The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned a crypto wallet tied to Russia-based Aeza Group, a bulletproof hosting provider accused of facilitating ransomware attacks, darknet markets, and cybercrime networks.
In a press release, OFAC said the sanctions target Aeza Group’s entire digital infrastructure, including three corporate entities and four senior executives, for providing digital safe havens to malicious actors. Among the individuals designated were CEO Arsenii Penzev and general director Yurii Bozoyan, both arrested by Russian authorities for their role in the darknet drug market Blacksprut.
Aeza’s services reportedly enabled operations by well-known cybercriminal entities, including Meduza, Lumma infostealer, RedLine panels, and BianLian ransomware operators. The infrastructure offered by Aeza allegedly allowed criminals to operate undetected, shielding them from law enforcement efforts.
Crypto wallet used to obscure illicit transactions
OFAC also designated a crypto wallet on the Tron blockchain, which investigators identified as an administrative address used to receive payments for Aeza’s services. According to Chainalysis, the wallet processed over $350,000 in digital assets, with funds routed through third-party processors to mask the trail and complicate forensic tracking.
TRM Labs, a blockchain analytics firm, backed the findings and noted the wallet exhibited consistent cash-out patterns at major crypto exchanges. Analysts said the wallet received direct transfers from customers, including infostealer vendors, and aligned with known Aeza service pricing.
The address also showed interactions with other illicit platforms, including sanctioned Russian exchange Garantex, strengthening suspicions of Aeza’s deep integration with the global cybercrime economy.
Shortly after the OFAC designations were made public, websites affiliated with Aeza and its subsidiaries went offline, suggesting efforts to evade enforcement.
This latest action reflects growing global focus on disrupting not just individual hackers, but the infrastructure that enables their operations.
OFAC escalates campaign against crypto crime
The Aeza Group sanctions come as part of a broader crackdown on crypto-linked illicit finance. In April, OFAC sanctioned eight addresses connected to Yemen’s Houthi movement, accusing them of laundering over $45 million to fund terrorism.
In March, the agency blacklisted 49 crypto wallets tied to Nemesis, a darknet drug market operated by Iranian national Behrouz Parsarad. The site, which facilitated the sale of fentanyl and synthetic drugs, processed nearly $30 million in Bitcoin and Monero before it was shut down in 2024.
OFAC’s latest actions signal an increasing emphasis on targeting the financial and technical infrastructure that powers transnational cybercrime.