Earlier this week, Russia invaded Ukraine in what President Vladimir Putin described as a “special military operation.”

The international response has been swift, with Russia now facing widespread and sweeping sanctions. The European Union imposed sanctions aimed at "Kremlin interests," while U.S. President Biden denounced the invasion as a "premeditated attack," announcing a wave of sanctions aimed at Russia's banks and state-owned enterprises.

Germany has frozen approval of the Nord Stream 2 gas project, which is designed to increase the flow of Russian gas to the European continent. The UK has also imposed "punishing sanctions" that will "devastate Russia's economy and target Vladimir Putin's inner circle."

So far, the international community has held back from the UK's demand to bar Russia from the SWIFT international payments network. But Bitcoin and other cryptocurrencies could provide President Putin with a means of evading international sanctions and their attendant financial costs.


“As with the traditional financial system, Russia can leverage cryptocurrency to evade the sanctions that are being put in place in response to their invasion of Ukraine," Caroline Malcolm, Head of International Policy at blockchain analytics firm Chainalysis, told Decrypt. But she added that crypto doesn't provide Russia with a silver bullet for evading sanctions: "As in the traditional financial system, the cryptocurrency ecosystem can put measures in place to identify transactions from identified sanctioned entities." 

Crypto ‘undermines’ U.S. sanctions

In October last year, the Biden administration warned that cryptocurrencies—described as digital assets by the Treasury Department—could undermine the United States’ broader sanction regime.

“These technologies offer malign actors opportunities to hold and transfer funds outside the financial system,” the Treasury Department said in a report. “They also empower our adversaries seeking to build new financial and payment systems intended to diminish the dollar’s global role.”

The pariah state of North Korea has reportedly part-financed its nuclear and ballistic missile programs using cryptocurrency, according to a United Nations report. A number of countries including the U.S., Japan, Australia and UK have imposed sanctions on North Korea, which has employed hackers to steal over $400 million in cryptocurrency from exchanges. North Korea also has an active crypto mining program, including Bitcoin and the privacy-preserving cryptocurrency Monero.


And as far back as 2018, businesses in Iran were able to use Bitcoin and other cryptocurrencies to evade sanctions imposed by then-U.S. President Donald Trump. "We chose crypto because sanctions could not block the accommodation payments made by our clients," an Iranian travel agent told Decrypt at the time.


One of the principal methods Russia can use crypto to evade sanctions is through ransomware attacks—an industry already driven by majority-Russian activity. 

A report from Chainalysis recently found that individuals and groups based in Russia (some of which have already been sanctioned by the United States) account for a “disproportionate share” of crypto-related crime. 

One such example is ransomware. Chainalysis’ research found that roughly three quarters (74%) of global ransomware revenue in 2021 financed sources “highly likely to be affiliated with Russia.” 

Russia also houses several crypto businesses that process “substantial transaction volume” from illicit sources. Moscow’s Vostok skyscraper—the tallest building in Russia—is one high-profile home for cybercrime. 

But at the tip of the Russian ransomware spear has been Russia-affiliated cybercrime group REvil. Earlier this year, Russia’s domestic intelligence service, the Federal Security Service (FSB), said it had dismantled the REvil ransomware group at the request of the United States. 

That announcement was met with skepticism at the time, which was reiterated by Hassold during his interview with Decrypt

“It’s unknown who was actually arrested,” former FBI agent and current Director of Threat Intelligence at Abnormal Security, Crane Hassold, told Decrypt. “Were they just affiliates, or were they the main actors? I don’t think we know any of that.”


Cryptocurrency is the “primary factor” driving today’s ransomware landscape, Hassold added. “It essentially allows the overall ransomware payments that we’ve previously seen to scale to numbers that are pretty crazy.”

Bitcoin mining

The Russian crypto-related ransomware industry is already well documented, but a second crypto-related stream of income—Bitcoin mining—is also being pursued by President Putin. 

Earlier this year, the president said that Russia has “competitive advantages” in Bitcoin mining, referencing the country’s “surplus of electricity and well-trained personnel.” For the time being, Putin's assertion appears to have been borne out; Bitcoin mining in Russia has continued mostly without interruption.

"Much of Russian Bitcoin mining is powered by domestic natural gas or [hydroelectric power] in Siberia," Will Foxley of Compass Mining told Decrypt. "It's unlikely that hashpower goes offline, unless sanctions influence pool providers."

To date, it is not clear whether the Russian state has bought any Bitcoin, but the government has been eyeing up the cryptocurrency as a means of sidestepping sanctions since as early as 2019. 

What can be done?

There are some ways to combat the use of crypto to evade sanctions, however.

Chainalysis' Malcolm told Decrypt that the U.S. and other sanctioning governments around the world can invest in blockchain analytics to “get ahead of Russian efforts” to evade sanctions using cryptocurrencies. 


“The transparency of the blockchain combined with these tools can be a powerful strategy to ensure that sanctions remain a credible deterrent,” she said.

Meanwhile, the Treasury Department’s sanctions report made two recommendations to ensure that the United States’ sanctions regime evolved in lockstep with the advent of cryptocurrencies. 

First, the report argued for sanctions that were easily understood, enforceable and adaptable. 

“The Treasury can build on existing outreach and engagement capabilities through enhanced communication with industry, financial institutions, allies, civil society, and the media, as well as the new constituencies, particularly the digital assets space,” the report said. 

The report also called for the Treasury to invest in “deepening its institutional knowledge and capabilities in the evolving digital assets and services space to support the full sanctions lifecycle of activities.” 

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.