German law enforcement seized 47 cryptocurrency exchange services hosted in the country that facilitated illegal money laundering activities for cybercriminals, including ransomware gangs.

The platforms allowed users to exchange cryptocurrencies without following applicable “Know Your Customer” regulations, meaning that users remained completely anonymous when making transactions.

This created a low-risk environment for cybercriminals to launder their proceeds without fearing prosecution or being tracked.

“Exchange services that enable such anonymous financial transactions and thus money laundering represent one of the most relevant building blocks in the criminal value chain of the cybercrime phenomenon,” reads a  Federal Criminal Police Office (BKA) announcement.

“Among the users are ransomware groups, darknet dealers, and botnet operators who use such services to bring extorted ransom or other criminal proceeds into the regular currency cycle in order to utilize the money obtained through criminal means.”

On the users’ trail

When visiting any of the seized exchanges, you are now redirected to a warning page titled “Operation Final Exchange,” which warns visitors that they have been deceived by the promises of anonymity by the operators of these platforms.

“For years, the operators of these criminal exchange services have led you to believe that their hosting cannot be found, that they do not store any customer data and that all data is deleted immediately after the transaction,” explains Operation Final Exchange website.

“An apparently unregulated hub allowing you to launder the proceeds of your criminal activities without fear of prosecution.”

“We have found their servers and seized them – development servers, production servers, backup servers. We have their data – and therefore we have your data. Transactions, registration data, IP addresses.”

Authorities secured extensive user and transaction data from the platforms, which will aid in future investigations, so subsequent arrests of cybercriminals are expected in the upcoming period as a result of this operation.

The complete list of seized exchanges can be found in the Final Exchange portal, but the most prolific of the seized exchanges are:

• Xchange.cash – over 410,000 users and 1,280,000 transactions
• 60cek.org – over 300,000 users and 900,000 transactions
• Bankcomat.com – over 250,000 users and 760,000 transactions
• Banksman.com – over 280,000 users and 750,000 transactions
• Prostocash.com – over 265,000 users and 470,000 transactions
• Multichange.net – over 185,000 users and 430,000 transactions

As of now, no arrests have been reported in connection with Operation Final Exchange, and BKA noted that identified cybercriminals are often tolerated or protected by their countries of residence, hinting that they’re out of reach.

Still, the law enforcement agency noted that the operators of the seized exchanges face charges of money laundering and running illegal trade platforms on the internet under Sections 127 and 261 of the German Criminal Code (StGB), which can incur multi-year imprisonment sentences.