Kyrgyzstan: A Gateway for Russian Crypto Activities

Every week, Information Security Media Group provides an overview of cybersecurity incidents affecting digital assets. This week highlights Russia’s crypto laundering activities in Kyrgyzstan, a $44 million hack on CoinDCX, U.S. authorities pursuing $7.1 million linked to an oil tank investment scam, the imprisonment of a former NCA officer for bitcoin theft, and a staggering $2.17 billion lost to crypto thefts in the first half of the year, along with Trump Media’s recent revelation of $2 billion in bitcoin holdings.

See Also: OnDemand | NSM-8 Deadline July 2022: Keys for Quantum-Resistant Algorithms Implementation

In an effort to circumvent international sanctions, Russia has reportedly turned to cryptocurrency platforms in Kyrgyzstan, using them to acquire goods essential for its ongoing military efforts in Ukraine, as indicated by recent analysis from TRM Labs. While Kyrgyzstan has positioned itself as an emerging global crypto hub, it remains ambiguous whether the nation is a passive conduit or actively complicit in these illicit activities.

TRM outlines that many virtual asset service providers (VASPs) in Kyrgyzstan share similar contact details and infrastructure, a characteristic often associated with coordinated networks designed to obscure financial flows. The combination of sophisticated transaction patterns connected to sanctioned entities, such as the Russian exchange Garantex, raises concerns about Kyrgyzstan’s role in facilitating money laundering.

TRM asserts that without prompt intervention, the Kyrgyz model of crypto facilitation could proliferate to neighboring countries like Kazakhstan and Uzbekistan. Authorities are urged to enhance regulatory frameworks for VASPs, emphasizing the need for increased transparency in funding sources.

Indian cryptocurrency exchange CoinDCX has confirmed a significant cybersecurity breach resulting in a loss of $44 million, marking one of the most substantial incidents in the Indian market since WazirX’s $230 million exploit last year. The breach was uncovered by blockchain investigator ZachXBT, who traced the attacker’s movements through Solana and Ethereum back to funds sourced from Tornado Cash.

Sumit Gupta, CEO of CoinDCX, described the incident as a “sophisticated server breach” impacting a liquidity provisioning account on a partner exchange but reassured customers that their funds remain secure. CoinDCX has committed to utilizing its reserves to cover the loss and is actively working with partners to recover stolen assets, along with the introduction of a bug bounty program.

U.S. federal prosecutors are seeking to seize $7.1 million in cryptocurrency tied to an alleged scam involving fake oil and gas investments. The indictment reveals that Geoffrey K. Auyeung and co-conspirators misled victims into wiring funds for fictitious escrow accounts. Instead of legitimate investments, the funds were dispersed across numerous bank accounts and crypto wallets.

At the time of Auyeung’s arrest in 2024, authorities had already confiscated $2.3 million from his accounts. He now faces multiple charges of money laundering as law enforcement continues to crack down on fraud schemes facilitated through digital currencies.

Paul Chowles, formerly a U.K. National Crime Agency officer, was sentenced to over five years in prison after pledging guilty to the theft of 50 bitcoins — currently valued at approximately $5.9 million. Chowles, who was responsible for managing seized digital assets during a 2017 operation, illegally siphoned bitcoin and laundered it using various services before being apprehended in 2022.

The severity of Chowles’ actions underscores the risks associated with insider threats, particularly in environments handling sensitive financial data. His case illustrates the necessity for stringent internal controls and oversight within institutions managing digital assets.

Crypto-related theft incidents surged to $2.17 billion in the first half of 2025, surpassing the total loss for the entire previous year, as noted in a mid-year report by Chainalysis. A significant portion of this loss, approximately $1.5 billion, stemmed from a major hack involving Bybit, attributed to state actors from North Korea.

Service-based attacks remain prevalent, but an alarming rise in individual-targeted thefts is noted, comprising nearly a quarter of all stolen funds. Offenders increasingly utilize deepfakes, social engineering techniques, and even violent tactics during thefts, contributing to a heightened vulnerability for individual crypto holders.

Trump Media & Technology Group has announced that its bitcoin treasury program now holds $2 billion in BTC and bitcoin-related securities, representing a significant portion of its overall liquid assets. This move aligns with previous indications of the company’s intent to bolster its presence in the cryptocurrency space.

The latest update reflects a strategic shift toward deploying capital into crypto investments, with reports suggesting Trump Media intends to leverage its holdings to engage further in the burgeoning market. However, specifics regarding the breakdown of holdings between direct bitcoin and related financial instruments remained undisclosed.

Reporting contributed by David Perera of Information Security Media Group in Northern Virginia.