Policy
Share this article

U.S. Bans Crypto Addresses Tied to LockBit Ransomware Group From Financial System

LockBit hit more than 2,000 different victims, who forked out north of $120 million in payments, according to a DOJ press release.

By Nikhilesh De|Edited by Sheldon Reback
Updated Mar 8, 2024, 9:48 p.m. Published Feb 20, 2024, 4:57 p.m.
LockBit's site has been taken over by federal authorities. (UK National Crime Agency)
LockBit's site has been taken over by federal authorities. (UK National Crime Agency)
  • The Office of Foreign Asset Control named two Russian nationals and identified 10 bitcoin and ether addresses after an international operation gained control of the organization's website.
  • Law enforcement agencies said they will distribute decryption keys to victims.

The U.S. Treasury Department's sanctions watchdog added nearly a dozen bitcoin and ether addresses to its global blacklist, alleging they were used by ransomware purveyors.

The Office of Foreign Asset Control (OFAC) named Artur Sungatov and Ivan Kondratyev, two Russian nationals indicted on charges tied to the deployment of ransomware, and identified 10 bitcoin and ether addresses (none of which containing any funds as of press time), in a statement on Tuesday, banning U.S. entities from providing any kind of financial services to the two. According to OFAC and the U.S. Department of Justice, they are part of the LockBit ransomware group, one of the world's most prolific ransomware distributors accused of stealing more than $120 million from over 2,000 victims in the past few years.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the State of Crypto Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

Ransomware attacks let malicious actors lock victims out of their computers and networks unless they pay a fee, often in cryptocurrency.

An international effort by the DOJ, Europol, the U.K. National Crime Agency and agencies in several other countries seized LockBit's website and various pages earlier this week in an effort dubbed Operation Cronos. The law enforcement agencies announced they would be distributing decryption keys to victims, allowing them to regain access to their devices.

According to a press release from Europol, more than 200 cryptocurrency accounts tied to LockBit have been frozen, while authorities in the U.S., U.K. and EU have all seized various parts of the ransomware group's infrastructure.

Some of the addresses listed by OFAC on Tuesday were deposit addresses for KuCoin, Coinspaid and Binance, according to data from Arkham Intelligence.

LockBit's victims included municipal entities and private companies around the world.

"The LockBit ransomware variant, like other major ransomware variants, operates in the 'ransomware-as-a-service' (RaaS) model, in which administrators, also called developers, design the ransomware, recruit other members — called affiliates — to deploy it, and maintain an online software dashboard called a 'control panel' to provide the affiliates with the tools necessary to deploy LockBit," the DOJ press release said.

RegulationsRansomwareEuropolDOJOFACSanctions

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Binance Wins Full ADGM Approval for Exchange, Clearing, and Brokerage Operations

By Sam Reynolds|Edited by Omkar Godbole
2 hours ago
Richard Teng, CEO, Binance. (CoinDesk/Personae Digital)

Abu Dhabi’s Financial Services Regulatory Authority has granted licenses to three Binance entities covering exchange, clearing, and brokerage functions.

What to know:

  • Binance has received authorization from Abu Dhabi Global Markets (ADMG) to operate under a comprehensive exchange, clearing, and brokerage framework.
  • The approval allows Binance to structure its operations into three regulated entities under the Nest brand, covering exchange, clearing, and trading functions.
  • Binance's presence in Abu Dhabi aligns with regulatory standards and underscores the region's role as a hub for financial innovation.
Read full story