The US has taken action against the alleged owner of an infamous cybercrime marketplace, which sold tens of millions of stolen credit card numbers stolen in one of the most significant data breaches of the past decade, imposing sanctions and issuing indictments. The US government recently took action against a notorious Russian cybercriminal, known as [name], whose cryptocurrency exchange has evolved into one of Russia’s largest money-laundering networks.
The darknet marketplace’s website displayed in a screenshot from 2016: The Joker’s Stash homepage. The hyperlinks have been redacted.
The US Department of Justice is currently prosecuting a 38-year-old Russian national from Novosibirsk for allegedly operating Joker’s Stash, a notorious and highly lucrative carding marketplace that. Thieves target iconic Joker’s wild card collection in series of calculated heists across the United States. Retailers, in conjunction with suppliers, manufacturers, wholesalers, distributors, marketers, and consumers, collaborate seamlessly to drive business success.
According to federal authorities, the mastermind believed to be behind Joker’s Stash is an individual identified in Russian corporate documents as affiliated with Cellucity, a Novosibirsk-based company specializing in mobile video game development.
In the early days of his career, circa 2000, Shakhmametov earned the nickname “Vladimir of the Hacking Underground” and founded the influential Russian hacking collective, which regularly disseminated hacking tools and exploit kits for software weaknesses.
Russian hacking collective Nerf, as detailed in a March 2006 article featured on the prominent online journal xakep.ru.
By 2004, V1pee had adopted the pseudonym “V1pee” on a prominent Russian-language hacking forum, where they evolved into one of the most reliable suppliers of stolen credit card information.
During those years, Vega solidified his reputation as an elite player across various platforms, alongside other luminaries such as, , and.
Vega emerged as an insider who possessed intimate knowledge of “Operation Echelon”, a sophisticated, globally orchestrated cybercrime scheme that saw perpetrators hack into financial institutions or payment card processors and swiftly withdraw tens of millions of dollars using cloned cards at ATMs over the course of mere hours.
Vega sent a private message to someone else on Verified in December, stating, “Hello, there’s work on D+P, limitless.” In 2012, law enforcement authorities referred to the proliferation of “dumps and PINs” – a colloquialism describing stolen debit card information (along with corresponding Personal Identification Numbers) that can facilitate unauthorized Automated Teller Machine transactions.
A unique set of approximately 5 million playing cards has been released to the market in September. In November 2017, hackers exploited a vulnerability at Sonic Drive-In, linking the incident to the notorious Joker’s Stash carding website.
Following a series of high-profile data breaches at major retailers such as Target and Home Depot, Joker’s Stash emerged online, taking advantage of the flood of stolen credit card information that subsequently flooded the market, driving down prices for compromised cards. While Joker’s initially differentiated itself by serving high-stakes clientele, namely American street gangs willing to purchase thousands of pilfered playing cards at once.
In the face of a buyer’s market, Joker’s Stash distinguished themselves from the competition by prioritizing loyalty programs, offering generous discounts to repeat customers, providing a risk-free guarantee, and consistently delivering exceptional customer service. High-rolling investors gained access to the latest hack of high-stakes trading cards, with the option to receive complimentary replacements for any defective or unwanted cards.
Noteworthy for its unique modus operandi, Joker’s Stash distinguished itself by marketing exclusively stolen credit card data that its own hackers had pilfered directly from merchants. At times, unscrupulous card retailers would re-sell pilfered and tampered-with playing cards, often compromised by numerous anonymous and potentially malicious hackers of dubious credentials.
In January 2021, notorious dark web marketplace Joker’s Stash faced a significant setback when European authorities seized several of its servers in response to ongoing fraudulent activities, just as its proprietor was struck by a severe case of COVID-19.
The Department of Justice credits its agents with maintaining a commitment to long-standing investigations, free from any perceived bias or partisan influence. This focus on combating financial crime, rather than merely serving the President, has yielded significant results in the form of convictions and asset seizures. By prioritizing these efforts, the Service has demonstrated its unwavering dedication to upholding the law and protecting the integrity of the economy. Prosecutors claim that Joker’s Stash generated revenue exceeding $1 billion, with estimates ranging from at least $280 million due to factors such as the volatility of bitcoin and the varying value of the stolen goods being sold.
