← back to the index
VT-006 Crypto exchange · Russia / New Zealand 2018

WEX.nz — The BTC-e Reboot That Stole Half a Billion and Ran

trading-exchangearrestedico-era
Platform
WEX.nz
Est. Losses
~$400M–$500M
Users Affected
~100,000
Status
Arrested

Summary

WEX.nz, a Russian-operated cryptocurrency exchange registered in New Zealand, collapsed in mid-2018 with somewhere between $400 million and $500 million in user deposits missing. The platform had launched in September 2017 as a near-identical copy of BTC-e — a notoriously shadowy exchange seized by US and European authorities in July 2017 for facilitating billions of dollars in money laundering — and was operated by Russian national Dmitry Vasiliev. Within eleven months of launch, WEX froze withdrawals, shed its domain names, and went dark. Vasiliev was later arrested in Warsaw and extradited to the United States in mid-2025 to face charges of fraud and money laundering.

The WEX story is inseparable from BTC-e, but they are distinct events. BTC-e was founded around 2011 and operated for six years as one of the world's largest cryptocurrency exchanges, processing more than $9 billion in transactions while deliberately serving criminal clients including ransomware operators and darknet marketplaces. Its operator, Alexander Vinnik, was arrested in Greece in July 2017. WEX.nz then appeared as an ostensible continuation of BTC-e — inheriting user balances, the trading interface, and much of the user base — but it operated only under Vasiliev's direction and lasted less than a year before its own exit. The two cases involve separate operators, separate legal proceedings, and separate thefts; understanding that distinction is essential to understanding either.

The roughly 100,000 users who trusted WEX with their deposits had already survived the BTC-e shutdown and accepted Vasiliev's reassurances that their balances were intact and the new exchange was legitimate. Most recovered nothing. As of mid-2026, Vasiliev is in US custody awaiting trial; no meaningful restitution has reached victims.

Timeline

July 2011
BTC-e founded
The exchange begins operating, eventually becoming one of the world's largest crypto trading platforms while reportedly serving criminal networks with minimal KYC/AML controls.
July 25–26, 2017
BTC-e seized
US Department of Justice and European partners take down BTC-e. Alexander Vinnik is arrested in northern Greece. BTC-e is charged with laundering $4 billion over six years.
September 2017
WEX.nz launches
Dmitry Vasiliev opens WEX.nz as a functional clone of BTC-e, promising users their BTC-e balances have been transferred and that the new exchange is under legitimate management.
Late 2017–early 2018
Operations and withdrawals
WEX trades normally for several months; user confidence is partially restored; the platform processes deposits and withdrawals with apparent normalcy.
Mid-2018
Withdrawals freeze
WEX halts withdrawals and begins losing domain control. Vasiliev makes no substantive public explanation.
Late 2018
Exchange goes dark
WEX.nz ceases all operations. Approximately $400M–$500M in user deposits is unaccounted for. Vasiliev transfers the user database to Dmitry Khavchenko, a former Donbass militiaman with reported links to Russian oligarch Konstantin Malofeev.
2019
Vasiliev arrested in Poland
Polish authorities detain Vasiliev on a US warrant. He is subsequently released, then re-detained as the extradition process advances.
May 2024
Vinnik pleads guilty
Alexander Vinnik, BTC-e's operator, pleads guilty in a US federal court to conspiracy to commit money laundering. He had previously been sentenced to five years by a French court in 2020.
December 2024
Vasiliev re-arrested in Warsaw
Polish police confirm Vasiliev's arrest at the request of US authorities on charges of fraud and money laundering.
2025
Vasiliev extradited to US
Poland extradites Vasiliev to United States custody. He faces charges carrying up to 25 years in prison. Trial outcome pending as of mid-2026.

From Seizure to Sequel: How WEX Inherited BTC-e's Users

When US authorities took down BTC-e in July 2017, approximately 700,000 registered users found their account balances frozen. The shutdown was clean and total: the domain was seized, the servers were taken offline, and the DOJ announced charges against Alexander Vinnik for laundering $4 billion through the exchange across six years. Ransomware proceeds, stolen funds from the 2014 Mt. Gox collapse, and darknet drug market revenues were all cited in the indictment.

