BTC-e was a shadowy crypto-currency brokerage serving hundreds of thousands of customers. Mayzus Financial Services was an apparently reputable payments provider with a London address and a licence from the Financial Conduct Authority. Through a web of offshore entities, anonymous UK shell companies and secret bank accounts, their combined services could be exploited to create a high-tech money-laundering machine, right under regulators’ noses.
“Do you know Mr Alexander Vinnik?”
Giving evidence to the Greek supreme court in December 2017, Sergey Mayzus was faced with an obvious question.
Vinnik was a 38-year-old Russian. Four months earlier, while on holiday with his family in the tourist village of Ouranoupoli, he had been arrested by plainclothes officers and charged with running a massive international money-laundering scheme.
The United States accused Vinnik of operating BTC-e, one of the most popular websites for buying and selling the crypto-currency Bitcoin. Lacking “basic anti-money laundering controls and policies”, the indictment alleged, “BTC-e emerged as one of the principal means by which cyber criminals around the world laundered the proceeds of their illicit activity.” Now they wanted to extradite Vinnik to America to stand trial.
BTC-e emerged as one of the principal means by which cyber criminals around the world laundered the proceeds of their illicit activity. - US Department of Justice
This placed Mayzus in an awkward position. His UK company, Mayzus Financial Services (MFS), had opened at least seven accounts on its platform for BTC-e’s shell companies and staff, including one for Vinnik himself, and handled around $100 million in transactions. MFS subsidiaries provided instructions on how to use BTC-e on their own websites, while senior employees maintained personal accounts on the site. MFS even responded to press enquiries on BTC-e’s behalf. Had Mayzus ever met Vinnik?
“I’m seeing him today for the first time in my life.”
The judge was nonplussed. “So why did you tell the court that you would give evidence about a man you don’t know?”
“BTC-e’s criminal design”
BTC-e launched in June 2011. It got off to a slow start—a leaked snapshot of the site’s user database, seen by Global Witness, shows that just 20,000 people had joined by the end of 2012. But when the market-leading Bitcoin exchange, Mt. Gox, ran into financial and legal trouble the following year, BTC-e surged. By October 2014, when the snapshot was taken, BTC-e had almost 570,000 users. More than a fifth of them had their language set to Russian.
BTC-e’s users handled serious amounts of money. In October 2014 they held a total of 79,114 Bitcoins, worth more than $30 million at the time and around $680 million at November 2019 exchange rates. Users held another $30 million denominated in US dollars and more than $20 million in the alternative crypto-currencies Litecoin and Namecoin. At its height in the autumn of 2016, BTC-e handled around 15% of all trade between US dollars and Bitcoin, making it the third biggest exchange in the market. Prior to Vinnik’s arrest it was mentioned in reports in the Financial Times, the Wall Street Journal, the New Yorker, TIME and a galaxy of specialist publications.
Much like conventional currency speculators, many BTC-e users were out to make a profit by buying low and selling high. But as the indictment makes clear, explaining the exchange’s “criminal design”, BTC-e’s no-questions-asked conversion between crypto-currencies and cash also attracted criminals. Accounts on BTC-e were practically anonymous: “a user could create a BTC-e account with nothing more than a username and email address, which often bore no relationship to the identity of the actual user.” This created the opportunity to convert the proceeds of cyber-crime, obtained as Bitcoin, into seemingly legitimate bank balances. A 2013 report for Wired referred to BTC-e specifically as an “offshore exchange … that [doesn’t] implement anti-money-laundering protections.”
Hackers used accounts on BTC-e to launder hundreds of thousands of Bitcoins stolen from the Mt. Gox exchange, contributing to its eventual collapse. The site also proved useful to real-world criminals. Analysis by Global Witness has linked email addresses used to register accounts on BTC-e to users advertising prescription drugs, cannabis and bootleg cigarettes on popular dark net markets—online bazaars accessible through a special browser which protects users’ anonymity. The exchange even facilitated corruption among those tasked with investigating cyber-crime: in 2015, US Secret Service agent Shaun Bridges used a BTC-e account to embezzle more than 1,606 Bitcoins (November 2019: around $14 million) seized under the authority of the US government.
Perhaps most troubling for US prosecutors is a link to the Russian state-sponsored hacking group known as Fancy Bear, which interfered in the 2016 presidential election. In order to carry out “phishing” attacks on key targets, Fancy Bear sent emails from spoof web addresses paid for with Bitcoin. Analysis of the Bitcoin blockchain—a record of all previous transactions—suggests that one of these addresses, mimicking the World Anti-Doping Agency, was paid for with funds originating from an account on BTC-e.
