Crypto Crime Trends Evolving as Users Wise Up: Exchange Hacks, Darknet and Money Laundering

Published at: Feb. 18, 2019

Two prominent research papers have shed light on the latest crime trends affecting the cryptocurrency community over the past two years.

Crypto analytics companies Chainalysis and CipherTrace released reports at the end of January that unpack some interesting data on the methods that criminals have used to steal and defraud users within the cryptocurrency and blockchain space.

These reports paint an interest picture of the ever-changing cryptocurrency landscape and provides some food for thought about the use of crypto in criminal activity around the world.

Exchange hacks and darknet trading still a threat

As Chainalysis outlines in its January 2019 report, cryptocurrency-related crime has actually decreased over the past few years, only accounting for 1 percent of all Bitcoin transactions in 2018.

With that being said, the report shines a spotlight on exchange hacks that have seen billions of dollars siphoned off by criminals, darknet market activities generating millions of dollars in revenue for criminals, and elaborate scams that have fleeced unsuspecting investors.

Chainalysis examines the trends of exchange hacks by tracing the movements of hacked funds from exchanges to their exit points, providing new data on the patterns of transaction activity in the weeks and months after a hack has taken place. The information could become pivotal in helping recover stolen funds in future.

The report notes the resilience of darknet markets amid a global crackdown, identifying the trends in the way new platforms are created and run in the aftermath of previous operations being shut down.

Exchange hacks

Exchange hacks have been the most lucrative modus operandi for cyber criminals in 2018, having generated close to $1 billion in revenue. Chainalysis identified two major hacking groups that are responsible for the majority of these crimes in 2018.

Hackers waste no time cashing out stolen cryptocurrency, usually within three months after the initial attack.

Taking a deeper dive into data, these two prominent hacking groups stole an average of $90 million per hack.

Following the initial hack, stolen funds are then moved to a plethora of wallets and exchanges to cover the tracks from the initial theft. These efforts are elaborate, as hackers will move funds up to 5,000 times.

Hackers then lay low, leaving funds untouched for six weeks or more until interest in the initial theft has died down. At the right time, at least half of the stolen funds are cashed out using various conversion services within 112 days. Three-quarters of the funds are cashed out within 168 days.

Chainalysis notes differing tactics between these two hacking organisations.

The first prominent group is identified as a tightly controlled organization. The hackers shuffle funds around meticulously to avoid being caught by authorities. Data from a traced hack noted up to 15,000 movements of stolen funds.

The second organization is less thorough in their approach, biding their time before converting stolen funds to clean money. According to Chainalysis, the group will sit on funds for six to 18 months before quickly cashing out 50 percent of funds within days on a single exchange.

These distinct methods could eventually be used to identify specific hacking groups in the future. As noted, exchanges and law enforcement agencies have not had the necessary means to track hacked funds up until recently.

Many exchanges don’t have the software to identify if the funds moved onto their exchanges have been ill-gotten, and stolen funds are processed by other exchanges. As a result, $135 million worth of stolen funds has exited the system through known exchanges.

Addressing these challenges will require a combined effort in the future. Cooperation between exchanges is a good start — as Chainalysis notes in a working case example.

The research company worked to identify stolen funds that had been moved to another exchange, and once these deposits were verified, the exchange was able to work with law enforcement agencies to address the problem.

Decoding hacks is identified as the first step to actively combating this type of crime — allowing funds to then be tracked and recovered. The cryptocurrency community will need to embrace an attitude of collaboration to make this a reality.

Darknet resilience

2017 was a watershed year for cryptocurrencies — Bitcoin, in particular — but the rising prices led to a number of closures of darknet markets that year.

Despite that fact, darknets quickly rearranged themselves, and their activities doubled during 2018. Chainalysis data notes transaction volumes on these platforms breaching the $600 million mark, even as cryptocurrency markets endured humbling price corrections.

This indicates that criminal organizations are not driven by the actual value of cryptocurrencies, it is the anonymity and convenience that drives the use of darknet markets.

Following the closure of AlphaBay and Hansa, two prominent darknet platforms, activity in the space fell by 60 percent. Nevertheless, total darknet activity peaked at over $700 million in 2017.

While 2018’s total amount of Bitcoin being sent to darknet markets was $100 million less than the previous year, Chainalysis’ data showed a gradual increase in the total daily value sent to darknet markets during the year.

