Crypto Regulation, Ransomware and OFAC’s Rise

The Treasury Department’s Office of Foreign Asset Control has quietly been very busy.

AccessTimeIconSep 28, 2021 at 3:53 p.m. UTC
Updated May 11, 2023 at 6:28 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

The U.S. government sanctioned a crypto exchange for the first time last week, escalating its fight against ransomware and proclaiming that crypto regulation will not be free of enforcement actions.

The other major storyline last week came from China, which once again announced it was taking on crypto activities, this time banning transactions and raising the possibility of criminal penalties. My colleague Muyao Shen explores this issue and what the broader lessons may be for the crypto regulation landscape.

You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

OFAC ramps up crypto regulation

The narrative

The Treasury Department’s Office of Foreign Asset Control (OFAC) is taking on the ransomware fight, sanctioning a crypto exchange for the first time.

Why it matters

OFAC’s role in the ransomware fight is interesting. It’s a sanctions enforcer, not a cyber watchdog. While it makes sense that the agency has a role in trying to mitigate the ransomware crisis, the fact it’s involved in the most public action against ransomware to date may actually reinforce one of the core ideas within the crypto sector: that intermediaries are points of failure.

Breaking it down

Last week, the OFAC blacklisted a crypto exchange for the first time on allegations it facilitated bitcoin transactions for ransomware actors. Suex, an exchange that claims to operate out of the Czech Republic but with offices in a handful of Russian cities, became the latest crypto entity to join the Specially Designated Nationals (SDN) list on Tuesday.

It’s the first formal action the U.S. government has taken in its fight against ransomware under the current administration, though Treasury has sanctioned people for facilitating cryptocurrency transactions on behalf of ransomware attackers in the past.

It’s also the first time a crypto exchange has landed in OFAC’s crosshairs.

Treasury officials did not respond to a set of questions about the action or the exchange.

“Treasury is announcing that we will now also be taking steps to obstruct and deter these criminals by going after their financial enablers,” Deputy Treasury Secretary Wally Adeyemo said in a press call previewing the action. “Today’s action is a signal of our intention to expose and disrupt the illicit infrastructure used in these attacks.”

Suex was a nested exchange, Adeyemo said, which blog posts from TRM Labs and Chainalysis described as an exchange that doesn’t operate its own custody service but uses a larger exchange to tap into its liquidity and market-making abilities.

In this case, Binance appears to be one of these larger exchanges. CEO Changpeng Zhao said Suex accounts were “de-platformed” based on analysis of the 25 crypto addresses included in last week’s action.

There are a number of details about this action that really stood out to me. First, while the TRM and Chainalysis blog posts identified a handful of Suex’s employees and described their operations, OFAC did not add any of these individuals to its SDN list.

In contrast, when OFAC sanctioned alleged North Korean hackers, alleged Chinese drug traffickers or alleged Iranian crypto transmitters, the enforcer named the specific individuals involved in the illicit activities.

That hasn’t stopped Suex founder Egor Petukhovsky from saying he’ll take on the U.S. government in court. He wrote on Facebook that none of his business entities engaged in illegal activity.

Still, regardless of whether Petukhovsky or the rest of the Suex team knew what transactions they were facilitating, the fact that reportedly around 40% of Suex’s transactions went to known addresses tied to malicious actors may be enough for the U.S. government.

It’s also interesting to me that OFAC swung what appears to be one of the first offensive blows against ransomware attackers. We’ve known for a while that actions against crypto exchanges were on the table – officials have been warning about this for months now – but I wasn’t able to find a comparable action by the Department of Homeland Security, for example.

Past precedent?

The closest I could find are rumors the U.S. government may have been involved in the REvil ransomware group going offline, but nothing definitive.

While I’m sure there’s activity that isn’t publicized, the lesson seems to be that financial intermediaries may be among the easiest targets for regulators tamping down on illicit behavior.

This is obvious to those of you who have spent any length of time in the crypto industry, but it’s worth re-examining this through the lens of OFAC’s action and ransomware attacks more broadly.

OFAC didn’t sanction the final recipients of these transactions (yet), just like it doesn’t seem to have sanctioned the final recipients in its first crypto action in 2018. The names on the SDN list belong to those charged with facilitating crypto transfers for ransomware attackers.

Of course, OFAC did sanction the individuals who received (or took) crypto in some of its other actions, including the aforementioned drug runners and hackers.

Griffith’s plea

Another major headline hit the wires yesterday after Virgil Griffith, the one-time Ethereum Foundation developer arrested in 2019 on one count of conspiracy to violate the International Economic Emergency Powers Act (IEEPA), pleaded guilty in an agreement that could see him face around five to seven years in prison, rather than the 20-year maximum sentence prosecutors mentioned in press releases.

Once again, this was an OFAC story: Griffith allegedly explained how to use cryptocurrencies to a North Korean audience and may have even attempted to transfer money between North Korea and another nation (which a member of the ACJR Telegram group says was rumored to be one gwei, i.e., a tiny fraction of one ETH).

