TRM Weekly Roundup | October 3, 2024

It’s been a busy week in crypto policy and regulation! In this edition of ??The Weekly Roundup??, Ari Redbord , Isabella Chase , and Angela Ang walk us through these latest developments:

• ?US, UK, Australia take action against Evil Corp
• Securities Commission Malaysia launches regulatory sandbox and tokenization initiatives
• UAE seeks to clarify its regulatory regime
• UK Digital Securities Sandbox begins accepting applications
• SEC takes first-ever pig butchering-related actions
• Court denies motion to dismiss in case against Tornado Cash developer Roman Storm
• Dig in below ??

???US, UK, Australia take action against Evil Corp

On Tuesday, the U.S. Department of the Treasury 's Office of Foreign Assets Control (OFAC)?sanctioned ?seven individuals and two entities associated with the Russian cybercriminal group Evil Corp, as part of a coordinated action with the United Kingdom’s Foreign, Commonwealth and Development Office and Australian Department of Foreign Affairs and Trade .

Evil Corp has a long history of cybercrime dating back to 2009, when they first developed Dridex malware—used to steal banking credentials and commit financial fraud. Their operations have impacted over 40 countries, causing over USD 100 million in financial losses, primarily affecting banks, healthcare, and critical infrastructure sectors.

The United Kingdom designated 16 Evil Corp members and affiliates, and Australia designated three.

One of the individuals sanctioned by OFAC was LockBit Ransomware affiliate Aleksandr Viktorovich Ryzhenkov—also known by the moniker “Beverley”—for his involvement, alongside Evil Corp founder Maksim Viktorovich Yakubets, in the group’s operations.

In addition to sanctions, the U.S. Department of Justice ?unsealed ?an indictment against Ryzhenkov, a Russian national, for his involvement in deploying BitPaymer ransomware to attack multiple victims in Texas and across the US. Beginning in June 2017, Ryzhenkov allegedly gained unauthorized access to victims' networks, encrypted their data using ransomware, and demanded large ransoms to restore access and prevent the public release of sensitive information.

The FBI, NCA, and the AFP also released a detailed report entitled?Evil Corp: Behind the Scenes , which dives into the groups tactics, history, organizational hierarchy, and close links to the Russian state.

This week’s actions coincide with the second day of the US-hosted Counter Ransomware Initiative summit, which involves over 50 countries working together to counter the threat of ransomware. TRM Labs is honored to have participated in the summit.

?? For more, read TRM’s in-depth report on the Evil Corp action .

?????Securities Commission Malaysia launches regulatory sandbox and tokenization initiatives

This week, the Securities Commission Malaysia (SC) announced three new initiatives to spur innovation in Malaysia’s capital market, particularly in the area of tokenization.

Firstly, the SC is introducing a regulatory sandbox to provide a “controlled environment for testing innovative products and services while ensuring investor protection.” Innovative offerings, including tokenized securities, may be allowed to be tested within the sandbox. Applications for the first cohort are open from now until April 2025.

In addition, SC is working with Khazanah Nasional, Malaysia’s sovereign wealth fund, on a tokenized bond pilot. It will also develop guidance early next year for intermediaries to understand and manage associated risks in relation to securities tokenization.

Outlining the initiatives, SC Executive Chairman Dato’ Mohammad Faiz Azmi said that the regulator was “committed to purposeful innovation through digital initiatives that enhance access to financing, democratize investor participation, and strengthens the efficiency of institutional markets.” To that end, emerging technology like tokenization held the potential to democratize investment ownership, create new fundraising opportunities, and enhance market efficiency. “[L]et me implore you to push the boundaries of what is possible,” said Azmi.

?????UAE seeks to clarify its regulatory regime

The UAE is actively refining its virtual asset framework. Last week, VARA tightened rules on financial promotions , now requiring firms to include disclaimers in advertisements to highlight product risks. This move aligns the UAE with international standards for consumer protection in digital assets. In tandem with these new regulations, Dubai Financial Services Authority (DFSA) released a handy guide detailing its approach to crypto asset regulation. This quick reference guide includes token classifications, summaries, and a useful FAQ section to keep you informed.

In other UAE news, Ripple received in-principle approval from the DFSA to expand its operations beyond the Dubai International Financial Center. This marks the latest milestone for a global stablecoin issuer expanding within the country.