Activity on darknet markets averages around $2 million in Bitcoin every day, but the reports show that this accounts for less than 1 percent of the economic activity in Bitcoin, as the graph below illustrates.

According to the report, Russian darknet market Hydra seems to have picked up much of the activity that used to take place on the now defunct AlphaBay. Hyrda has received over $780 million in Bitcoin, compared to AlphaBay’s $690 million.

As this demonstrated, authorities may have worked tirelessly to shut down many of these operations, but criminals move quickly to find different platforms to carry out their activities.

According to law enforcement officials, criminals are beginning to use messaging applications like Telegram and WhatsApp to facilitate these illegal transactions. This bypasses the ability of law enforcement agencies to curtail illicit transactions by shutting down a website.

Ironically, criminals and users of these markets have to take on the additional risk of trusting their counterparty in these person-to-person dealings.

Nevertheless, darknet markets and their users continue to find new ways to continue their activities, creating an endless challenge for authorities around the world.

Anti-Money Laundering efforts

As criminals come up with innovative ways to steal funds from crypto users around the world, they still face a problem when it comes to laundering this money.

Money laundering as a whole is a murky subject, because accurate data can only be gleaned from successful prosecutions, which are then used to make estimates of money laundering statistics.

Interestingly enough, money laundering using cryptocurrencies provides a unique opportunity to trace funds, given that transaction data is completely transparent in fully decentralized cryptocurrencies.

To this end, Chainalysis has provided some rough data that breaks down the laundering of cryptocurrencies around the world. The data suggests that 65 percent of stolen funds flows through exchanges, 12 percent through peer-to-peer (p2p) exchanges, and the remainder through conversion services, Bitcoin ATMs and gambling websites.

A majority of illicit funds actually flow through either exchanges (65 percent) or p2p exchanges (12 percent), with the rest flowing through other conversion services such as mixing services, bitcoin ATM’s and gambling sites.

A deep dive into money laundering with crypto

Ciphertrace’s 2019 report on cryptocurrency crime takes a deep dive into money-laundering efforts over the past 12 months.

According to their report, in the first two quarters of 2018, nearly three times the amount of cryptocurrency was stolen during the whole of 2017. Cumulatively, over $1.7 billion was stolen: $950 million solely from exchanges, while the remaining $725 million was stolen through scams.

This substantial amount of money still needs to be cleaned, which has given birth to a plethora of money-laundering services focused on the cryptocurrency sector.

The first process in traditional money laundering is known as structuring — basically moving money around so that it cannot be traced to its original illicit source.

Ordinarily, criminals would buy assets like gold bars and sell them to do this. In the crypto world, this requires bringing money into the cryptocurrency system to move it around.

According to CipherTrace, this is done using mixers, tumblers and chain hopping. The more the cryptocurrency is moved around the system, the harder it is to trace its origin. Given the anonymous nature of cryptocurrencies, this makes it incredibly difficult for investigators to trace funds.

These various money-laundering services in the crypto space take funds from users, mix them together and output the funds back to users, creating an intricate web of transactions that makes the origin of the funds difficult to identify.

Furthermore, some of these services now separate their input and output funds. Put simply, they have a seperate account for funds brought in, and another for funds going out. This is an evolution in methodology — given that in 2016 and 2017, crypto money launderers typically kept all their funds in one pool.

Over the last two years, that has changed. Input funds are deposited into an exchange, then moved around various exchanges before moving the funds to an output pool. This reduces transaction costs and creates international barriers between the initial input pool and eventual output pool.

Furthermore, some criminals use cryptocurrency gambling websites to laundering money as well. By simply setting up accounts, they can move funds in and out, creating another stop in the flow of these illicit funds.

Phishing still a threat

While Chainalysis suggest that phishing attacks have become less prevalent over the last 12 months, there are a few notable instances that show that hackers are still looking to trick people into giving up their details.

In January 2019, users of Electrum and MyEtherWallet were warned of phishing attacks looking to dupe unsuspecting users.

A fake Twitter account masquerading as Electrum informed users of a fake upgrade to a new software update, while some MyEtherWallet users had received a fake email that was requesting sensitive account information.

In December, some Electrum users lost nearly $1 million in BTC in an ongoing phishing hack that fooled users into downloading a fake version of the wallet, with users subsequently and unknowingly providing password information.

Cryptocurrency exchange LocalBitcoins also fell prey to a phishing scam attack last month, when a hacker noted a vulnerability in the LocalBitcoins forum and lined it to a phishing address.

