Operation Zero falls under OFAC in first PAIPA action

What OFAC sanctioned in the Operation Zero case and why now

According to the U.S. Department of State, OFAC’s action against Russian exploit broker Operation Zero is the first use of the Protecting American Intellectual Property Act (PAIPA). The law targets significant trade secret theft that threatens national security or economic stability.

As reported by CoinDesk, OFAC designated Operation Zero (Matrix LLC), founder Sergey Sergeyevich Zelenyuk, and associates for acquiring and distributing zero-day exploits, allegedly financed with cryptocurrency. The designations address a crypto-funded trade secret theft scheme tied to U.S. government cyber tools.

Why it matters for zero-day markets and U.S. IP

The move signals tighter U.S. scrutiny of gray-market exploit brokers and protection of government-developed capabilities. It underscores that theft and resale of restricted cyber tools can endanger U.S. intellectual property and national security.

Officials framed the action as deterrence and accountability for trade secret theft with national security implications. “If you steal U.S. trade secrets, we will hold you accountable,” said Scott Bessent, U.S. Secretary of the Treasury.

The department also said Operation Zero obtained at least eight proprietary U.S. cyber tools built for the U.S. government and allies, later sold to at least one unauthorized actor. Payments were made in cryptocurrency, linking exploit procurement to virtual asset flows.

Eurasia Review reported that all property and interests in property of the designees subject to U.S. jurisdiction are blocked, and U.S. persons are prohibited from transactions with them. This covers goods, services, and technology, including crypto transfers.

The prohibitions apply to U.S. financial institutions, exchanges, developers, and vendors that might otherwise facilitate payments, hosting, or brokerage for the named parties. Non-U.S. firms with a U.S. nexus also face restrictions.

At the time of this writing, Coinbase Global (COIN) closed near 166.02, up about 1.03%, while Monero traded around 331.24. These figures provide market context, not investment guidance.

How Operation Zero operated and the crypto-funded exploit pipeline

Exploit brokerage model: bounties, non-NATO sales policy, recruitment

Analysts noted the firm operated as an exploit broker, offering multi-million-dollar bounties for zero-days in mobile platforms and later for Telegram, as reported by en.bloomingbit. Public materials described a non-NATO sales policy and active recruitment of researchers.

Crypto payments and eight stolen U.S. cyber tools allegations

Mezha reported that an Australian national sold U.S. government cyber tools to Operation Zero, with payments in cryptocurrency. Designation materials describe an exploit pipeline from insider theft to resale via a broker.

FAQ about Operation Zero

What is the Protecting American Intellectual Property Act (PAIPA) and why is this the first action under it?

PAIPA authorizes sanctions for significant theft of U.S. trade secrets threatening national security or economic stability. This case is its first use, per the Department of State.

Who is Sergey Zelenyuk and which entities and associates were designated?

Sergey Sergeyevich Zelenyuk founded Operation Zero (Matrix LLC). OFAC designated him, the company, and affiliated entities and individuals tied to zero-day acquisition and resale.