To hide their identities while lending a veneer of respectability to the enterprise, BTC-e’s operators used a tried and tested tool: an anonymous UK company. Always Efficient LLP was registered as a limited liability partnership in July 2014 by two nominees based in the Seychelles. The introduction of the persons with significant control (PSC) register in the UK in 2016 should have forced Always Efficient’s real owners had to show their faces, and on 9 July Alexander Buyanov was registered as the company’s PSC. But when a Russian journalist tracked Buyanov down to a Moscow karaoke bar where he worked as a DJ, Buyanov claimed he had never heard of the company.
Efficient wasn’t the only shell company behind BTC-e. According to the US
indictment, the exchange’s main legal entity was Canton Business Corporation,
registered in the Seychelles, while a lawsuit filed in Cyprus by Sergey Mayzus
names fourteen other companies, all registered in Britain, its overseas
territories or former colonies. Those registered in the UK itself raise the
most obvious red flags. Chartwood Technology LLP was constituted as a
London-registered partnership of two Dominican companies which have been linked to large-scale money-laundering scandals. Gem Invest LP, registered in
Edinburgh, was formed by the same overseas partners as a company allegedly linked to former Ukrainian president Petro Poroshenko.
In documents filed with the court Mayzus claimed Vinnik had “maintained an unauthorized money transfer business” without MFS’s knowledge, demanding €200 million in compensation from Vinnik and the listed shell companies for the fraud and resulting damage to MFS’s reputation. But in a 2017 interview with radio station Kommersant FM, Vinnik’s lawyer, Timofey Musatov, alleged that Mayzus himself controlled BTC-e’s main shell companies, not the other way around.
In a statement provided to Global Witness, Mayzus strongly denied any link to BTC-e’s corporate structures and accused Musatov himself of having a personal financial interest in the case. Musatov declined to provide a formal comment, but characterised Mayzus’s claims as an attempt to distract from the fundamentals of the case. In a press statement given in October, Vinnik reiterated the claim that Mayzus benefited financially from the collapse of BTC-e.
The UK’s persons with significant control register was introduced in June 2016. It requires companies to provide an up-to-date record of their beneficial owners and is accessible through the Companies House website.
While the register is useful in principle, analysis by Global Witness earlier this year found that it remains incomplete and filled with inaccuracies. More than 330,000 companies declare that they have no beneficial owner, 487 are part of circular ownership structures and several are apparently controlled by children under the age of two.
Global Witness recommends that companies be required to submit identification and proof of control when reporting PSCs and that the government gives Companies House sufficient resources proactively to check the register for red flags.
“A businessman in constant motion”
Mayzus spends his time between Russia, Cyprus and the Czech Republic, where he owns a castle, a brewery and vineyards. An old company biography describes him as “a businessman in constant motion” and a picture on his Facebook profile shows him in the cockpit of an L-39 jet trainer. He keeps high-octane company too: an online currency brokerage founded by Mayzus in 2008 employed Arne Treholt, a former Norwegian politician and convicted Soviet spy, as its vice-president.
Mayzus made his name providing online payment services. His businesses offered transfers between a wide range of currencies, geared towards small-scale traders and the international remittances market. MoneyPolo was a typical example, and Mayzus’s most ambitious venture to date: registered in the UK, with a flashy website and a licence from the Financial Conduct Authority (FCA), it presented itself as a dynamic London “fin-tech” start-up but was actually based in Prague.
One of MoneyPolo’s only UK-based employees was Christian Russell, a former compliance consultant. According to Russell’s LinkedIn profile, his responsibilities at MFS included investigating suspicious activity and liaising with the FCA. The profile suggests he left the company in June 2017, one month before Vinnik’s arrest, but Companies House records show that his directorship ended four months later.
MoneyPolo allowed users to transfer money between accounts on its platform and BTC-e, charging a small commission on deposits. A page on the MoneyPolo support website, since deleted, gave detailed instructions on how to transfer funds from a MoneyPolo account to BTC-e by generating a redeemable coupon called a “BTC-e code”. The BTC-e code system is singled out in the US indictment as a “conduit for money laundering” due to the anonymous nature of the transactions it facilitated.
What distinguished MFS from other providers was its bank deposit service. Users could wire money directly to a bank account, providing a payment reference number, and the funds would appear on BTC-e. The host bank changed over time, between a Deutsche Bank branch in Prague, the local Czech bank Česká spořitelna and the National Investment Bank of Mongolia, but the account was always under the name “Mayzus Financial Services Ltd” and carried a London address.
