How Hackers Launder Their Illicit Cryptocurrency Funds
Cyber-attacks on exchanges, ICO hacks, and crypto-demanding ransomware are an unfortunate but regular occurrence in the cryptocurrency space. As a result, cybercriminals manage to amass a substantial amount of cryptocurrencies from their illicit activities.
According to a report released by Malware Bytes, there was a 90 percent increase in such attacks in 2017. Most of these hackers demanded their ransom in bitcoin.
Additionally, it is estimated that around 670 million USD in cryptocurrency has been lost to scammers or hackers in the first quarter of 2018 alone. Bitcoin is still currently the currency of choice for many of the criminals. However, it is important to note that it is relatively easy to track bitcoin transactions on its blockchain. This is a challenge for the vast array of criminals who need to find a way to launder their digital funds without being identified.
In this article, you will learn how hackers and cybercriminals can launder their illicit cryptocurrency holdings.
So-called “coin mixers” are a service that allows users to obfuscate the origin of their digital currency holdings. Coin mixing is also referred to as coin tumbling in an allusion to the fact that the tainted tokens will come out of the process ‘clean.’
Coin mixing utilizes an anonymization method called CoinJoin, which bundles different transactions together to hide the origin of the original coins. Because mixers will bunch together different currencies from various sources, it is challenging to identify the final address of the units. Examples of popular coin tumblers are CoinMixer or BitBlender.
Following the NotPetya ransomware attack in 2017, researchers were tracking the bitcoin wallet addresses which were associated with the hackers. After a few days of inactivity, the pirates began to move the units; however, it became apparent that the criminals were using a mixing service.
The tokens moved through a large number of addresses, among them a high-volume address, which was probably the wallet of a legitimate exchange. The researchers estimate that the units moved through over 2,373 wallet addresses:
“We collected each spent output from that address, then each spent output from those addresses, and so on. To limit the number of rabbit holes the crawler followed, we only included transfers that occurred within eight hours of the first outgoing transaction from the first wallet.”
This is significant because it makes it very difficult, if not impossible, to identify the bitcoin tokens the hackers were trying to clean. “If we knew what bitcoin address or addresses the Petya/NotPetya money ended up in, we’d likely find hundreds of thousands of transactions between that address and the starting address. That’s more than we could ever chart.” Using coin mixers, the hackers were able to gain access to their illegally obtained funds successfully.
Anonymous exchanges are platforms through which users can buy or sell digital currencies without revealing their identity. The advent of regulation and strict KYC/AML policies, most established exchanges require users to verify their identity before using the platforms. As a result, it is straightforward to track any spends.
Anonymous exchanges provide an alternative. One can use these platform without providing any personal information. Therefore, cybercriminals can use these services to change their tainted coins for other cryptocurrencies. While the outputs from their bitcoin wallets will be visible on the blockchain, once the units are transformed into another digital currency, any further investigation becomes difficult as the trail goes cold.
This is especially true if the digital assets that are acquired are privacy-centric tokens like Monero because these currencies have in-built features that are designed to protect financial privacy and sovereignty completely. As a result, the tainted funds are efficiently spent without any trouble following an asset trade.
Shapeshift is an anonymous exchange that allows for cryptocurrency trading without divulging any personal information. Users are not even required to sign up. Shapeshift is notable in that it facilitates immediate asset trades across different blockchains. This means you can swap, say bitcoin for ether. This has distinct advantages for a hacker looking to move his funds. Even without considering privacy-centric coins, the hacker will benefit from the increased trail obfuscating that occurs with a cross-blockchain asset exchange.
Finally, cybercriminals also resort to using decentralized exchanges (DEX) to launder their funds. Decentralized exchanges are cryptocurrency exchanges that enable peer-to-peer trading without a central authority holding investors funds.
Due to their design, users do not need to divulge any information to participate in the network. Hackers can thus use these platforms to exchange their tainted tokens for others. This is an essential tool for criminals as centralized exchanges including Coinbase have been known to reject coins they consider tainted with any illegal activity. Decentralized exchanges provide criminals with an alternative.
A Long Process
While it is possible for cybercriminals to launder their illicit funds successfully, the process will likely take an extended amount of time. This is especially true if the amounts are significant. Additionally, hackers will probably have to employ various techniques to use the funds.
Other methods used by hackers to cash out small amounts include bitcoin ATMs as well as prepaid bitcoin debit cards, especially those involving amounts under the level that does not require KYC-compliant registration.