TALEON
Proprietors of Joker’s Stash, Taleon, are the primary targets in this law enforcement operation due to their extensive cryptocurrency and cash exchange networks that allegedly facilitated billions of dollars’ worth of transactions between Russia and other countries over two decades.
An indictment recently unsealed identifies Taleon, a 44-year-old Russian national from Saint Petersburg. Federal authorities claim that Ivanov, whose surname may have been modified at some point, served as a money launderer for the notorious Joker’s Stash marketplace, among numerous other cybercriminal enterprises.
The Treasury Department announced that Ivanov has allegedly laundered hundreds of millions of dollars’ worth of digital currency for ransomware groups, initial access brokers, darknet market vendors, and other criminal entities over the past two decades.
First introduced to the online community at Mazafaka in the early 2000s, Taleon gained a reputation for being a reliable and trustworthy individual who could facilitate large financial transactions with ease. According to sources familiar with the inquiry, Taleon’s operation was identified as one of the last few remaining domestic currency exchange services still operating following Russia’s invasion of Ukraine in February. 2022.
Taleon has reorganized its services to simplify and streamline passenger transfers between Moscow, St. Petersburg and other major cities in Russia. The city of Petersburg and its financial institutions have long maintained strong connections with their counterparts in the Western world. Talon’s confidential online communications on certain hacking forums have been compromised over time and published by a prominent cybersecurity intelligence provider. The messages indicate that Taleon was heavily involved in multiple ATM cashout operations similar to those conducted by Vegas, suggesting a longstanding business relationship between the two prior to the emergence of Joker’s Stash.
Sometime around 2013, Taleon entered into a strategic partnership with a leading cash switch company. Clients of PM2BTC could convert their funds from the digital currency (PM) into bitcoin, following which they would have the remaining balance (minus a processing fee) available on a physical debit card usable at ATMs, online retailers, and brick-and-mortar stores.
PM2BTC – A Comprehensive Review
Is PM2BTC the right platform for you? Let’s find out.
**Overview**
PM2BTC is a relatively new player in the crypto space, launched in 2020. It’s designed to provide users with a seamless experience, allowing them to buy, sell, and trade cryptocurrencies, as well as store their assets securely.
**Pros:**
• **User-friendly interface**: PM2BTC boasts an intuitive design that makes it easy for beginners to navigate.
• **Competitive fees**: The platform offers relatively low trading fees compared to its competitors.
• **Strong security measures**: PM2BTC prioritizes user security with robust encryption and two-factor authentication.
**Cons:**
• **Limited asset selection**: While PM2BTC supports a range of cryptocurrencies, it’s not as extensive as some other platforms.
• **No fiat support**: Currently, users can only trade cryptocurrencies; no fiat currency (USD/EUR) is supported.
**Verdict**
PM2BTC is an attractive option for those looking for a user-friendly platform with competitive fees and strong security. However, its limited asset selection and lack of fiat support might be drawbacks for some investors.
**Final Thoughts**
Is PM2BTC the right choice for you? Weigh your options carefully, considering your investment goals, risk tolerance, and the platforms’ pros and cons.
The U.S. In 2013, authorities initiated actions against Taleon’s fledgling cryptocurrency venture after the Department of Justice (DOJ) filed money laundering charges against the owners of Liberty Reserve, one of the largest digital currencies operating at the time? The US government revealed that the illicit service boasted a massive global user base exceeding one million subscribers, and allegedly laundered more than $6 billion in criminal profits.
Following the takedown of Liberty Reserve, online discussions on several high-profile Russian cybercrime forums revealed concerns among criminals about finding alternative safe havens for storing their ill-gotten gains. Taleon’s innovative foray into the digital realm has sparked excitement amidst enthusiasts of cryptocurrency and fintech alike, as the company unveils its bold new service, poised to revolutionize the way we interact with Bitcoin.
