.svg)
In a major crypto crackdown, the Frankfurt Public Prosecutor’s Office (ZIT) and the Federal Criminal Police Office (BKA) have shut down a total of 47 crypto exchange platforms that were being used for illicit financial activities.
These services, which were hosted in Germany, allowed users to exchange both conventional currencies and cryptocurrencies, often anonymously, which authorities have said was facilitating money laundering and other criminal activities.
The operators of the now-deactivated platforms are accused of intentionally bypassing anti-money laundering regulations, specifically failing to enforce the know your customer (KYC) compliance requirements.
In doing so, this allowed criminals to exchange illegally obtained funds without revealing their identities, which resulted in the services catering to high-risk cyber criminal groups, including ransomware gangs, darknet traders and botnet operators, enabling them to cleanse illicit gains by converting them into usable currencies.
According to German law, these actions violate Sections 127 and 261 of the German Criminal Code, which address operating criminal trading platforms and money laundering on a large scale.
At EU level, the 5th Anti-Money Laundering Directive (5th AMLD) stipulates that providers of services involving virtual currencies, specifically those exchanging virtual currencies with fiat currencies and custodian wallet providers, are required to register with authorities in EU member states, which ultimately subjects them to regulatory oversight that is similar to traditional financial institutions.
Lax measures
The authorities’ investigation revealed that these services allowed users to bypass registration processes and identity verification, which enabled quick, anonymous exchanges of cryptocurrencies.
Such lax measures provided criminals with an easy method to conceal the origins of their ill-gotten gains, representing a key part of the cybercrime ecosystem.
The BKA and ZIT secured large volumes of user and transaction data from the shutdown services, with this data expected to play an important role in ongoing and future investigations into cybercriminal networks.
Ultimately, this development looks like a bridge to more targeted enforcement against criminals.
On a website set up by the authorities to show which exchange operators have been shut down, it says: “For years, the operators of these criminal exchange services have led you to believe that their hosting cannot be found, that they do not store any customer data and that all data is deleted immediately after the transaction. An apparently unregulated hub allowing you to launder the proceeds of your criminal activities without fear of prosecution.”
The authorities mockingly say “from our point of view: nothing but empty promises!”.
“We have found their servers and seized them — development servers, production servers, backup servers. We have their data — and therefore we have your data. Transactions, registration data, IP addresses,” the website says. “Our search for traces begins. See you soon.”
Finding the criminals
Despite these efforts, authorities acknowledge that prosecuting the individuals behind these activities can be challenging, as many cybercriminals operate from countries that either tolerate or protect their actions.
Consequently, the authorities have shifted their focus towards dismantling the infrastructure that enables cybercrime.
This strategy has proven effective in previous cases. In 2023, German authorities seized the server infrastructure of ChipMixer, a leading darknet cryptocurrency mixing service, and secured the equivalent of €90m.
The same year saw the shutdown of the Qakbot malware network, and in 2021, the notorious Emotet malware was taken offline.
More recently, in 2024, the international operation "Endgame" targeted six of the largest malware families, dealing another blow to cybercriminal infrastructure.
The BKA and ZIT continue to stress the importance of these coordinated actions, which have drained significant financial resources from the underground economy.
Crypto oversight only getting stricter
Going forward, oversight of the crypto-assets world is only going to get stricter, and especially for the EU.
For example, the Transfer of Funds Regulation (TFR) has been recast to apply to crypto-asset service providers (CASPs).
This will mean that CASPs need to follow similar rules to payment service providers, and that the originator’s provider must ensure that all transfers include accurate details about the originator and beneficiary, such as names, distributed ledger addresses and account numbers.
For transfers of more than €1,000, platforms must verify whether a self-hosted address is controlled by the originator, and the beneficiary’s provider must check that the required information is included and assess ownership for transfers of more than €1,000.
If details are incomplete or missing, they may reject or suspend the transfer and notify relevant authorities if issues persist.
Meanwhile, the new EU Anti-Money Laundering Authority (AMLA), which will be based out of Frankfurt, will have significant implications for CASPs too. It will directly supervise certain selected entities, including CASPs, which will further strengthen the oversight that the EU has of the nascent sector.
