusich has been involved in military campaigns in Syria as well as Ukraine. He is associated with the Wagner Group and is believed to have been particularly involved in the failed offensive on Kharkiv since the February 2022 full-scale invasion.
Rusich has been sanctioned by the United States, the United Kingdom, the European Union and Canada. Its leaders – Alexey Yurevich Milchakov and Yan Igorevich Petrovsky – were also punished. He has raised over $200,000 in crypto donations.
The Rusich Working Group – which is active despite the sanctions – posts images of its activities on social media.
Project Terricon
In April 2022, a pro-separatist website called “The Terricon Project” appeared and began asking for crypto donations to purchase military equipment for separatist fighters. The project was prominently supported by Aleksandar Zhuchkovsky, a supporter of the sanctioned far-right movement of the Russian Empire (RIM). Žučkovski himself was sanctioned by the USA in June 2022.
The group raised $3,400 in crypto assets and also launched a non-fungible token (NFT) collection, which consists of the coats of arms of Ukrainian cities claimed by Russia. NFT marketplace OpenSea quickly deleted the collection before any of them could be sold. The Terricon website itself states that the failed project was inspired by UkraineDAO NFT’s successful fundraising.
Removed Terricon NFTs.
Conti
One ransomware group that strongly supported the Russian government after the invasion of Ukraine was Conti – a group known for its attacks on critical infrastructure, particularly healthcare services in Ireland and New Zealand. On February 25 – the day after the invasion began – Conti announced his support for the Russian government and threatened retaliation against any cyber attacks targeting Russia.
Days later, a pro-Ukraine anonymous Twitter account released over 60,000 leaked messages between Conti operatives, detailing the group’s structure, relations with Russian security services and behind-the-scenes operations. The leak was launched in opposition to the group’s support for Russia, and the author’s bio on Twitter simply read “f*ck ru gov”.
Conti’s announcement of support for Russia on February 25, 2022 (left) and Conti’s leaked account discussing his reasoning (right).
Elliptic analyzed the leaked messages and used its Holistic Screening capabilities to trace Conti’s ransom payments across a number of blockchains and cryptoassets.
Conti’s post-purchase money laundering operations were found to involve a significant amount of cross-transfers and exchanges, including through the sanctioned crypto exchange Garantex and cross-bridge “renBridge”. Elliptic previously identified that renBridge processed over $540 million in illegal cryptoassets.
Sanctioned separatists
Pro-Russian separatists have been using crypto token scams since the initial invasion of Crimea. A number of separatists in Donetsk – including the current “head” of the so-called “Donetsk People’s Republic” Denis Pushilin – are linked to Ponzi schemes such as MMM Global.
Senior DPR official Alexei Muratov – who has been sanctioned by the United States for reasons including but not limited to his involvement in fraud – has also been linked to Ponzi schemes E-Dinar, PRIZM and later Ouroboros. Muratov was also involved in OneCoin, a notorious scheme led by “Cryptoqueen” Ruja Ignatova.
Muratov puts PRIZM with a “DPR” flag on his desk (center) and a fake scammer tries to promote another scam cryptocurrency (top left).
How blockchain analytics can help reduce sanctions risk
From Bitcoin to NFTs, recent sanctions against Russian entities have affected a wide range of cryptoassets. These entities have not shied away from using regulated virtual asset services to receive or pay out funds in the past. These services must therefore ensure that they are well equipped to deal with the growing risk of sanctions arising from the Russia-Ukraine war.
Elliptic Nexus provides a suite of solutions for virtual asset services to do just that. Using Navigator and Lens, crypto transactions and wallets can be reviewed for risk of sanctions.
Meanwhile, Investigator uses law enforcement services and investigators with the ability to track blockchain activity involving sanctioned entities. All of our blockchain analytics tools are equipped with holistic screening – enabling the detection of sanctions risk across assets and blockchains.
Learn more about holistic screening here. You can also contact us to schedule a demo.
Compliance with EMEA sanctions