 The war in Ukraine has marked the very first case in history where crypto has played a significant role in a military conflict. Right after Russia invaded Ukraine one year ago, crypto donations started flowing from all over the world to support the country's resistance. In total, around 200 million dollars worth of crypto was donated to Ukraine-related causes in the past 12 months. Digital currencies have been a vital resource for thousands of Russians who oppose Putin's invasion and fled their country. But the war has also shown the dark side of crypto. Russian militia groups and hackers have used digital currencies to circumvent sanctions and support the Kremlin's war effort. So has crypto really been a force for good in the war in Ukraine? And which side of the conflict has used it in the most effective way? I try to find out in my conversation with Andrew Firman, the head of sanctions strategy at Chainalysis. I'm Giovanni. On this show we challenge the ideas that shape the world of crypto. In each episode we assess a crypto narrative, a macroeconomic outlook, or a potentially disruptive technology. Only the most solid ideas will make it to the other side. So Andrew, your team at Chainalysis recently published a report where you discussed the impact of crypto on the Ukraine war one year after the invasion. So what would you say was the main impact of digital currencies on the conflict? Yeah, absolutely. So it's been a really interesting year. We first saw immediately after the outset of the war the people rally behind Ukraine and the Ukrainian government in setting up the crypto-related donations to support the Ukrainian efforts against Russia. And we quickly saw just mere months after the start of the war over $50 million almost immediately go into Ukrainian donation support. And as of today, that's well over $70 million. So we've seen a quick adoption on the global scale. We've seen a lot of people globally willing to help and support. And the borderless benefit of crypto really makes that easier. And so while that was the outset of what we saw, that got us thinking too to another point, which is this is also really one of the first open source wars that we're getting involved in. And so thinking about everything that's available from social media, Twitter feeds, being able to see what's going on in real time, that had us also thinking about, well, if we're seeing all of the good that this could be doing, where could it be going bad? And who could be leveraging crypto for the wrong reasons? And so that's kind of where we started looking into things like these militia and ganda groups, where we started looking at broader scale sanctions evasion potential and the use of ransomware as a political tool from the hacktivist perspective. Yeah. And now let's talk about the Russians. So we talked about how Ukrainians have been raising funds in order to basically resist providing aid to the country and so on. But we also saw that Russians have also used crypto in the conflict. So maybe can you give us some of the numbers that surprised you the most or the most significant numbers in terms of how Russians have used crypto in the conflict? So some of the numbers I like to focus on are around the militia and propaganda groups. And so when I talk about those types of groups, what do I mean? These are these are groups, particularly on social media, who are soliciting donations to support either the war upkeep or to maintain their writing on the propaganda outlets that they're engaging on. And so essentially requesting donations to help support via crypto. So when we think about the types of things this money might be used for, while we certainly aren't sure exactly where it ends up, from the goal is ultimately to take the crypto, transfer it to fiat, and use it to purchase supplies. When it comes to these militia groups, they actually get quite specific in a lot of instances about what they're looking to buy with the money that they receive. I pulled one just for example today, but a recent request was for helmets, tactical headphones, winter boots and winter gloves. So when we're thinking about the types of things that they're spending money on, we're not talking about hundreds of thousands or multimillion dollar item. We're talking about items that keep these soldiers going during the conflict. So five million dollars, while it may not sound like a lot in comparison, can certainly be a benefit towards these militia groups. Yeah. And so I wanted to dive a little bit more into this. So when you talk about militias, we are not talking about the Russian government. Yeah. So these are going to be your grassroots organizations. So I mean, we're not talking about Russia's state funded donations, which was also probably one of the reasons we're seeing some smaller numbers. We're really looking at individual actors. So somebody who's on the front, somebody who's trying to help provide more military resources to the front, whether they have connections in Moscow to move those goods into the Donbass region or not, they're essentially just trying to collect through whatever outlets they have available to them. And so that's where you see things like bulletproof vests or drones being purchased or stating that they'll be purchased with the donations that they receive. So that's interesting because we know that the U.S. Treasury Department, other regulatory bodies also in Europe, have imposed sanctions on Russian entities because of the war in Ukraine. And so I was wondering why haven't those sanctions worked in terms of preventing those pro-Russia fundraising activities with crypto? So I wouldn't say that they're not working. There's been a significant decrease in the engagement of these exchanges since these actors were identified. So I think one thing that's important to understand is it's not necessarily the