Pakistan Firm Sold Fake KYC Docs to Russian Trolls for Bitcoin: US Treasury



The 2020 election ended over five months ago, but the US isn’t done litigating it.

The US Treasury Department’s Office of Foreign Assets Control (OFAC), which is responsible for enforcing economic sanctions, today announced actions against 16 groups and 16 people it claims tried to undermine the integrity of the election. President Biden also issued an executive order declaring a national emergency related to alleged Russian meddling.

Several of the 32 groups and individuals sanctioned today have used cryptocurrency to finance their activities, according to blockchain tracking firm Chainalysis.

They include: SouthFront, an English-language website that answers to Russia’s Federal Security Service; the Association for Free Research and International Cooperation (AFRIC), an ostensibly pro-Africa front company that’s allegedly used to manipulate African politics; Secondeye Solution (SES), which provides fraudulent identity documents; and Mujtaba Ali Raza, SES’s owner.

SouthFront has received a combined $12,146 in Bitcoin, Bitcoin Cash, and Ethereum, according to Chainalysis. AFRIC has Zcash and Dash wallets but has never received either of the privacy-leaning coins. And Raza has taken in just over $14,000 in Bitcoin and Litecoin

The real cryptocurrency power user in the group is SES, which has received 31,000 transactions worth over $2.5 million since 2013, the crypto forensics firm says.

Secondeye’s raison d'รชtre is creating synthetic (not stolen) identification documents. Wrote Chainalysis: “In fact, Secondeye’s documents were only in digital JPEG format, with no physical documents provided, making it difficult to imagine use cases other than fooling remote photo or video-based KYC checks.”

For $30 to $80 apiece, people could get fraudulent documents they needed to fool computers and activate online social media accounts.

In addition to online payment services such as Payoneer, SES it accepts Bitcoin, Bitcoin Cash, Ethereum, and Litecoin, said Chainalysis.

Members associated with the Internet Research Agency (IRA)—a Russian internet trolling group that US intelligence has linked to an influence campaign for the 2016 presidential election—allegedly purchased documents from SES to create troll farms and run disinformation campaigns.

Russian Spies Used $1 Million in Crypto to Meddle in US Elections

Since IRA is a known entity that has already been sanctioned, SES, Raza, and several other individuals attached to SES have been placed on OFAC’s Specially Designated Nationals and Blocked Persons List for selling to it. This means their assets are locked and US citizens cannot legally do business with them.

“Treasury will target Russian leaders, officials, intelligence services, and their proxies that attempt to interfere in the U.S. electoral process or subvert U.S. democracy,” said Treasury Secretary Janet Yellen in a press release. “This is the start of a new U.S. campaign against Russian malign behavior.”

According to Chainalysis, Secondeye maintains an active Bitcoin address at a “large exchange.” It’s also received crypto via “darknet markets, mixers, and several high-risk exchanges.” Depending on that large exchange’s jurisdiction—and how nicely the custodian plays with OFAC—any assets in it could soon prove difficult for SES to move.

A spokesman for Secondeye could not be reached for comment and its website appears to be inactive, with a single sentence currently on it: "WE ARE NO MORE TAKING ORDERS," it says.


Guide & Tools