FINTRAC Fines Cryptomus $177M: Severe AML/CTF Violations

FINTRAC Imposes Record Fine On Cryptomus: Crypto Must Comply

Canada's financial intelligence agency (FINTRAC) sent shockwaves through the cryptocurrency industry by announcing a record penalty of CAD 176.96 million (approximately USD 126.2 million) against Cryptomus. Operated by Xeltox Enterprises Ltd., the crypto exchange is accused of severe anti-money laundering (AML) and counter-terrorist financing (CTF) violations. This fine is not only the largest in FINTRAC's history but also sends a clear message about the increasing scrutiny of digital asset platforms worldwide.

Failure To Report Suspicious Transactions

One of the most severe failures was Cryptomus's omission to file reports for 1,068 suspicious transactions in July 2024 alone. These transactions were identified as related to serious illicit activities such as child sexual abuse material sales, fraud, ransomware payments, and sanctions evasion. Many of these transactions were linked to darknet marketplaces and virtual currency wallets associated with criminal activity.

FINTRAC Director and CEO, Sarah Paquet, emphasized: "The nature of these violations was a key factor driving the agency to take this unprecedented action."

Failure To Report Transactions from Iran

FINTRAC also discovered that the exchange failed to report 7,557 transactions originating from Iran between July 1 and December 31, 2024. According to ministerial directives, Cryptomus should have treated these transactions as high-risk, verified sender/recipient identities, conducted due diligence, maintained transaction records, and reported them to FINTRAC, but all these obligations were ignored.

Overlooking Large Virtual Currency Transactions

Furthermore, Cryptomus failed to report 1,518 large virtual currency transactions valued at CAD 10,000 or more in July 2024. This is a fundamental requirement for all financial entities to ensure transparency and combat money laundering activities.

Comprehensive Compliance Program Deficiencies

FINTRAC concluded that Cryptomus had "inadequate and insufficient" compliance policies and procedures. Specifically, the exchange lacked ongoing monitoring, failed to meet its "know your customer" (KYC) obligations, did not develop and apply written policies and procedures, and failed to assess and document money laundering or terrorist financing risks.

Background On Cryptomus And Its Criminal Connections

Cryptomus operates under the legal name Xeltox Enterprises Ltd. and was previously known as Certa Payments Ltd. Although incorporated in British Columbia, Canada, with a Vancouver address, company representatives from Uzbekistan and Spain stated during a March 2025 examination that Cryptomus had no employees working in Canada.

Previous investigations by KrebsOnSecurity and the Investigative Journalism Foundation (IJF) revealed that Cryptomus supported dozens of Russian crypto exchanges and cybercrime service websites. Notably, Cryptomus extensively transacted with Garantex, a Russian exchange accused by the U.S. government of laundering hundreds of millions of dollars in illicit funds, and Nobitex, an Iranian crypto exchange.

Prior to this fine, Cryptomus also faced legal issues when the British Columbia Securities Commission temporarily banned it from securities trading and other market activities in early 2025. Access to Cryptomus's website was also blocked in Canada earlier in 2025.

Impact And Broader Implications Tor The Crypto Industry

FINTRAC emphasized that this record action is part of a broader effort to bring the virtual currency industry into compliance with similar standards as traditional financial institutions. The Cryptomus case serves as a stark warning, highlighting the necessity of robust compliance frameworks to avoid severe penalties.

Sarah Paquet, FINTRAC Director and CEO, stated that this case demonstrates how virtual currency companies remain "vulnerable to exploitation by illicit actors" when compliance controls are weak or ignored.

This unprecedented fine sends a strong message to the cryptocurrency industry about the critical importance of adhering to financial regulations. It underscores the growing global scrutiny by regulators over digital asset platforms and their obligation to comply with anti-money laundering and counter-terrorist financing laws. Canadian regulators are intensifying controls over foreign exchanges, and the upcoming federal budget (expected November 4) is anticipated to create a new financial crime agency to tackle money laundering and fraud.

Conclusion

The Cryptomus case is a clear demonstration that regulators are becoming increasingly assertive in ensuring compliance within the cryptocurrency space. Exchanges can no longer ignore AML and CTF requirements. To survive and thrive in a more tightly regulated environment, crypto platforms must prioritize building and maintaining robust, transparent compliance programs to protect users and the global financial system from criminal threats.

Disclaimer: This article is intended solely to provide information and market insights at the time of publication. We make no promises or guarantees regarding performance, returns, or the absolute accuracy of the data. All investment decisions are the sole responsibility of the reader.