Alleged Crypto Ransomware Money Launderer Extradited to US

The Russian citizen was extradited from the Netherlands to face charges of laundering proceeds from crimes paid in crypto


Blockworks exclusive art by axel Rangel


key takeaways

  • Denis Dubnikov is alleged to have laundered more than $400,000 as part of a ransomware scheme involving crypto
  • The Ryuk ransomware threat attempts to lock up systems in a bid to extract bitcoin payment

A 29-year-old Russian citizen has been extradited from the Netherlands to the US to face money laundering charges involving tens of millions of dollars in crypto-ransomware proceeds.

The US Department of Justice accuses Denis Dubnikov of laundering more than $400,000 in funds lifted from Ryuk ransomware attacks as part of a $70 million scheme, according to a statement by the Department of Justice on Wednesday.

Dubnikov and others involved in the scheme are alleged to have laundered funds from the attacks through various national and international transactions in a bid to conceal the funds’ provenance.

First appearing in 2018, Ryuk is designed to infiltrate private networks and gain administrative access to multiple systems. Once inside, Ryuk encrypts local files to lock up multiple computers before soliciting payment in crypto — usually bitcoin — to restore services.

Ryuk along with several other high-profile ransomware threats have been used to extract payment from government institutions, healthcare providers, hospitals and other businesses. 

In May of last year, Colonial Pipeline was forced to halt its services and pay more than $4 million in bitcoin following an attack that subsequently ignited fuel shortage fears across the US.

Weeks later, the world’s largest meat producer by total sales, JBS Holding, shelled out $11 million in bitcoin in an attempt to circumvent ransomware impacting its business and supply chains.

Efforts from North Korea’s Lazarus Group, Eastern Europe’s Darkside and others have been linked to various hacks across the industry, including a $625 million hack of the on Axie Infinity-tied Ronin Network bridge earlier this year.

Cryptocurrencies have repeatedly been blamed by law enforcement officials for facilitating anonymous transactions and assisting hackers in their attempts. However, the ability to transparently track transactions on-chain, has also helped law enforcement trace and reclaim stolen funds. 

Lazarus and others are said to have used crypto mixing service Tornado Cash in a bid to launder proceeds and conceal provenance. The Office of Foreign Asset Control banned its use for US citizens as well as 45 Ethereum addresses on Aug. 8.

Roughly three-fourths of funds passing through the privacy tool, however, are unconnected with criminal activity or sanctions evasion, and only 10.5% are stolen funds, according to on-chain analytics firm Chainalysis.

A five-day jury trial is expected to commence on Oct. 4 where Dubnikov faces a maximum sentence of 20 years in prison for his alleged involvement.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research



Aerodrome is a "MetaDEX" that combines elements of various DEX primitives such as Uniswap V2 and V3, Curve, Convex, and Votium. Since its launch on Base, it has become the largest protocol by TVL with more than $495M in value locked, doubling Uniswap's Base deployment.


Scientific reputation should be determined by a decentralized community of scientists, not the validation of higher institutions


Paxos is getting off scot-free after the SEC said it wouldn’t pursue legal action against the company


The Srcful partnership is part of a broader plan to onboard Helium “subnetworks”


Plus, a look into US spot BTC funds six months into trading


A Swedish energy-focused project named Srcful proposed to become a Helium subnetwork with its own ENERGY token


Securitize CEO Carlos Domingo thinks BUIDL will potentially hit its next $500 million milestone in just a few months