Alleged Crypto Ransomware Money Launderer Extradited to US

The Russian citizen was extradited from the Netherlands to face charges of laundering proceeds from crimes paid in crypto

article-image

Blockworks exclusive art by axel Rangel

share

key takeaways

  • Denis Dubnikov is alleged to have laundered more than $400,000 as part of a ransomware scheme involving crypto
  • The Ryuk ransomware threat attempts to lock up systems in a bid to extract bitcoin payment

A 29-year-old Russian citizen has been extradited from the Netherlands to the US to face money laundering charges involving tens of millions of dollars in crypto-ransomware proceeds.

The US Department of Justice accuses Denis Dubnikov of laundering more than $400,000 in funds lifted from Ryuk ransomware attacks as part of a $70 million scheme, according to a statement by the Department of Justice on Wednesday.

Dubnikov and others involved in the scheme are alleged to have laundered funds from the attacks through various national and international transactions in a bid to conceal the funds’ provenance.

First appearing in 2018, Ryuk is designed to infiltrate private networks and gain administrative access to multiple systems. Once inside, Ryuk encrypts local files to lock up multiple computers before soliciting payment in crypto — usually bitcoin — to restore services.

Ryuk along with several other high-profile ransomware threats have been used to extract payment from government institutions, healthcare providers, hospitals and other businesses. 

In May of last year, Colonial Pipeline was forced to halt its services and pay more than $4 million in bitcoin following an attack that subsequently ignited fuel shortage fears across the US.

Weeks later, the world’s largest meat producer by total sales, JBS Holding, shelled out $11 million in bitcoin in an attempt to circumvent ransomware impacting its business and supply chains.

Efforts from North Korea’s Lazarus Group, Eastern Europe’s Darkside and others have been linked to various hacks across the industry, including a $625 million hack of the on Axie Infinity-tied Ronin Network bridge earlier this year.

Cryptocurrencies have repeatedly been blamed by law enforcement officials for facilitating anonymous transactions and assisting hackers in their attempts. However, the ability to transparently track transactions on-chain, has also helped law enforcement trace and reclaim stolen funds. 

Lazarus and others are said to have used crypto mixing service Tornado Cash in a bid to launder proceeds and conceal provenance. The Office of Foreign Asset Control banned its use for US citizens as well as 45 Ethereum addresses on Aug. 8.

Roughly three-fourths of funds passing through the privacy tool, however, are unconnected with criminal activity or sanctions evasion, and only 10.5% are stolen funds, according to on-chain analytics firm Chainalysis.

A five-day jury trial is expected to commence on Oct. 4 where Dubnikov faces a maximum sentence of 20 years in prison for his alleged involvement.


Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
  • Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
Tags

Upcoming Events

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

morpho 2 graphic.png

Research

Utilizing a ‘DeFi Mullet’ approach, Coinbase’s Bitcoin-backed loans integration with Morpho demonstrates a powerful blueprint for CEXs to monetize dormant assets by expanding adoption of wrapped products (cbBTC, USDC) while also supporting native and/or preferred DeFi ecosystems (Base) which can further lead to downstream growth in onchain liquidity and increased utilization of the related assets.

article-image

The platform also rolled out 13 tokenized funds for institutions on the Connect platform

article-image

The company’s expanded lineup introduces new ETF products, as more and more issuers get into crypto funds

article-image

President Donald Trump announced a 10% levy on almost all goods and additional tariffs on so-called “worst offending” countries

article-image

Solana may be in “recomposition” mode, as new protocols put usefulness ahead of mere virality

article-image

The stablecoin issuer will have to contend with bigger players and the interest rates environment

article-image

The president reportedly was still working on his tariff policy plans late Tuesday evening