Into that vacuum stepped Dmitry Vasiliev, whose precise pre-WEX history remained obscure. He presented WEX.nz as a continuation of BTC-e under new, clean management — a platform that had absorbed the old exchange's order books, infrastructure, and, critically, its user balances. For users who had watched their funds freeze without warning, WEX offered a lifeline: deposit history was acknowledged, balances were credited, and the exchange functioned. Vasiliev invited users to trust him.

The incentive structure worked exactly as designed. Users who might have walked away from a brand-new exchange deposited fresh funds into one that appeared to have already validated their existing claims. The rebuilt trust was manufactured at minimal cost — no new infrastructure was truly needed, since the WEX interface was a direct copy of BTC-e — and it converted a seized platform's stranded user base into a fresh pool of deposits.

The Mechanics of the Exit

WEX operated long enough to accumulate significant new deposits alongside the transferred BTC-e balances. For approximately eleven months — September 2017 through roughly July 2018 — the platform processed trades and handled withdrawals in ways that appeared, superficially, normal. There was no dramatic announcement, no hack claim, no technical failure story. WEX simply began decelerating.

Withdrawal processing slowed first, a pattern well-documented in the BTC-e victim community and in early user reports on cryptocurrency forums. Domain names began lapsing or being abandoned. Communication from Vasiliev grew sparse. The freeze, when it came, was gradual rather than sudden — a strangulation rather than a clean break. This method is tactically rational: a sudden overnight closure draws immediate coordinated attention; a slow fade reduces the likelihood of urgent regulatory response.

The database sale to Dmitry Khavchenko was a particularly cynical coda. Khavchenko, identified in multiple reports as a former fighter in Russian-backed Donbass militia forces and as a figure connected to oligarch Konstantin Malofeev, had no apparent background in financial services. The sale transferred the identity and contact information of approximately 100,000 defrauded users to a new custodian with no obligation to them, while also providing Vasiliev with cover suggesting he had handed off the business rather than simply stolen the assets.

Blockchain analysis conducted following the collapse identified approximately $29 million in Ether linked to WEX that moved for the first time after the shutdown — consistent with a controlled exit of specific asset pools rather than the disorganized wallet chaos typical of a genuine technical failure or external hack.

The Two Men, Two Cases Problem

One of the persistent sources of confusion surrounding WEX is the tendency to conflate its story with that of BTC-e and Alexander Vinnik. The two cases are legally and operationally distinct.

Vinnik was the operator of BTC-e, which was shut down by US and European authorities in 2017. His criminal exposure related to BTC-e's six-year operation as an unlicensed money service business that laundered funds for ransomware, cybercrime, and other criminal enterprises. After his 2017 arrest in Greece, Vinnik spent years in a jurisdictional dispute among Greece, France, Russia, and the United States. France convicted him in 2020 and sentenced him to five years. He was extradited to the US in 2022. In May 2024, Vinnik pleaded guilty in a US federal court to conspiracy to commit money laundering in connection with BTC-e, with prosecutors noting his responsibility for losses of at least $121 million. His sentencing was pending as of mid-2026.

Vasiliev, by contrast, is charged with what happened to WEX user funds after BTC-e's closure. His fraud is the successor event — using BTC-e's reputation and user base as raw material for a separate theft. His extradition to the US was completed in mid-2025. He faces charges of fraud and money laundering carrying up to 25 years; no trial verdict had been issued as of the date of this report.

The regulatory consequence of BTC-e's operation — the demonstration that an exchange could process $9 billion while serving criminal networks with near-impunity — belongs to the Vinnik case. The roughly $400M–$500M in user losses from WEX's collapse belongs to Vasiliev's. Victims of the two platforms are not the same people, though some BTC-e users who rolled their balances forward into WEX suffered both thefts in sequence.