Looking ahead, Adeyemo mentioned crypto mixers three times in the press call last week. No specific details were provided at the time, but there are ongoing cases against bitcoin mixing service providers, which may ultimately serve as precedents.

Not just another Chinese crypto ban

Guest essay by CoinDesk markets reporter Muyao Shen.

Rumors were circulating for weeks before the latest crypto trading ban in China finally arrived last Friday.

For a glass-half-full crypto investor in China, the good news is the message, co-signed by 10 agencies, did not indicate that the possession of crypto is illegal.

But that may also be the only positive takeaway from the ban.

The Sept. 24 notice was more than just another piece of “China FUD” because it addressed many crypto-related activities that were previously in the gray zone of regulation.

Multi-agency efforts

China’s determination to ban crypto trading activity is unparalleled this time: The notice was co-signed by 10 agencies including the three main bodies of China’s judicial system: the Supreme People’s Court (SPC), Supreme People’s Procuratorate (SPP) and Public Security Bureau (PSB).

Crypto trading activity involves “legal risks” and “any legal person, unincorporated organization or natural person” who is investing in virtual currency and related derivatives violates “public order and good customs,” according to the notice.

Not just bitcoin

For the first time, the ban made it clear that China forbids transactions from one crypto to another. Previously, China only banned banks and other financial institutions from offering services related to crypto transactions of fiat to crypto. The ban also first named cryptocurrencies outside bitcoin.

“Bitcoin, ether, tether and other virtual currencies have the main characteristics of being issued by non-monetary authorities, using encryption technology, distributed accounts or other similar technologies, and exist in digital forms,” the notice said. “They are not legal, and should not and cannot be circulated as currency on the market.”

Ether is the second-largest cryptocurrency by market capitalization, just behind bitcoin. Tether, the dollar-pegged stablecoin, is one of the most popular stablecoins among Chinese traders, who routinely use the stablecoin as an on-ramp to crypto markets because fiat-to-crypto trading was already banned.

It is worth noting that after months of rumors, Tether Ltd., the company behind the tether stablecoin, denied it holds any commercial paper or other debt or securities issued by Chinese property giant Evergrande Group, which is facing a deepening liquidity crisis.

With the latest ban, there is also new speculation that as the East Asian country injects capital into the market to save the troubled real estate developer, it has also elevated bans on crypto trading to curtail potential capital flights via crypto.

Offshore exchanges and other crypto platforms

The notice also warned those who live in China but work for off-shore crypto exchanges facilitating crypto-related trades are subject to legal prosecution, a clarification in one of the most significant parts of the gray area of crypto in China.

Since 2017′s ban on initial coin offerings (ICOs), many Chinese crypto exchanges, including Binance, Huobi and OKEx, moved out or claimed to have moved out of the country amid crackdowns, yet many have remained popular among Chinese users, who rely on virtual private networks (VPNs) to participate in crypto-related activities.

Within the latest crackdown, many crypto firms have already started taking action: Huobi, for example, has halted new customer registrations in China and will retire all its mainland Chinese users by Dec. 31, 2021.

“We believe that this latest announcement jointly issued by the People’s Bank of China and other Chinese regulatory authorities should be observed and their requirements should also be strictly implemented,” Du Jun, co-founder of Huobi Group, said in an email response to CoinDesk.

“Due to historical reasons, we do have a certain proportion of our user base in mainland China,” he added, acknowledging that Huobi’s decision to retire all users from China will “have a certain impact on the company’s revenue in the short term.”

Both Binance and OKEx, however, sent out similar responses, which denied their business operations in China, according to Chinese crypto media Blockchain News Daily and influencer Colin Wu on Twitter.

Biden’s rule

Changing of the guard

Key: (nom.) = nominee, (rum.) = rumored, (act.) = acting, (inc.) = incumbent (no replacement anticipated)

U.S. President Joe Biden has nominated Cornell University Law Professor Saule Omarova to be the next Comptroller of the Currency. And, as I noted last week, once again we have a nominee who is familiar with crypto, to the point where she’s written papers about the subject.


Beyond CoinDesk:

  • (Associated Press) Far-right nationalists are using crypto to fundraise, and squirrel these funds away from governments and legal judgments, the AP reports. I’m guessing this investigation has its origins in crypto’s use during the January insurrection attempt at the U.S. Capitol – crypto by extremists was a major talking point, and likely a solid jumping-off point for further investigations. This report is worth a look.
  • (The Washington Post) SEC Chair Gary Gensler spoke to the Washington Post last week about cryptocurrency issues, and the Post was kind enough to publish the full transcript. The most interesting line, to me, was when Gensler said, “I don’t think technologies long last outside of a social and public policy framework” in the context of bitcoin and fintech.
  • (Canadian Securities Administrators) A joint notice by the Canadian Securities Administrators and Investment Industry Regulatory Organization of Canada details how these regulators view marketing activities by crypto exchanges. Canadian regulators have learned a lot since QuadrigaCX, and preemptive action seems to be the new modus operandi.

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at or find me on Twitter @nikhileshde.

You can also join the group conversation on Telegram.

See ya’ll next week!


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Nikhilesh De

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.