An international police operation also arrested a hacker in January, who is believed to have used a phishing attack to steal $11 million worth of Iota tokens since January 2018.

These few instances highlight the damage that phishing attacks can cause to unwary users.

Future trends

Chainalysis’ report also provides a prediction of criminal trends in the space in 2019. Given the hype of 2017, many investors were duped by scams and projects during that period. Now that cryptocurrency markets have cooled and settled, it looks likely that criminal activity will move away from overhyped investment scams.

It is suggested that criminals will move toward using decentralized platforms, like encrypted messaging apps.

Furthermore, criminals will continue to integrate the use of cryptocurrencies in their efforts to move and launder money around the world.

These trends are likely to lead to the continual development of regulations for the space.

CipherTrace offers a similar perspective. In certain countries, existing anti money-laundering (AML) and Know Your Customer (KYC) regulations apply to cryptocurrency exchanges, which has helped curb some instances of crypto money laundering.  

In order to combat this practice in a virtual environment, sophisticated programs and tools are needed to even begin tackling money laundering through cryptocurrency transactions.

Tags
Aml
Related Posts
Four Out of Five Top Bitcoin QR Code Generators are Scams: Report
Four out of the first five results presented when querying Google for a “bitcoin qr generator” lead to scam websites. The findings Cryptocurrency wallet ZenGo wrote the findings in a blog post published on Aug. 29. Reportedly, when researching prior to implementing QR Code support in their wallet, ZenGo learned of the prevalence of scam QR Code generators. The company explains how the alleged scam works: “These sites generate a QR code that encodes an address controlled by the scammers, instead of the one requested by the user, thus directing all payments for this QR code to the scammers.” QR …
Hacks / Sept. 6, 2019
Crypto Thief Indicted in New York’s First SIM Swapping Prosecution
Manhattan’s District Attorney (DA) announced the indictment of an individual for stealing identities and funds, including crypto, via a process known as SIM swapping. The announcement was made in an official press release from the Manhattan District Attorney’s Office on Feb. 1. The defendant, Dawson Bakies, has been accused of stealing the identities of over 50 victims in the United States, and also stealing funds from some of them. The 20-year-old man has been charged with identity theft, grand larceny, computer tampering and scheme to defraud among other charges in a New York State Supreme Court indictment. According the Manhattan …
United States / Feb. 2, 2019
Game over! Squid Game-inspired crypto scam collapses as price crashes from $2.8K to zero
A cryptocurrency inspired by Netflix's internationally hit TV show "Squid Game" scammed investors in what appears to be a $3.38 million "rug pull" scheme. Dubbed "SQUID," the cryptocurrency plunged to almost a fraction of a cent minutes after crossing over $2,850 at 09:35 UTC, Nov. 1. The deadly drop surfaced following a 75,000% bull run, showcasing a greater demand for SQUID among traders after its debut on Oct. 26. At the core of the retail craze lay the popularity of Squid Game. The scammers promoted SQUID as a play-to-earn cryptocurrency inspired by the South Korean TV fictional show in which …
Markets / Nov. 2, 2021
Beware of sophisticated scams and rug pulls, as thugs target crypto users
This year has been monumental for the cryptocurrency sector in terms of mainstream adoption. A recent report published by Grayscale Investments found that more than one-quarter of United States investors (26%) surveyed own Bitcoin (BTC), up from 23% in 2020. With the holidays around the corner, financial services provider MagnifyMoney also found that nearly two-thirds of surveyed Americans hope to receive cryptocurrency as a gift this year. While crypto’s growth is notable, there has also been an increase in the number of scams associated with digital assets. A Chainalysis blog post highlighting the company’s “2022 Crypto Crime Report” revealed that …
Adoption / Dec. 24, 2021
OneCoin Co-Founder Pleads Guilty, Faces up to 90 Years in Jail
Konstantin Ignatov, co-founder of alleged crypto scam OneCoin, has pleaded guilty to participation in the multi-billion dollar fraud. According to a BBC report on Nov. 14, Ignatov signed a plea on Oct. 4 and now faces up to 90 years in prison. The news was made public on Nov. 12, the BBC says. After being arrested at Los Angeles International Airport in March 2019, Ignatov pleaded guilty to several charges, including money laundering and fraud. While facing up to 90 years behind bars, he has yet to be sentenced and will reportedly not face further criminal charges for his role …
United States / Nov. 14, 2019