The official account of MFS’s relationship with
BTC-e was given in a note to shareholders in November 2017, signed by CEO
Nikolay Rozhok. According to Rozhok, MoneyPolo’s chief financial officer, Artem
Zhedik, met Vinnik in September 2013 in Moscow. The face-to-face came in the
midst of a run on the troubled Mt. Gox exchange, which had halted US dollar withdrawals three months
earlier, prompting hordes of angry customers to jump ship.
MFS opened accounts on its platform for three shell companies associated with BTC-e. It also set up accounts under the names of Vinnik, Buyanov—the Moscow DJ—and another man called Stanislav Golovanov, beginning in May 2013. The note makes clear that “Mr Buyanov and Mr Golovanov were never introduced personally”, but Rozhok did meet Vinnik himself, at a Moscow hotel in January 2015.
In a statement
provided to Global Witness, MFS’s board of directors said the company had
carried out a detailed risk assessment on BTC-e before accepting it as a client
and had implemented enhanced due diligence processes as a result. These
included obligatory identity verification for users making wire transfers,
checking against customer blacklists and extra monitoring of users from
In his own statement, Mayzus added that MFS would always have always followed standard industry practice in monitoring and reporting but not interrupting activity where money laundering is suspected.
“Neither structurally, nor personally”
While MFS was opening accounts for BTC-e’s operators, its employees were busy registering their own accounts on BTC-e. MFS was already represented by a corporate account created in April 2013. Over the following year, Rozhok, Zhedik and another employee all registered their own accounts. MFS said that its employees would often open accounts on client platforms to check their implementation of anti-financial-crime processes. There is no suggestion that they were using BTC-e accounts for unlawful activity.
The partnership even extended to MFS answering press enquiries on BTC-e’s behalf. In December 2013 a reporter from the specialist publication CoinDesk contacted MFS to ask about delays to bank deposits being made to BTC-e. He received a detailed response explaining that the exchange was upgrading its “customer services and server architecture” and had been overwhelmed by an increase in traffic, a story supported by the leaked user database, which shows more than 230,000 registrations in November and December 2013.
In a 2017 interview with Russian news agency RIA Novosti, Vinnik described how MFS’s systems were used by BTC-e for its operations. A letter sent to the prosecutor’s office in Thessaloniki gives a sense of the relationship from his perspective: “I explained the platform’s operating system to [Rozhok and Zhedik] and they assured me that co-operation with them would be legal and that they would deal with all the financial and legal matters. I kept in touch with them via phone and email”.
As soon as Vinnik was arrested, this relationship evaporated. In a now-deleted July 2017 statement posted on the website of OKPAY, an associated company, Mayzus described BTC-e as “one of the largest cryptocurrency exchanges”. He went on to deny that he or his companies were “in any way related to the BTC-E exchange, its owners, or employees”, while acknowledging that MFS may have had BTC-e as a client.
statement issued by MFS the following month reiterated
that BTC-e “has never had any direct link to our company, neither structurally,
nor personally”, and in court Mayzus claimed not to have heard of BTC-e at all
before July 2017, despite it being a direct client. “The fact of the matter is
that I am not a manager or member of staff”, he explained. “I am your average
owner, shareholder, and I own this company along with 20 others [companies].”
The fact of the matter is that I am not a manager or member of staff. I am your average owner, shareholder. - Sergey Mayzus
In its statement, MFS said its management team had acted “responsibly and appropriate to their business functions and legal responsibilities” but had underestimated the reputational risks involved in dealing with BTC-e. Following Vinnik’s arrest, Rozhok, Russell and MFS chief operating officer Marian Hanes all left the company and Mayzus—whose involvement with MFS was limited to receiving biannual reports from the company’s management—initiated an internal investigation into the relationship with BTC-e. Rozhok, Russell, Hanes and Zhedik did not respond to requests for comment.
Mayzus, for his part, has always been quick to emphasise that his businesses are properly regulated and enjoy membership of prestigious industry associations. In court he twice pointed out that MFS was regulated by the FCA, a claim repeated on the company’s website and those of its subsidiaries. But in July 2018 MFS’s licence, which it had held since 2012, was revoked. MFS and Mayzus said this was the result of a decision not to re-register after the introduction of the European Union’s Revised Payment Services Directive, which imposed burdensome new compliance requirements and might not have guaranteed access to the EU after Brexit.
Combining the anonymity of cash with the global reach of the internet, crypto-currencies have posed an unprecedented challenge for financial regulators. Enforcement has focussed on providers like BTC-e which allow users to exchange money between crypto-currencies and traditional or “fiat” funds, with the United States leading the way.
In 2015, the US Financial Crimes Enforcement Network (FinCEN) fined Ripple Labs $700,000 for acting as an unregistered money services business and failing to maintain an adequate anti-money-laundering programme. Similar charges were brought against BTC-e and against a former stockbroker and real estate investor in California, who was sentenced to a year in prison in July 2018.
