Canadian financial regulators have levied an administrative monetary penalty of $176,960,190 against Xeltox Enterprises Ltd., operating as the cryptocurrency payments platform Cryptomus. The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) announced this action on October 22, 2025.
This penalty follows significant non-compliance with anti-money laundering (AML) and anti-terrorist financing (ATF) regulations. The platform was found to have facilitated transactions linked to various illicit activities.
FINTRAC’s Findings and Compliance Failures
The record penalty addresses Cryptomus’s failure to report suspicious transactions and adhere to compliance protocols. FINTRAC’s investigation revealed Cryptomus did not submit suspicious transaction reports on 1,068 separate occasions during July 2024. These reports were required despite reasonable grounds to suspect links to money laundering from child sexual abuse material trafficking, fraud, ransomware payments, and sanctions evasion.
Additionally, Cryptomus failed to report 1,518 large virtual currency transactions of $10,000 or more during the same period, FINTRAC reported. The agency also cited Cryptomus for failing to comply with a Ministerial Directive. This included neglecting to develop and apply up-to-date written compliance policies and procedures, and not adequately assessing and documenting the risk of money laundering or terrorist financing offenses.
Sarah Paquet, Director and CEO at FINTRAC, commented that “numerous violations in this case were connected to trafficking in child sexual abuse material, fraud, ransomware payments and sanctions evasion.” She highlighted this as the reason for the agency’s “unprecedented enforcement action,” as noted in a press release.
Cryptomus and the Cybercrime Ecosystem
Investigations highlighted Cryptomus’s extensive use within cybercrime ecosystems. Research by blockchain analyst Richard Sanders, published in December 2024, identified 122 cybercrime services utilizing Cryptomus for payment processing, according to KrebsOnSecurity. These services included “bulletproof” hosting providers like anonvm.wtf and PQHosting.
Other implicated platforms included those selling compromised accounts, such as verif.work and kopeechka.store, alongside anonymity services like crazyrdp.com. Such services often play a role in larger cyberattacks, similar to those that exploit critical RCE vulnerabilities.
Facilitating Sanctioned Transactions
Sanders’ findings further indicated that at least 56 cryptocurrency exchanges used Cryptomus to facilitate transactions. Many of these platforms catered to Russian speakers, offering anonymous cryptocurrency swaps. They also enabled the exchange of cryptocurrency for cash held in accounts at major Russian banks. Several of these banks are currently under sanctions by Western nations. This highlights a persistent challenge in the virtual currency sector, where platforms can be exploited for illicit financial flows, much like in the case of the Balancer DeFi Protocol exploit.
These platforms were found to be part of a broader network exploiting vulnerabilities in the virtual currency sector, as FINTRAC noted. The enforcement action by FINTRAC signals a heightened commitment to ensuring accountability and transparency in virtual currency operations, especially in preventing exploitation by illicit actors. This penalty underscores the growing regulatory focus on money service businesses (MSBs) within the rapidly expanding virtual currency sector, emphasizing the critical need for robust compliance frameworks to safeguard Canada’s financial system.