U.S. Treasury sanctions Russia's "Zero Day" operation: Exposure of stolen U.S. government cyber tools case

MarketWhisper

2026-02-25 01:08:00

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced on February 25th sanctions against Russian exploitation broker Sergei Zelenyuk and his St. Petersburg company Matrix LLC (also known as “Operation Zero”). They are accused of selling stolen U.S. government proprietary network tools, marking the first law enforcement case under the “Protecting American Intellectual Property Act” to target digital trade secrets theft.

Operation Zero’s Operations and Sanctioned Entities

(Source: U.S. Department of the Treasury)

“Operation Zero” was launched in 2021, employing a public bounty system to purchase security vulnerabilities targeting mainstream operating systems and encrypted communication apps. Multiple bounties have been publicly posted on the X platform. Known rewards include $500,000 for 26 iOS vulnerabilities (November 2025) and $4 million for a complete attack chain vulnerability in Telegram (March 2025).

OFAC states that the exploits sold by “Operation Zero” enable attackers to gain unauthorized access, steal information, or remotely control targeted systems. The client base is explicitly limited to “private and government organizations in Russia,” focusing on offensive security research and software tools.

The sanctions also target two individuals: Oleg Vyacheslavovich Kucherov, suspected member of the Trickbot cybercriminal group, and Marina Evgenyevna Vasanovich, described as Zelenyuk’s assistant.

Australian Contractor Data Theft Case: $1.3 Million in Cryptocurrency as Key Evidence

The sanctions stem from investigations by the U.S. Department of Justice and FBI into Australian citizen Peter Williams. Williams, a former employee of a U.S. defense contractor, is accused of stealing eight “commercial secret zero-day exploits” between 2022 and 2025, selling them to “Operation Zero” for $1.3 million in cryptocurrency. Williams pleaded guilty in October 2025 to two counts of commercial secrets theft.

The U.S. State Department emphasized in an independent statement that the stolen tools were originally intended solely for sale to the U.S. government and its allies. Unauthorized resale poses a direct threat to U.S. intelligence capabilities. The Treasury also disclosed that “Operation Zero” is involved in developing espionage software and AI-driven tools to steal personal identification information, recruiting hackers via social media, and establishing contacts with foreign intelligence agencies.

Key Information on the Sanctions

Sanctioned Parties: Sergei Zelenyuk and Matrix LLC (“Operation Zero”), Kucherov, Vasanovich

Legal Basis: Protecting American Intellectual Property Act, marking its first application to digital trade secrets theft cases

Stolen Tools: Eight U.S. government proprietary network tools, originally intended for U.S. government and specific allies

Cryptocurrency Payments: Peter Williams sold stolen zero-day exploits for $1.3 million in cryptocurrency

Highest Bounty: “Operation Zero” previously offered a $4 million reward for a Telegram attack chain vulnerability

Frequently Asked Questions

What is the historical significance of the legal basis for these U.S. Treasury sanctions?

These sanctions are executed under the Protecting American Intellectual Property Act, which is the first time this law has been used to combat the theft and sale of digital trade secrets. OFAC states this signifies an expansion of U.S. enforcement tools against cyber tool theft into the realm of commercial secrets law, setting an important legal precedent.

What is “Operation Zero,” and how do their vulnerability trading operations work?

“Operation Zero” is a Russian exploitation broker led by Sergei Zelenyuk, purchasing security vulnerabilities for operating systems and encrypted communication apps through public bounties. Its clients are limited to Russian private and government organizations. The bounty rewards can reach up to $4 million, with transactions publicly posted on X, reflecting transparency in their dealings.

What implications does the use of cryptocurrency payments in this case have for crypto regulation?

Peter Williams paid $1.3 million in cryptocurrency to acquire stolen U.S. government zero-day exploits, highlighting cryptocurrency’s role as a primary payment method in transnational cyber espionage. This case raises regulatory concerns about the role of cryptocurrencies in national security crimes and underscores the importance of on-chain tracking tools and anti-money laundering measures in combating such transactions.

