- The U.S. Treasury sanctioned Aeza Group and a crypto wallet linked to $350K in illicit funds.
- Aeza Group hosted infrastructure for ransomware, infostealers, and darknet drug marketplaces.
- Sanctions target Aeza’s top executives and affiliated companies aiding cybercrime.
The U.S. Treasury has sanctioned a Russian crypto wallet tied to the cybercrime group Aeza. The wallet holds about $350,000 in digital assets. It is linked to ransomware and info-stealing operations that target global victims, including Americans.
On Tuesday, the Office of Foreign Assets Control (OFAC) announced sanctions against Aeza Group. The group is based in St. Petersburg, Russia. It allegedly provided bulletproof hosting (BPH) services to support ransomware and illicit activity.
Aeza hosted servers for malware groups like BianLian and infostealers Meduza and Lumma. It also ran backend systems for RedLine panels and darknet drug markets such as BlackSprut. These tools allowed cybercriminals to avoid detection and launch attacks.
The sanctioned crypto wallet was tied to Aeza’s payment processor. Blockchain firm TRM Labs said it had received over $350,000. The funds reportedly moved between darknet services and crypto exchanges, often using the Tron blockchain.
Chainalysis reported that the wallet served as an administrative address. It handled cash-outs from Aeza’s clients and forwarded crypto to external platforms. Payments were sometimes made directly for hosting services.
Leaders, Entities, and Criminal Infrastructure Exposed
U.S. officials named Aeza’s leadership in the sanctions list. CEO Arsenii Penzev and General Director Yurii Bozoyan were previously arrested in Russia. Authorities linked them to hosting services used by drug markets. OFAC also listed Aeza’s Technical Director, Vladimir Gast, and part-owner, Igor Knyazev. All are now barred from accessing U.S. property or engaging in U.S.-based transactions.
The sanctions extend beyond individuals. OFAC also named three affiliated companies. These include U.K.-based Aeza International Ltd., and Russian entities Aeza Logistic LLC and Cloud Solutions LLC. The action blocks any assets these entities hold within U.S. jurisdiction and bars U.S. persons from engaging in transactions with them. Violations may lead to significant fines or even criminal prosecution.
The Treasury stated that Aeza’s infrastructure facilitated large-scale data theft. It also helped ransomware operators demand payments in cryptocurrency. Acting Under Secretary Bradley T. Smith called Aeza “a major cybercrime enabler.”
The U.S. Secret Service previously seized the crypto exchange Garantex in March. Aeza’s wallet showed transaction links to Garantex. It also showed patterns of laundering funds from illegal sources.
Related: Vladimir Smerkis Held in Russia Over Major Crypto Fraud Case
Ransomware and Crypto Threats Continue to Rise
Crypto-related cybercrime has grown in 2025. Blockchain firm CertiK estimates $2.1 billion in stolen crypto this year. Most losses were due to phishing and malware attacks.
Ransomware gangs and info-stealers target wallets, keys, and personal data. They often utilize bulletproof hosting to conceal their servers and evade shutdowns. BPH providers resist law enforcement action, allowing operations to continue.
The Treasury said Aeza helped criminals operate on a global scale. Their services supported attacks against U.S. infrastructure, corporations, and individuals. These actions created a significant threat to national security.
The sanctions are part of a wider crackdown on crypto misuse. The U.S. aims to disrupt the financial networks of cybercriminals. Sanctioning wallets and hosts helps trace and block illicit crypto flows. International cooperation remains crucial to fighting cross-border cyber threats. OFAC stated that it would continue to monitor crypto wallets associated with ransomware and darknet activity.
