Crypto
Russian National Charged With Laundering $530 Million Through Cryptocurrency Companies
Iurii Gugnin, a 38-year-old Russian national residing in New York, has been charged with 22 criminal counts by the US Department of Justice (DOJ) for allegedly laundering over $530 million through his cryptocurrency companies, Evita Investments and Evita Pay. The charges include wire fraud, bank fraud, money laundering, and violations of the International Emergency Economic Powers Act (IEEPA).
Gugnin is accused of creating a financial pipeline using the stablecoin Tether USDt (USDT) to support sanctioned Russian entities and bypass US sanctions and export controls. He allegedly deceived banks, falsified compliance documents, and facilitated access to sensitive US technologies. Gugnin’s actions highlight the misuse of digital assets for illicit finance and the growing challenges of regulating cryptocurrency markets.
Gugnin presented Evita as a legitimate cryptocurrency payment service but allegedly used it to secretly transfer illegal funds for Russian clients. By posing as a compliant financial technology company, Evita moved money through US banks and crypto exchanges while hiding the funds’ real sources. As president, treasurer, and compliance officer, Gugnin had complete control over these companies’ operations, finances, and regulatory reporting, enabling him to manage transactions, misrepresent the companies’ activities, and ignore Anti-Money Laundering (AML) rules. Authorities claim Evita’s systems were used to help sanctioned Russian entities obtain US technology and channel funds through stablecoins like USDT.
Gugnin is accused of moving $530 million through the US financial system while concealing the illicit origins of the funds. He laundered about $530 million through US banks and cryptocurrency exchanges, primarily using USDT, a stablecoin tied to the US dollar and known for its fast, low-volatility cross-border transactions. The operation involved receiving cryptocurrency from foreign clients, many connected to sanctioned Russian banks, including Sberbank, VTB, Sovcombank, and Tinkoff. These digital funds were channeled through cryptocurrency wallets controlled by Evita and then converted into US dollars or other traditional currencies via US bank accounts. This helped Gugnin to obscure their origins and assist Russian clients in evading international sanctions.
Gugnin used deceptive methods to hide the illegal nature of these cross-border transactions. He altered invoices digitally to remove the names and addresses of Russian clients and provided false compliance documents to banks and cryptocurrency exchanges. These documents wrongly claimed that Evita had no ties to sanctioned entities and had complied with AML and Know Your Customer (KYC) regulations. Despite claiming compliance, Evita allegedly operated without an actual AML compliance and failed to file Suspicious Activity Reports (SARs) as required by US regulations. This allowed Gugnin to mask the source and purpose of the funds, enabling high-risk transactions that may have supported Russia’s access to restricted US technology.
Gugnin, through his cryptocurrency companies, allegedly created a financial network to support Russian entities banned by US sanctions. Prosecutors allege he handled more than $500 million in transactions for Russian clients connected to sanctioned banks, including PJSC Sberbank, PJSC Sovcombank, PJSC VTB Bank, and JSC Tinkoff Bank. While living in the US, Gugnin held personal accounts with sanctioned banks JSC Alfa-Bank and PJSC Sberbank. He also enabled payments to acquire US export-controlled technology, such as sensitive servers, and laundered money to obtain components for Rosatom, Russia’s state nuclear agency. Actions of Gugnin and Evita provided Russian clients access to restricted components. Gugnin hid his activities by altering invoices to conceal Russian ties and falsifying compliance documents.
Gugnin and his companies are accused of deliberately violating US sanctions and export controls and the International Emergency Economic Powers Act (IEEPA). He allegedly deceived US banks and cryptocurrency exchanges by falsely stating that Evita had no connections with sanctioned Russian entities, while actively processing transactions for clients linked to blacklisted banks. To hide his activities, Gugnin secured a Florida money transmitter license by providing false details about Evita’s operations. This allowed him to use crypto exchange services under the pretense of compliance. Gugnin transferred over $500 million, often in USDT, into the US financial system through this scheme. Gugnin’s actions violated federal laws and threatened national security by enabling sanctioned entities to evade restrictions and illegally obtain sensitive US technologies.
The US DOJ alleges that Gugnin and his crypto companies failed to follow key AML rules required by the Bank Secrecy Act. Although Gugnin presented Evita as a legitimate money services business, he allegedly did not establish an effective AML program and failed to submit suspicious activity reports (SARs) to the Financial Crimes Enforcement Network (FinCEN), which are crucial for detecting and preventing illegal financial activities. Moreover, Gugnin misled banks and cryptocurrency exchanges by falsely claiming that Evita complied with strict AML and KYC standards, when these measures were either inadequate or missing. This deception allowed over $500 million to flow through the US financial system without proper regulatory oversight.
