Ukrainian law enforcement officials arrested three people that were involved in laundering money for ransomware gangs. The police investigation was assisted by the cryptocurrency exchange Binance to identify the people responsible. The group was operating in Ukraine’s Poltava region since 2018. The group laundered money for ransomware groups and spread ransomware themselves. The arrests took place in June, but a joint press release describing the details of the arrest was just made public. This was the first arrest resulting from the work of the Bulletproof Exchanger Project, which is an internal investigation of criminal activity created by Binance. Bulletproof Exchanger was created to identify hubs of malicious activity within the cryptocurrency realm, track down the operators, and work with authorities to shut them down. Binance began researching these exchanges and building a database of various signals and data sets such as user data, DNS records, open-source intelligence feeds, law enforcement requests, and blockchain analytics. After the database was created, Binance turned to TRM Labs, a blockchain analysis firm, to help identify patterns in the transactions. After analyzing the data, TRM and Binance were able to identify clear indications that over $42 million USD worth of bitcoin that was associated with ransomware operations had been laundered by this group and notified the National Police of Ukraine, which opened its own investigation.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in