case that these actors are operating from exchanges. It's that they're having non-custodial wallets. So they're holding their own wallets and then transferring funds out to exchanges in order to get their fiat transfer. So I think obviously without detection, these actors' wallets may not be known by an exchange that was receiving funds from them. So it's really important for the blockchain analytics ecosystem to be monitoring these groups, flagging them and giving exchanges the opportunity to make those assessments as well. So now let's try to explain how that works in practice. So if a Russian sanctioned entity receives some crypto donations in their non-custodial wallets and decides to cash out through an exchange, how can that entity be stopped? That's a great question. So that's how blockchain analytics comes into play. So exchanges are often using blockchain analytics tools or even sometimes their own internal tools in order to flag transactions and activity with specific actors. So when an entity is identified or an address is identified as belonging to one of these groups, the blockchain analytics companies will provide that information into their product, which then exchanges can utilize to monitor their transactions. One thing to keep in mind too is that exchanges cannot stop funds from coming inbound, but it's what they do with those funds once they receive them. That really matters. So I think context is a little bit important there, but essentially what'll happen is on an inbound transaction, so where an exchange would be receiving funds from that group, they'll get an alert when those funds come in and then they can choose to take the relevant regulatory action depending on what their jurisdiction is. Alternatively, on outbound transactions, so let's say a customer in exchange wanted to go donate to one of these organizations, those funds could be notified and alerted before they are sent outbound by the exchange themselves. As you said, those actors like Taskforce, Karusic and other ammunition groups are not very sophisticated in the way they use crypto. Let's say that they learn the lesson and they see that by sending crypto to exchanges that have some ties with the US financial system, they are likely to get their money blocked or frozen, but what if they develop a more sophisticated approach? Is there a way they can move their funds and cash out through other venues? So that's where we've seen the high-risk exchange usage and while the high-risk exchange haven't been as used, the thing is that we also see, keep in mind, is that OFAC and other US regulators, including FinCEN, are keeping track of who these operators are in the space and we've seen Garentex get sanctioned by OFAC. We've seen Bitslotto, which was also another well-known exchange in Russia that was facilitating ransomware payments and money laundering, get subject to a FinCEN order, which is the financial crimes regulator and the US as well. So I think in these high-risk exchanges being used, the more they're used for illicit activity, the more they end up being on target lists for regulatory bodies and sanctioning bodies like OFAC or others. Right, but if they are outside the jurisdiction of the US and they don't touch the US dollar, then they can continue operate, but I guess that's not really feasible, right? Conceptually, but also if they want to interact with regulated exchanges, the ecosystem will be able to see the types of activity that they're engaging in and exchanges or financial institutions that are subject to US jurisdiction may de-risk doing business with them, which limits their accessibility to the global ecosystem. So now let's touch upon the role of ransomware attacks in the war in Ukraine. In a recent report that you published not long ago, you established that in 2022, around $450 million were stolen in crypto, were stolen through ransomware attacks, and the majority of them were paid to entities that were believed to be based in Russia. So can you tell us more about what entities are we talking about? Yeah, sure. So Conti, which is a prolific Russia-based ransomware actor, obtained over $60 million from victims in 2022. And where we really wanted to highlight it in for this report is what the intent and purpose behind a lot of their attacks are. And when it comes to ransomware payments, a lot of the time bad actors have some sort of political agendas behind what they're doing. So Conti actually had notified in the day after the war started, actually, that they're officially announcing their full support for the Russian government. So Conti as a group was at least standing behind the Russian government in their activities. Additionally, we saw another pro-Russian hacktivist group by the name of Kilmet trying to target countries that are supporting Ukraine. In addition, they've even gone to social media to solicit donations. But those numbers are pretty insignificant in comparison to the ransomware numbers. Okay, so that's quite impressive, because if we assume that all those ransomware funds were paid to Russian entities that supported the war in Ukraine, that would mean that Russia basically managed to gather more crypto than Ukraine in 2022. So again, this is the amount that has been ransomware payments made. It doesn't fully account for any ransomware assets that were seized. So I don't have those numbers offhand. I'll have to come back to you. But a portion of that very well could have been seized by law enforcement or through coordinated efforts between exchanges and law enforcement. So that $456 million number isn't explicitly all ill-gotten gains necessarily. Thanks a lot, Andrew, for giving your perspective on these numbers. And yeah, let's keep in touch for probably other chain analysis reports that you're going to read these in the future. Absolutely. Thanks for having me, Giovanni.