?????UK Digital Securities Sandbox begins accepting applications

On Monday, the Bank of England and the Financial Conduct Authority launched the application process for the Digital Securities Sandbox (DSS) . The DSS acknowledges that financial institutions are increasingly experimenting with blockchains and permissioned ledgers to be the underlying infrastructure for the trading of digital securities. The DSS will provide a regulated live environment for firms to experiment with trading digital securities with “flexible and proportionate regulations” they can refine over time to fit the activity.

The hope is that learnings from the DSS will allow for the “faster, cheaper, and more straightforward” trading of digital securities which, when taken in aggregate, will have transformational impacts on the economy. The DSS will have four stages—application, testing, go-live, and scaling—and then finally lead to a possible new permanent regime. Its success will depend on an initial wave of applicants and whether London is perceived to be the best place to launch these trials.

?? SEC takes first-ever pig butchering-related actions

Earlier this month, the U.S. Securities and Exchange Commission (SEC) announced its first-ever enforcement actions targeting pig butchering scams. The SEC filed charges against five entities and three individuals involved in two scams connected to the platforms?NanoBit ?and?CoinW6 . Together, these scams defrauded investors out of nearly USD 3.2 million. The complaints in both cases are in-depth descriptions of scammers luring victims—through romantic overtures—to send cryptocurrency.

In the case of?NanoBit, scammers impersonated financial professionals in WhatsApp groups between October 2023 and June 2024, luring victims into investing in what was presented as a legitimate crypto asset trading platform. They falsely claimed that their affiliate,?NanobitUS Securities, was an SEC-registered broker, giving the operation an air of legitimacy. Instead, the NanoBit platform was completely fraudulent, with funds being misappropriated and wired to bank accounts in Hong Kong.

Similarly,?CoinW6?ran a relationship-driven scam, where perpetrators posed as young professionals on LinkedIn and Instagram. Between July 2022 and December 2023, they built romantic relationships with victims through WhatsApp.

?? Read TRM’s in-depth breakdown of the NanoBit and CoinW6 cases here .

??? Court denies motion to dismiss in case against Tornado Cash developer Roman Storm

In August 2022, the U.S. Department of the Treasury ’s OFAC sanctioned Tornado Cash, a decentralized cryptocurrency mixer, for facilitating over USD 7 billion in illicit transactions—including laundering funds for North Korea’s Lazarus Group. Following this action, Dutch authorities arrested Tornado Cash developer Alexey Pertsev, marking the start of legal scrutiny on the platform’s developers. In August 2023, US authorities arrested Roman Storm, another Tornado Cash developer, and charged him with conspiracy to commit money laundering, operate an unlicensed money-transmitting business, and violate US sanctions laws. Roman Semenov, another co-founder, was sanctioned by OFAC but remains at large.

Last week, US District Judge Katherine Polk Failla denied Storm’s motion to dismiss the case. Storm’s defense argued that as a developer, he only wrote open-source code and had no control over how users employed Tornado Cash, framing it as a free speech issue. However, the judge ruled that while code can be expressive, it does not protect activities facilitating illegal money transmission.

This ruling sets a precedent for treating DeFi protocols like Tornado Cash as money transmitters and raises concerns about developer accountability. Roman Storm’s trial is set for December 2024, and if convicted, he could face up to 45 years in prison. We will continue to watch developments in this case closely.

• ???Last week, TRM’s Ari Redbord , Isabella Chase , and Angela Ang sat down to examine the current state of global crypto regulation, industry trends, and emerging risks.?Get the highlights (or watch the full recording) of their quarterly policy roundtable in this blog post .
• ???In a recent report , TRM’s team of blockchain intelligence experts found that cryptocurrencies play a critical role in funding international drug precursor manufacturers producing fentanyl, nitazenes, mephedrone, spice, MDMA, and amphetamines. Of the 120 Chinese precursor manufacturers we examined—spanning 26 cities and 16 provinces—97% offered payment in cryptocurrencies. Learn more about the key findings of the report here .
• ???When a victim of a pig butchering scam comes forward, one of the greatest superpowers available to investigators with TRM Labs is the ability to use on-chain exposure to identify additional victims—even for individuals in the midst of being victimized. Learn more about how TRM helps investigators find additional victims using exposure in this blog post .
• ????In our latest TRM Talks, Peter Kerstens of the European Commission joins host Ari Redbord to discuss MiCA implementation, what’s next for DeFi, and what the world can learn from Europe’s crypto experiment. Listen to the full episode now .