In the world of online crime, anonymous cryptocurrencies are the payment method of choice. But at some point, virtual transports will have to be transformed into strong money. Enter the “Treasure Man”.
Finding a treasure man is easy if you know where to look. They are listed for rent in Hydra, the largest dark web market by revenue, a part of the internet that is not visible to search engines and requires specific software to access.
“They will literally leave bundles of money somewhere for you to collect,” said Dr. Tom Robinson, chief scientist and co-founder of Elliptic, a group that tracks and analyzes cryptographic transactions. “They bury him underground or hide behind a bush, and they’ll tell you the coordinates. There’s a whole profession.”
The Russian-language Hydra offers many other ways for criminals to cash in on cryptocurrencies, including exchanging bitcoin for gift vouchers, prepaid debit cards or iTunes vouchers, for example.
The ability to hold cryptocurrencies without disclosing your identity has made them increasingly attractive to criminals, and especially to hackers who demand ransoms after breaking into companies.
In 2020, at least $ 350 million in cryptocurrency bailouts were paid to hacker gangs, such as DarkSide, the group that closed the Colonial Pipeline earlier this month, according to Chainalysis, a research group.
But at the same time, every transaction in a cryptocurrency is recorded on an immutable blockchain, leaving a visible trace for anyone with technical knowledge.
Many cryptographic forensic companies have sprung up to help law enforcement track criminal groups by analyzing where currencies flow.
These include New York’s Chainalysis, which raised $ 100m in more than a $ 2bn valuation earlier this year, London-based Elliptic, which boasts Wells Fargo among its investors, and CipherTrace backed by the U.S. government.
In all, by 2020 some $ 5 billion in funds will be received from illicit entities, and those illicit entities will send $ 5 billion to other entities, representing less than 1 percent of global cryptocurrency flows, according to Chainalysis.
In the early days of cryptocurrencies, criminals would only deal with major cryptocurrency exchanges. Elliptical estimates show that between 2011 and 2019, major exchanges helped collect between 60 percent and 80 percent of bitcoin transactions from known bad players.
Last year, when exchanges began to worry more about regulation, many of them strengthened their anti-money laundering (AML) lawsuits and acquainted with their customer (KYC) and the share was reduced to 45 percent.
Stricter rules have pushed some criminals toward unlicensed exchanges, which typically do not require KYC information. Many operate outside of jurisdiction with less stringent regulatory requirements or are outside of extradition treaties.
But Michael Phillips, claims head of cybersecurity group Resilience, said such exchanges tend to have lower liquidity, making it more difficult for criminals to transfer crypto in fiat currencies. “The goal is to impose additional costs on the business model,” he said.
There are a number of other niches outside of ramps in fiat currency. Analysis by Chainalysis suggests that non-bank brokers in particular help facilitate some of the largest illicit transactions – with some clearly established operations for this purpose only.
Meanwhile smaller transactions go through more than 11,600 ATM cryptographers that are born worldwide with little or no regulation, or through online gaming sites that accept crypto.
In this framework, crypto forensic firms use technology that analyzes blockchain transactions, along with human intelligence, to understand which cryptographic portfolios belong to which criminal groups, and trace a broader and interconnected picture of the crypto criminal ecosystem.
With an overview of how criminals move their money, their research has shed some light in particular on how hackers rent their ransomware software to affiliate networks while taking a cut of any profit.
Kimberly Grauer, head of research at Chainalysis, added that hackers are increasingly paying for support services from other criminals, such as cloud hosting or paying for their victims ’connection credentials, using crypto, giving the researchers a more complete picture of the ecosystem.
“There’s actually less need to cash in to support your business models,” Grauer said. This means “we can see the ransom paid, and we can see the split and go to all the different players in the system.”
He loses track
But cybercriminals are increasingly using their high-tech tools and techniques in an attempt to crack the crypto track they are leaving behind.
Some criminals undertake what is known as “jumping chains” – jumping between different cryptocurrencies, often in quick succession – to lose trackers, or use particular “private currency” cryptocurrencies that are anonymously further integrated into them, such as and Monero.
Among the most common tools to get investigators out of the scent are tumblers or mixers – third-party services that mix illicit funds with clean crypto before redistributing them. In April, the Department of Justice arrested and charged a Russian-Swedish dual citizen who operated a prolific mixing service called Bitcoin Fog, moving about $ 335 million in bitcoin over the past decade.
“It’s possible to break coins,” said Katherine Kirkpatrick, a colleague at law firm King & Spalding with expertise in anti-money laundering. “But it’s very technical and takes a lot of processing power and data.”
The “preferred encryption tool” in 2020 – which helped ease 12 percent of all bitcoin laundering that year – were highly sophisticated “privacy portfolios” that have anonymization techniques including built-in mixing capabilities. them, according to Elliptic.
“I’m basically an unreliable version of a mixer and it’s all done in software,” Robinson said, noting that an open-source project called Wasabi Wallet was the dominant player in the space.
What comes next?
Authorities “need to modernize asset confiscation and freezing” so that it is easier for law enforcement to take crypto from exchanges, said Tom Kellermann, head of cybersecurity strategy by VMware and member of the cyber investigation advisory board for the United States Secret Service.
Today individual exchanges can enroll in the services of forensic companies that alert them to suspicious activity based on their intelligence.
But in the past experts have made known the idea of sharing blacklists of portfolios known to be used by bad actors – a sort of Interpol alert, with exchanges, analytical groups and the government openly sharing information on their investigations for makes that possible.
“Perhaps now is the best time to reconsider some of those policy initiatives,” said Kemba Walden, assistant general counsel for Microsoft’s Digital Crimes Unit.