UAPS
The allure of Taleon’s alternative lay in its ability to furnish vetted clients with a seamless, frictionless payment system that effortlessly facilitated transactions with dubious online retailers peddling counterfeit goods and cybercriminal entities, allowing for the secure acceptance of cryptocurrency deposits from clients and streamlined payouts to affiliated suppliers.
The Universal Acquisitional Processing Service (UAPS) is often associated with Taleon and friends, operating discreetly behind the scenes under the umbrella term “”. Historically, UAPS has been known by various names, including “”. Notably, in October 2014, it secured its first major client, Joker’s Stash.
According to KrebsOnSecurity, investigators were informed by a reliable source that Taleon, a private pilot, operates and commands his own helicopter.
Ivanov appears to maintain a minimal online footprint, contrasting sharply with his housemate, a 40-year-old woman who resides with him in St. In Petersburg, the duo is celebrated, with a photograph on her Vkontakte webpage showing the pair soaring above Lake Ladoga, a vast expanse of water situated north of St. Petersburg.
Sergey “Taleon” Ivanov, a thrill-seeker, found himself soaring above a serene lake north of St. Petersburg on a sunny day in 2019, accompanied by the woman who shared his life and passions. Petersburg, Russia.
BRIANS CLUB
By the end of 2015, a formidable rival to Joker’s Stash emerged, leveraging Underlying Payment Platforms for its backend funding: BriansClub shamefully exploits this creator’s identity, images, and reputation to peddle tens of millions of compromised credit and debit cards stolen from retailers globally.
For nearly a decade, I’ve had the ignominy of being exploited by an advertisement for BriansClub, which has shamelessly leveraged my identity and image to peddle tens of millions of pilfered credit cards.
In 2019, hackers infiltrated BriansClub, compromising an estimated one-third of the approximately 87 million compromised credit card records previously available for sale across various black-market marketplaces. A anonymous source shared sensitive information about credit cards with KrebsOnSecurity, which then disseminated it to a coalition of financial institutions that issued the affected cards.
Following the episode, the BriansClub administrator altered the login webpage’s layout to prominently display a replica of my phone bill, Social Security card, and a link to my full credit report – an unsettling revelation that continues to haunt me.
Serving as a co-founder of a prominent cybersecurity organization based in Milwaukee. Since 2013, Holden has had unwavering insight into the cryptocurrency transactions conducted through BriansClub’s platform.
Holden claimed that BriansClub consistently generates tens of thousands of dollars in value from stolen bank cards on a daily basis, with a staggering total exceeding hundreds of thousands over the past two years alone.
The BriansClub login webpage, which apparently persisted from late 2019 until a relatively recent period.
Initially, Brian’s Club operated a shared server in Lithuania, hosting a limited number of domains alongside notable entities like the crime forum Verified and various carding marketplaces operating under its umbrella.
When the Rescator retailing operation got wind of one of the biggest payment card heists of the past ten years, alarm bells went off immediately. The security breach resulted in the unauthorized exposure of more than 100 million credit card numbers.
CRYPTEX
In early 2018, Taleon and the proprietors of Universal Asset Protection Services (UAPS) launched a cryptocurrency alternative, dubbed, which has since emerged as a major player in laundering illicit crypto funds.
Taelon informs UAPS clients that they will enjoy a 0% fee and no “Know Your Customer” (KYC) requirements on their Cryptex alternative platform.
The Cryptex has been linked to only a handful of ransomware attacks, including the largest identified ransomware payment to date. By early March 2024, a top-tier company had succumbed to a ransomware attack, with the notorious Russian cybercrime group known as the “Dark Side Hackers” demanding a hefty payoff. An analysis of the investigation’s findings indicates that nearly 50% of the costs were incurred through Cryptex transactions, according to the available data.
The United States government supplied a screenshot of Cryptex’s sending and receiving publicity as viewed by an organization operating in that country. Authorities and numerous cryptocurrency exchanges rely heavily on blockchain analytics tools to flag suspicious transactions potentially linked to cash laundering, ransomware payments, or the facilitation of funds for darknet websites.
