The Bulletproof Exchanger Project: How Binance Helped Take Down a Cybercriminal Group Laundering $42M


At Binance, we are always working to ensure our customers' security and to support investigations concerning the safety of the global cryptocurrency ecosystem. Part of this commitment involves fighting malicious actors and helping victims seek justice.

When it comes to combating money laundering, we take a data-driven approach in which our security team has built mechanisms to help identify and shut down fraudulent activity. The Binance Sentry team and its analytics arm, the Security Data Science team, are responsible for building upon these anti-fraud systems and scaling investigations.

Currently, we are applying feature engineering techniques to identify suspicious patterns associated with illicit activities. These signals are then stacked and serve as input to the detection models being developed, assisting our investigations. Given the substantial volume associated with the Binance exchange, our numerous data sets are above and beyond what would be plausible for manual analysis, hence the reason we have employed detection algorithms that have been trained on historical attacker data to flag potentially malicious activities. Once an event has been flagged, our security teams review the case and proceed accordingly. 

The Bulletproof Exchanger Project

One of the Security Data Science team’s tasks is to identify transactions between Binance and high-risk entities, including what we refer to as "Bulletproof Exchangers". These cryptocurrency platforms often serve as the cash-out points for cryptocurrency operations connected to financial crimes and other fraud. Similar to Bulletproof Hosting services, which are web hosting providers with more lenient rules regarding what can be hosted on their servers, Bulletproof Exchangers are well-known for their lenient know-your-customer (KYC) and anti-money laundering (AML) policies. 

Data analyzed in conjunction with TRM Labs, a regulatory technology startup focused on blockchain analytics, shows that these exchangers, which are often based in regions with a lack of enforcement or regulation, have a high proportion of transaction volume linked to high-risk categories such as ransomware attacks, exchange hacks, and darknet-related activities. The illicit revenue generated from these attacks, and subsequent laundering, is then recycled back into cybercriminal operations and infrastructure in order to further ill-gotten gains.

Catching a cybercrime group behind $42 million laundering operation

For the health and sustainability of the entire industry, it is important to identify and help bring to justice those who abuse cryptocurrency and negatively affect the industry and its reputation. 

In early 2020, Binance allocated additional resources to dive deeper into the potential methods in which these “Bulletproof Exchangers” were laundering money through the cryptocurrency market. Suspicious activity detected and analyzed by the Binance Sentry team, in collaboration with the Cyber Police of Ukraine, led to the identification and arrest of a cybercriminal organization responsible for a ransomware campaign and the laundering of more than $42 million in cryptocurrencies over the last two years. 

We strongly believe that continued collaboration such as this will be a driving force in boosting cryptocurrency adoption and improving the image of the greater crypto space. 


We are working to apply big data techniques to further security research and investigations of crypto-related criminal activity. Binance is committed to aiding in the global fight against these bad actors and we are confident that projects such as “Bulletproof Exchanger,” as well as our ongoing partnerships with security and blockchain analytics firms, will empower us on this mission and lead to the dissolution of additional criminal groups for an overall safer community.