Federal investigators found strong evidence that Gugnin knew his actions were illegal. They found that Gugnin had allegedly searched terms like “how to know if there is an investigation against you,” “money laundering penalties US,” and “am I being investigated?” This showed he was aware of potential legal risks. Gugnin had also searched for “Evita Investments Inc. criminal records” and “Iurii Gugnin criminal records,” indicating he was worried about the consequences of his actions. Gugnin had also visited websites explaining signs of being under criminal investigation and ways to detect law enforcement attention. These online activities suggest he was conscious of his guilt and actively tried to avoid detection. This digital evidence supports the prosecution’s claim that Gugnin intentionally broke US laws while attempting to conceal his money laundering activities from authorities.
Gugnin faces a 22-count federal indictment for offenses related to laundering $530 million through his cryptocurrency companies. He has been charged with wire fraud, bank fraud, money laundering, conspiracy to defraud the US, violations of the IEEPA, and running an unlicensed money transmitting business. Additional charges stem from Gugnin’s failure to establish an effective AML program and not filing suspicious activity reports (SARs). If found guilty, Gugnin could face up to 30 years in prison for each bank fraud charge and up to 20 years for wire fraud and sanctions violations. Gugnin was arrested and arraigned in New York, and he is currently detained while awaiting trial, as authorities consider him a flight risk.
The case against Gugnin reveals increasing concerns about cryptocurrencies, especially stablecoins like Tether, being used to evade cryptocurrency regulations and US sanctions. As part of a broader effort to combat illegal crypto activities, the indictment shows how sanctioned entities, particularly those connected to Russia, use digital currencies to bypass restrictions and access global financial systems. Although stablecoins provide transparent transaction records, their speed and worldwide reach make them appealing for money laundering. The Gugnin case may lead to stricter regulations for crypto exchanges, payment processors, and money transmitters, with more vigorous enforcement of AML and sanctions compliance rules. Gugnin’s case also highlights the national security risks, as his actions enabled Russian clients to obtain restricted US technology. It may result in regulators imposing more stringent reporting measures on crypto firms to prevent foreign adversaries from exploiting digital finance to harm US interests.
Crypto
Institutional Crypto Adoption ‘Happening Now’: Ripple Executive Says Real-World Use Cases Taking Hold
Key Takeaways:
- Ripple says institutional adoption of digital assets is happening now.
- Craddock states the focus has shifted to infrastructure and real-world use cases.
- Paris events showed strong momentum, with Ripple citing real industry energy.
Institutional Digital Asset Adoption Gains Momentum
Institutional adoption of digital assets is gaining momentum across global finance, marking a decisive shift as major firms move beyond experimentation into active deployment. Ripple’s managing director for the U.K. and Europe, Cassie Craddock, reinforced this momentum on April 20, pointing to Paris Blockchain Week 2026 and related industry events as evidence that large-scale crypto adoption is already underway.
Craddock stated on social media platform X:
“Institutional adoption of digital assets isn’t something that’s on the horizon. It’s happening now.”
“The debate has moved on. The focus is on infrastructure and real-world use cases. And the people I was fortunate enough to spend time with this week are the ones building it. Banks, asset managers, fintechs, and regulators, all discussing how to do this properly and at scale,” she further shared.
The executive tied that view to meetings held across the Ripple Roadshow Paris, Paris Blockchain Week itself, Mastercard Crypto Day at the Eiffel Tower, and Société Générale-FORGE’s event at the French Ministry of Finance. She explained that discussions no longer centered on whether institutions would engage with the sector. Instead, participants examined infrastructure, deployment standards, and real-world use cases that could support broader activity across regulated financial markets.
Paris Events Highlight Structured Industry Buildout
The comments suggest that digital asset conversations among large organizations are becoming more operational. Craddock referenced exchanges with speakers including David Durouchoux, Myles Harrison, and Frédéric Dalibard, while also highlighting the presence of banks, asset managers, fintechs, and regulators. That mix suggests several parts of the financial system are considering similar questions around scale and execution. Rather than focusing on abstract potential, the gatherings in Paris appeared to center on how institutions can build and apply digital asset systems in a structured way.
The Ripple executive added that the people involved in those meetings are “the ones building it.” She also concluded:
“The energy was real, the momentum even more so.”
These remarks reflect Ripple’s view that institutional interest is moving from long-term expectation to active development. By stressing implementation and participation from established financial groups, the post framed Paris Blockchain Week as a signal that digital asset adoption is advancing within mainstream finance.
Crypto
Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency – Help Net Security
A British national tied to the Scattered Spider cybercrime group pleaded guilty to hacking multiple companies via SMS phishing and stealing over $8 million in virtual currency from US victims.
Tyler Robert Buchanan, 24, of Dundee, Scotland, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft.
In November 2024, US authorities unsealed criminal charges against Buchanan and four other alleged members of the Scattered Spider group, accusing them of using phishing text messages to steal employee credentials, breach company systems and steal cryptocurrency.
According to court documents, Buchanan and his co-conspirators conducted cyber intrusions and virtual currency thefts between September 2021 and April 2023.
The victims included interactive entertainment, telecommunications and technology companies, as well as business process outsourcing (BPO) and IT service providers, cloud communications firms, virtual currency companies and individual victims.