The Five Factors

01
Successor trust capture
WEX exploited users' existing relationship with BTC-e to establish instant trust for a new platform that had earned none. Users who would scrutinize an unknown exchange applied dramatically reduced skepticism to one that appeared to continue a service they had already been using. This successor-trust mechanism — inheriting an established platform's user base through a relaunch — is a repeatable attack vector that has appeared in multiple crypto collapses.
02
Regulatory arbitrage through opacity
BTC-e operated for six years by maintaining deliberate anonymity about its operators, corporate structure, and jurisdiction. WEX adopted the same model: a New Zealand domain registration, Russian operational control, and no meaningful regulatory footprint in any jurisdiction equipped to supervise it. The absence of a single clear regulator with authority meant no single party had both the mandate and the information to intervene.
03
Gradual withdrawal freeze as exit technique
Rather than an overnight closure, WEX employed a slow deceleration of services. This reduced the coordinated alarm response that a sudden shutdown would trigger, gave the operators time to manage asset extraction, and made it harder to identify a precise moment of fraud versus a moment of liquidity difficulty. Slow-fade exits are systematically harder for victims and regulators to respond to than clean closures.
04
Absence of any independent custody verification
Neither BTC-e nor WEX ever published proof-of-reserves or submitted to an external audit of custodied assets. Users had no mechanism — cryptographic or regulatory — to confirm that balances shown on the platform corresponded to real holdings. The entire value proposition rested on operator trust with no external check.
05
Criminal network entanglement as business model
BTC-e's documented laundering of ransomware proceeds and darknet revenues was not incidental to its operation; it was a structural feature that provided fee income, liquidity, and a base of users who could not complain to authorities. WEX inherited this structural entanglement and the reputational cover it provided. Operators whose exchanges serve criminal networks create a constituency of users who are themselves deterred from regulatory reporting, which extends the platform's operational life.

Aftermath

Alexander Vinnik's guilty plea in May 2024 to conspiracy to commit money laundering brought the BTC-e chapter toward a legal resolution, albeit one that took seven years from his 2017 arrest. His sentencing remained pending as of mid-2026; prosecutors noted a loss figure of at least $121 million attributable directly to his conduct. The full BTC-e case, including charges against other BTC-e co-operators, continued to develop.

Dmitry Vasiliev's extradition to the United States in mid-2025 marked the most significant legal development in the WEX case. He was the first person charged specifically for the WEX exit, and his trial will be the primary mechanism through which the disposition of user funds — and any potential recovery — is litigated. The Russian Embassy made public statements in 2025 and 2026 seeking information about Vasiliev's detention status, but neither Russian diplomatic pressure nor Vasiliev's own legal representations had resulted in any restitution for victims.

The roughly 100,000 WEX users whose deposits disappeared have received nothing. Many were also BTC-e victims, having rolled forward balances from the 2017 seizure on the basis of Vasiliev's representations. The prospect of meaningful recovery through US criminal forfeiture proceedings remains uncertain.

Lessons

  1. A platform that launches by inheriting another exchange's user balances, interface, and brand identity — without transparent new ownership disclosures, independent audits, or regulatory registration — has acquired the prior platform's liabilities and none of its accountability. Treat it as a new, unverified custodian.
  2. Withdrawal delays measured in days rather than hours are an actionable warning signal on any custodial exchange; the appropriate response is immediate withdrawal of remaining accessible funds, not continued faith in operator explanations.
  3. Proof-of-reserves — cryptographically verifiable attestations that on-chain holdings match user liabilities — is the minimum standard distinguishing a legitimate custodian from an unaudited promise. WEX published neither reserves nor audits across its entire eleven-month operation.
  4. Exchanges that deliberately avoid jurisdictional registration and regulatory oversight are not merely non-compliant; the opacity is itself a structural feature that protects fraud and penalizes users seeking recourse.
  5. The existence of a credible criminal case against a prior operator (Vinnik / BTC-e) does not validate the legitimacy of a successor platform; in the WEX case it was a reason for heightened scrutiny, not a reason for trust.

References