Risks for small-scale investors have also drawn regulators’ attention. In the UK, the Financial Conduct Authority (FCA) recently proposed a ban on derivatives linked to crypto-currencies, warning that their volatility could lead to “sudden and unexpected losses.” So-called Initial Coin Offering (ICO) schemes are another area of concern, with the FCA specifically warning consumers against participating in them.
In June, the inter-governmental Financial Action Task Force (FATF) issued new recommendations calling on crypto-currency exchanges to share more personal information about users, bringing them in line with international banks. The lack of such rules to date has created a gap in the market for companies investigating the blockchain itself. Chainalysis, for example, sells software to de-anonymise accounts on a number of crypto-currency blockchains, while London-based Elliptic provides consultancy services directly to law enforcement agencies.
It isn’t the first time that Mayzus has contended with the authorities. In February 2016, Mayzus Investment Company was fined €12,000 by the Cypriot regulator for failing to comply with anti-money-laundering rules, and in December 2017 MoneyPolo was banned from doing business in Azerbaijan over similar concerns. Meanwhile, the Australian Securities and Investments Commission lists one of MFS’s bank accounts in an online guide warning against financial scams, linking it to a bogus investment broker. MFS said the Azeri ban related to a territorial dispute between Azerbaijan and Armenia and that “the same actions have been historically applied … to practically every remittance company operating in the region.”
On closer inspection, even the industry association memberships touted by Mayzus’s companies aren’t what they seem. United World Capital boasted of being a member of the Swiss International Financial Services Association (SWIFSA). This supposedly prestigious body was nothing more than a shell company with three directors, two of which were Mayzus and his wife Anna. Mayzus said other foreign exchange companies had been members of SWIFSA, but that the association was ultimately a failed venture.
Two years after his arrest, Vinnik remains in jail. Greece’s supreme court approved the American extradition request in 2017, but Vinnik’s lawyers appealed the decision. Last year the court found in favour of a competing request from Russia, before backtracking to approve a European Arrest Warrant issued by the French authorities.
Vinnik’s detention was extended for six months in July, with a final decision to be made by the new Greek justice minister, Konstantinos Tsiaras. The defendant’s own preference is clear: he wishes to be extradited to his home country, where he faces significantly lighter charges than in the US. Officials ranging from Russia’s human rights commissioner to Vladimir Putin himself have reportedly been pleading Vinnik’s case. In response, the US has piled on further pressure, filing a civil suit demanding $100 million from Vinnik and BTC-e on top of the existing criminal charges.
Mayzus has been busy in the courts too. In October, the law firm representing him and MFS in the Cyprus case boasted that it had secured judgements for compensation totalling €37.5 million from BTC-e’s shell companies. He has also been pursuing Vinnik’s lawyer, Musatov, suing him over the claim that Mayzus controlled those same companies. The case, filed in Moscow, has been thrown out twice, but Mayzus is appealing to Russia’s supreme court.
When Musatov works on Vinnik’s case his client is a Russian national held in Greece and his adversaries are the American and French governments, but in a real sense the case is a British one. Two of BTC-e’s central shell companies were registered in the UK. They handled money using accounts created by another UK-registered company regulated by the FCA, which accepted deposits using bank accounts with a London address. Fittingly, Musatov has his own office in Mayfair, two minutes’ walk from Hyde Park.
Are the British authorities investigating? MFS said that the FCA had “reacted to the BTC-e case and audited the policy and controls of the company.” A spokesperson for the FCA declined to comment.
Shortly after Vinnik’s arrest, BTC-e emerged from the ashes under a new name, WEX, claiming to control many of the “digital assets”—including user accounts and crypto-currency holdings—of the defunct exchange. In July WEX’s declared operator, Dmitry Vasiliev, was arrested in Italy, echoing the fate of his predecessor. But the question of who really benefited from BTC-e remains unanswered, with investigators hamstrung by the opacity of the offshore corporate system.
Meanwhile, Mayzus is still in business. His new company, Weezzo—an online payments processor—is currently advertising for a compliance officer.
Find out more
Louis GoddardSenior Data Investigations Advisor
You might also like
Press releaseNew investigation by Global Witness finds UK registered company linked to "hub for cyber crime".
CampaignIll-gotten gains don’t disappear by themselves. Dictators, warlords and other criminals need ways to hide their identity and move dirty cash around the world.
ArticleGlobal Witness estimates that prominent members of the powerful Makhlouf family, cousins of dictator Bashar al-Assad, own at least US$40 million worth of property across two Moscow skyscrapers. Some of the same family members have been key in maintaining al-Assad’s grip on power.