“As part of the scheme, Buchanan and his co-conspirators conducted Short Message Service (SMS) phishing attacks by sending hundreds of SMS phishing messages to the mobile telephones of a victim company’s employees. The messages purported to be from the victim company or a contracted IT or BPO supplier for the victim company,” the Justice Department said.
“The SMS phishing messages contained links to phishing websites designed to look like legitimate websites of a victim company or a contracted IT or BPO supplier. The websites then lured the recipient into providing confidential information, including personal identifying information (PII), and account usernames and passwords.”
In April 2023, police found on a digital device at Buchanan’s residence in Scotland the names and addresses of numerous victims, including a text file containing cryptocurrency seed phrases and login credentials for one account.
Buchanan has been in federal custody since April 2025 and faces up to 22 years in federal prison.
Co-conspirator Noah Michael Urban is serving a 10-year federal prison sentence and was ordered to pay $13 million in restitution after pleading guilty in April 2025 to fraud-related charges. Three other defendants charged alongside Buchanan, including Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo and Joel Martin Evans, still face criminal charges in the case.
Scattered Spider is a cybercrime collective, also known as UNC3944, Muddled Libra and Octo Tempest, made up largely of young, native English-speaking hackers who use social engineering, including impersonating IT and help-desk staff, to gain initial access, bypass MFA, and compromise enterprise networks.
The group gained notoriety for its role in high-profile hacking and extortion attacks against Caesars Entertainment and MGM Resorts International, two of the largest casino operators in the US.
Although authorities have increased pressure on the group and arrested several members, including four they consider responsible for ransomware attacks targeting UK-based retailers last year, the group continues to operate, with new members replacing those arrested.
Key Takeaways:
- Ripple outlines a phased roadmap to prepare XRPL for quantum-era cryptography risks.
- Industry momentum grows as XRPL testing highlights performance and security tradeoffs.
- Developers at Ripple will expand testing to balance innovation with network stability.
Ripple Maps Quantum Security Strategy
Ripple’s post-quantum strategy reflects a growing shift in blockchain security as quantum computing risks gain credibility. The company’s latest Insight, published April 20 by Senior Director of Engineering Ayo Akinyele, outlined a structured roadmap to prepare the XRP Ledger for future cryptographic disruption while preserving network performance.
The Insight stated:
“Ripple is introducing a multi-phase roadmap to prepare the XRP Ledger (XRPL) for a post-quantum future, with a target for full readiness by 2028.”
It also detailed collaboration efforts: “Ripple is working with Project Eleven to accelerate development, including validator testing and early custody prototypes.”
Akinyele explained that quantum security is becoming more relevant because blockchain networks rely on cryptographic systems that could eventually be broken by sufficiently advanced quantum computers. On XRPL, each signed transaction reveals a public key on-chain, which could weaken long-term wallet security in a post-quantum environment.
He also pointed to the “harvest now, decrypt later” threat, where attackers collect cryptographic data today and wait for future quantum capabilities to exploit it. While this does not indicate an immediate failure of current protections, it increases the urgency of preparing systems that secure long-duration value. These risks reinforce the need for early testing of quantum-resistant cryptographic systems and structured migration planning.
XRPL Testing Targets Long-Term Stability
Ripple’s roadmap consists of four phases, starting with contingency planning for a potential failure of existing cryptographic standards. This includes a “Quantum-Day” framework designed to enable secure migration to post-quantum accounts if vulnerabilities emerge. Additional phases focus on evaluating National Institute of Standards and Technology (NIST)-recommended algorithms under real network conditions, measuring impacts on throughput, storage, and verification efficiency. XRPL’s native features, including key rotation and deterministic key generation, provide a technical advantage by enabling gradual migration without forcing users to abandon existing accounts. Parallel testing on development networks will allow developers to assess performance tradeoffs before broader implementation.
The senior director of engineering emphasized long-term execution and coordination, stating:
“We should not view addressing the quantum threat on XRPL as a single upgrade, but rather a multi-phased strategy of carefully migrating a live, global financial infrastructure without compromising the value of digital assets protected by the XRPL.”
Akinyele indicated that achieving post-quantum readiness requires balancing cryptographic innovation with operational stability, ensuring the network remains efficient while adapting to future security challenges.
-
New York1 hour agoTrump’s Immigration Crackdown Pervades Long Island Suburbs
-
Detroit, MI2 hours agoChris Simms projects Detroit Lions first-round NFL draft pick
-
San Francisco, CA2 hours agoSan Francisco sets $3.4B price tag for public takeover of PG&E
-
Dallas, TX2 hours agoGame Day Guide: Stars at Wild | Dallas Stars
-
Miami, FL2 hours agoMay a steadying presence as Cards hold off Marlins in Miami
-
Boston, MA2 hours agoTyrese Maxey, VJ Edgecombe flex in Boston: Takeaways from Celtics-76ers Game 2
-
Denver, CO2 hours agoMotorcyclist seriously injured in Denver hit-and-run crash – AOL
-
Seattle, WA2 hours agoBrock: 2 drafts fits at edge rusher for Seattle Seahawks