TRM Weekly Roundup | May 9, 2024

Welcome to our second LinkedIn-native edition of The Weekly Roundup!

If you just subscribed, welcome. 👋 If you read last week’s inaugural edition, we’d love to know what you thought. 💭 And if you’re seeing us for the first time on your LinkedIn feed, be sure to subscribe. 🗞️ Each edition includes a roundup of the week’s news on crypto regulation, compliance, and investigations—complete with commentary from our team of global policy experts: Ari Redbord , Angela Ang , and Isabella Chase .

➡️ This week, we’re taking a closer look at:

• AML regulatory reform in Australia
• US and UK sanctions against LockBit ransomware group
• Million dollar crypto armed robbery in Singapore and Malaysia
• TRM Talks with German prosecutor Jana Ringwald
• How IRS-CI took down the xDedic Marketplace
• “Small steps” and “giant leaps” at BIS Innovation Summit

🇦🇺 Australia moves forward with AML regulatory reform, expands scope of digital asset regulation

Last Thursday, Australia’s Attorney-General’s Department (AGD) released a second consultation with proposed implementation details for the modernization of its AML regime.

For digital assets, AGD plans to expand the scope of regulation to align with Financial Action Task Force (FATF) Recommendation 15, and introduce Travel Rule obligations. Here are the key details:

• AGD plans to replace the current "digital currency" term in the AML Act with "digital assets," to address "regulatory gaps" due to the "evolving concept of digital currencies," such as the treatment of NFTs and CBDCs (which is proposed to fall under the definition of "money"). "Digital assets" also aligns with the Commonwealth Treasury's proposal on a comprehensive regulatory framework for digital assets.
• The proposal would see the scope of regulated digital asset services expanded to align fully with FATF Recommendation 15—including exchange between two digital assets, custody services, and financial services for ICOs. Currently, only the exchange of digital assets and fiat currencies is regulated under the AML Act.
• Travel Rule obligations for digital assets would also be introduced. Full obligations will apply for transactions between service providers, while limited obligations would apply to transactions with self-hosted wallets. AGD plans to apply the Travel Rule on all transactions, which would be more stringent than FATF's recommended threshold of USD/EUR 1,000.

💡 TRM Insights: We consider this a welcome move from the Australian Government to provide a much needed and significant uplift to its AML/CFT regime. Consistent and well-implemented AML/CFT standards reduce loopholes that can be exploited by illicit actors to profit from their activities. Aligning standards on digital asset service providers is especially important. As this sector grows, it must be protected from risk, supervised proportionally, and supported in using the latest technology to meet regulatory objectives.

For more perspectives, read TRM’s response to the first AGD consultation here . The current consultation closes June 13.

🔓 US and UK authorities identify, sanction, and unseal indictment against leader of LockBit ransomware group

This week, the United States and the United Kingdom took sanctions and criminal action against Dmitry Yuryevich Khoroshev, a Russian national and a leader of the Russia-based LockBit group, for his role in developing and distributing LockBit ransomware. This was a global effort by the US, UK, Australia, and others.

LockBit is one of the most prolific ransomware groups in the world. The group has had unprecedented impact on businesses and critical infrastructure across the globe, using a Ransomware-as-a-Service (RaaS) model to conduct thousands of attacks and extort victims for large ransom payments in cryptocurrency. Through on-chain analysis, TRM estimates that addresses controlled by LockBit administrators and affiliates have received over GBP 160 million (or USD 200 million) in bitcoin since 2022, of which over GBP 85 million (or USD 110 million) are still unspent in multiple addresses on-chain.

In addition to designating Khoroshev today, U.S. Department of the Treasury ’s Office of Foreign Assets Control (OFAC) also added XBT bc1qvhnfknw852ephxyc5hm4q520zmvf9maphetc9z—a cryptocurrency address associated with Khoroshev—to the sanctions list today.

TRM analysis shows that the sanctioned address is associated with hundreds of other addresses connected to Khoroshev. Khoroshev moved funds through a peeling chain, making multiple deposits to different global exchanges.

For more, read our in-depth piece here .

🇸🇬 🇲🇾 Singapore and Malaysia authorities apprehend two in million dollar crypto armed robbery case

Last week, the Singapore Police Force announced that two suspects in a crypto armed robbery case had been apprehended with the assistance of the Royal Malaysia Police . The duo were part of a group that robbed 11 victims of assets totaling more than SGD 4.34 million (USD 3.21 million), at a residence in the upscale Singapore neighborhood of King Albert Park, in the early hours of April 18, 2024. The bulk of the stolen assets consisted of 2.6 million in USDT belonging to one victim, alongside cash and luxury watches.

Authorities arrested the two suspects in Malaysia less than two weeks after their heist. They were charged in Singapore courts for gang armed robbery on May 2.

This is the first reported case of crypto armed robbery in Singapore, although cases elsewhere date back to 2018.

🇩🇪 TRM Talks with German prosecutor Jana Ringwald

From the largest darknet markets to the most dangerous ransomware groups, German authorities have been involved in some of the most important crypto-related investigations and takedowns in recent years. In our latest TRM Talks, Ari Redbord sits down with Jana Ringwald , Senior Public Prosecutor, Prosecutor General’s Office in Frankfurt, to discuss how she works with law enforcement, the private sector, and global partners to fight cybercrime. Listen now !

👮 How IRS-CI used blockchain intelligence to take down the darknet xDedic Marketplace

The IRS Criminal Investigation (IRS-CI) is responsible for investigating criminal violations of the US Internal Revenue Code and related financial crimes. So when darknet marketplace, xDedic, sold over 700,000 credentials on their site—enabling threat actors to generate millions of dollars in fraudulent tax refunds—the IRS-CI sprung into action.

Watch the video below to find out how IRS-CI used TRM’s blockchain intelligence to unravel the network of associated addresses, and see how they partnered with international law enforcement authorities to shut down the xDedic Marketplace—and the individuals behind it.

For more, read the story here .

🏦 Central bankers meet for BIS Innovation Summit to take “small steps” and “giant leaps”

This week, central bankers from around the world met for the annual Bank of International Settlements Innovation Summit to discuss “how technological innovation's intensified speed is offering increasing opportunities to the financial sector and to central banks, and how central banks are dealing with the risks that technological innovations may create.” From CBDCs to stablecoins, measuring cryptoasset data to AI, crypto was on the menu.

In his opening address, BIS Chair Augstin Carstens spoke about the importance of taking “small steps and giant leaps.” In terms of giant leaps, Carstens called out two innovations: The tokenization of assets traded on a programmable, unified ledger and the creation of the “Finternet, “an interconnected place with the individual at the center of their own financial world.

Enjoying The Weekly Roundup? Drop us a like or comment, and be sure to tell your peers to subscribe.