View Original

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.

Will the cap on UK stablecoins impact its status as a financial hub? Brian Armstrong warns that tightening regulations and soaring profits may create a hedge.

Monetary Policy Geopolitics Regulation & Policy

On February 25th, the CEO of the United States' largest compliant CEX, Brian Armstrong, publicly opposed the Bank of England's proposed stablecoin holding limit policy, stating that the related rules could weaken the UK's competitiveness in the global digital asset and stablecoin markets and suppress the development of the crypto innovation ecosystem. He expressed on social media that if current regulatory directions restrict the size and application scenarios of stablecoins, it could lead to capital and blockchain enterprises migrating to more friendly jurisdictions. According to the proposed framework, the Bank of England plans to set a limit of approximately £20,000 for individual stablecoin holdings, impose higher limits for enterprises, and require 40% of reserves to be held in non-interest-bearing central bank accounts. Some industry insiders interpret this design as a direct constraint on stablecoin liquidity and yield models, potentially affecting core applications such as stablecoin payments, tokenized assets, and on-chain settlements. Several UK lawmakers also warned that excessive restrictions could weaken fintech innovation and reduce institutional participation.

GateNewsBot44m ago

Paul Chan: Digital assets will be classified as eligible investments for tax concessions starting from the 2025/2026 tax year

Geopolitics Regulation & Policy

Hong Kong Financial Secretary Paul Chan announced in the budget that the tax system will be optimized to attract family offices and funds, with digital assets enjoying tax concessions, expected to take effect in 2025/2026. At the same time, a crypto asset reporting framework will be implemented to promote tax transparency, with plans to issue tokenized bonds and establish a digital asset platform.

GateNewsBot56m ago

Paul Chan: The first stablecoin issuer licenses will be issued in March, and a draft of the digital asset policy ordinance will be submitted within the year.

Geopolitics Regulation & Policy

Hong Kong Financial Secretary Paul Chan Mo-po revealed in the 2026 Financial Budget that the government will submit a draft digital asset policy regulation to establish a licensing system to regulate digital asset trading and custody services. At the same time, the Securities and Futures Commission will safeguard investors' rights, promote market liquidity, and foster innovation.

GateNewsBot2h ago

The Trump administration is considering requiring banks to collect customer citizenship information.

Regulation & Policy

ChainCatcher reports, citing sources familiar with the matter, that the Trump administration is considering an executive order requiring banks to collect customer citizenship data as part of its immigration enforcement efforts. Sources say the initiative is primarily being evaluated by the U.S. Department of the Treasury and may ultimately require banks to request a new, unprecedented type of documentation from both new and existing customers wishing to maintain bank accounts in the United States, such as passport information.

GateNewsBot2h ago

Cryptocurrency ATM Regulation Upgrades: Bitcoin Depot Mandates Identity Verification for Each Transaction, US Anti-Fraud and KYC Compliance Tighten Across the Board

bitcoin news Regulation & Policy Enforcement Actions

February 25 News, U.S. cryptocurrency ATM operator Bitcoin Depot announced that it will implement phased new regulations across its U.S. network starting in early February 2026, requiring users to provide identification for every cryptocurrency ATM transaction to strengthen anti-fraud monitoring and compliance review. This move is seen as an important upgrade in risk control and identity verification mechanisms in the crypto ATM industry amid tightening regulatory environments in the United States. Bitcoin Depot CEO Scott Buchanan stated that continuous identity verification processes can identify suspicious behavior based on user identity, transaction location, and amount before transaction approval, thereby reducing risks of account sharing, identity theft, and scams. The company previously implemented identity verification requirements for new users in October 2025, and this policy has now been expanded to all transaction scenarios, meaning the standards for real-name verification at crypto ATMs are further tightening.

GateNewsBot2h ago

Comment

0/400

No comments