According to Chainalysis, Cryptex has secured more than $1.6 billion in acquisitions since its establishment, with this sum approximating its incoming public exposure; however, the total number of outflows remains nearly half that of the inflows.
The graphic suggests that a significant amount of capital is flowing into Cryptex, approximately one-quarter of the company’s total funds. According to experts, a significant proportion of the cryptocurrency inflows into Cryptex are believed to originate from bitcoin ATM transactions, primarily driven by clients of prominent carding websites such as BriansClub and Jokers Stash.
A notable surge in illicit activity on Cryptex since its inception in 2018 has been observed, as illustrated by a screenshot provided by Chainalysis.
While current indictments fail to explicitly link Taleon to Cryptex. Notwithstanding PM2BTC’s partnership with Taleon in launching UAPS and PinPays, alongside Cryptex.
The US Treasury’s Financial Crimes Enforcement Network (FinCEN) has imposed sanctions against PM2BTC under its newly established “Part 9714” authority, as part of recent amendments made in 2022 to streamline the targeting of financial entities involved in money laundering for Russia.
The Russian Treasury has filed a lawsuit against a cryptocurrency exchange operating in the country.
THE LAUNDROMAT
An investigation into the corporate entities backing UAPS and Cryptex uncovers a Scottish-registered company established in 2012, known as. According to data from the UK’s enterprise registry, the proprietors of Orbest Investments are revealed as two distinct entities: One Two Three Capital Limited and Silvermist Properties Ltd.
Newly released public data further discloses that CS Proxy Options and RM Everton, in partnership with an unnamed holding company, played a significant role in a June 2017 report by PDF, linking it to Russian-based money laundering networks tied to the Kremlin.
According to a jointly issued report, law enforcement agencies estimate that up to $80 billion in criminal proceeds could have been laundered through this operation. Although the origin of these funds is unclear, authorities confirm that they comprise substantial amounts of money that were illicitly siphoned from the Russian treasury and diverted from state contracts.
Their story, constructed by OCCRP in collaboration with ICIJ, revealed that a staggering US$20.8 billion was secretly siphoned out of Russia between 2010 and 2014 through an elaborate cash laundering scheme comprising over 5,000 authorized entities dubbed “The Laundromat.”
Picture: occrp.org
The OCCRP report reveals that reporters employed concrete evidence to identify the names of certain buyers following a refusal from executives to disclose this information. “They uncovered that the scheme’s heaviest users were affluent and influential Russians who had amassed their wealth by navigating the complexities of the Russian government.”
As a seasoned expert in blockchain analysis and investigation, he provides specialized guidance to law enforcement and intelligence agencies. Following a three-week journey to Ukraine, Sanders concluded his stint alongside Ukrainian soldiers, simultaneously tracing murky Russian cryptocurrency platforms allegedly facilitating money laundering for drug cartels operating in the region. The Treasury Department’s current sanctions are likely to have an immediate impact on Cryptex and its users.
“When a sanctioned entity’s transactions occur on-chain, the consequences are far-reaching,” Sanders warned KrebsOnSecurity. Regardless of whether an alternative is fully compliant or merely leverages the benefits, it’s a universally accepted principle that exchanges will take heed of these sanctions.
“This motion signals that the cost processors for illegal platforms will receive attention at last,” Sanders concluded. Although Cryptex’s approach in this instance proved prolonged, they still acknowledged that the majority of their findings were dubious, understood the reasons behind these issues, and proceeded despite them? A stark revelation awaits: Can these allegedly reputable exchanges genuinely claim ignorance about the dubious nature of most transactions?
The U.S. government is offering a substantial reward of up to $10 million for information leading to the arrest and conviction of Shakhmametov and Ivanov. The state announcement indicates that separate rewards totaling up to $1 million each are being offered for information leading to the identification of various leaders involved with the Joker’s Stash criminal marketplace, excluding Shakhmametov. Additionally, it offers rewards for the identification of key leaders associated with the UAPS, PM2BTC, and PinPays transnational criminal organizations, with the exception of Ivanov.
Picture: U.S. Secret Service.
