Treasure Men, privacy wallets and gift cards: the rise of crypto laundries
In the world of online crime, anonymous cryptocurrencies are the payment method of choice. But at some point, virtual transport has to be turned into cash. Enter the “Treasure Men”.
Finding a Treasure Man is easy if you know where to look. They are listed for rent on Hydra, the largest marketplace on the dark web in terms of revenue, a part of the Internet that is not visible to search engines and requires specific software to access it.
“They will literally leave wads of money somewhere for you to collect,” said Dr. Tom Robinson, chief scientist and co-founder of Elliptic, a group that tracks and analyzes crypto transactions. “They’re burying it underground or hiding it behind a bush, and they’ll give you the coordinates. There is a whole profession.
The Russian-language Hydra offers many other ways for criminals to cash cryptocurrency, including exchanging bitcoin for gift certificates, prepaid debit cards, or iTunes vouchers, for example.
The ability to hold cryptocurrencies without disclosing your identity has made them increasingly attractive to criminals, and especially hackers who demand ransoms after breaking into businesses.
In 2020, at least $ 350 million in crypto ransoms went to hacker gangs, such as DarkSide, the group that shut down the Colonial pipeline earlier this month, according to Chainalysis, a research group.
But at the same time, every transaction in a cryptocurrency is recorded on an immutable blockchain, leaving a visible trail for anyone with the technical know-how.
Several crypto-forensic companies have sprung up to help law enforcement track criminal groups by analyzing the destination of currency.
These include New York-based Chainalysis, which raised $ 100 million to over $ 2 billion earlier this year, London-based Elliptic, which counts Wells Fargo among its investors, and CipherTrace, backed by the US government.
In total, in 2020, some $ 5 billion of funds were received by illicit entities, and these illicit entities sent $ 5 billion to other entities, accounting for less than 1% of global cryptocurrency flows, according to Chainalysis.
In the early days of cryptocurrencies, criminals simply cashed in using major cryptocurrency exchanges. Elliptic estimates that between 2011 and 2019, major exchanges helped cash between 60% and 80% of Bitcoin transactions from known malicious actors.
Last year, as the exchanges began to worry more about regulation, many of them stepped up their Anti-Money Laundering (AML) and Know Your Customer (KYC) processes and share decreased to 45%.
Stricter rules have pushed some criminals into unlicensed exchanges, which usually don’t require any KYC information. Many operate outside jurisdictions where regulatory requirements are less stringent or lie outside extradition treaties.
But Michael Phillips, director of claims at cyber insurance group Resilience, said these exchanges tend to have less liquidity, making it harder for criminals to transfer crypto into fiat currencies. “The goal is to impose additional costs on the business model,” he said.
There are an array of other niche ramps to fiat money. Chainalysis’s analysis suggests that OTC brokers in particular are helping facilitate some of the largest illicit transactions – with some operations clearly established for that purpose alone.
Meanwhile, smaller transactions flow through the more than 11,600 crypto ATMs that have sprung up around the world with little or no regulation, or through online gambling sites that accept crypto.
In this context, crypto-forensic firms use technology that analyzes blockchain transactions, as well as human intelligence, to determine which crypto wallets belong to which criminal groups and to paint a picture of the larger crypto-criminal ecosystem. wide and nested.
With insight into how criminals transfer their money, their research has shed light in particular on how hackers rent their ransomware to affiliate networks, while taking a share of the proceeds.
Kimberly Grauer, head of research at Chainalysis, added that hackers are increasingly paying for the support services of other criminals, such as cloud hosting or paying for their victims’ login credentials, with crypto, giving investigators a more complete picture of the ecosystem.
“There is actually less cash flow requirement to support your business models,” Grauer said. This means that “we can see the ransom paid, and we can see the split and go to all the different players in the system.”
Losing the track
But cybercriminals are increasingly using their own high-tech tools and techniques in an attempt to cover the crypto trail they are leaving behind.
Some criminals undertake what is known as “chain jumping” – jumping between different cryptocurrencies, often in rapid succession – to lose trackers, or use particular cryptocurrencies that have additional anonymity, such as Monero.
Among the most common tools for throwing investigators out of the scent are tumblers or blenders – third-party services that mix illicit funds with clean crypto before redistributing them. In April, the Justice Department arrested and charged a dual Russian-Swedish national who operated a prolific mixing service called Bitcoin Fog, transferring some $ 335 million in bitcoin over the past decade.
“It’s possible to dismember coins,” said Katherine Kirkpatrick, a partner at the King & Spalding law firm with expertise in combating money laundering. “But it’s very technical and requires a lot of processing power and data.”
According to Elliptic, the “favorite obfuscation tool” in 2020 – which helped facilitate 12% of all bitcoin laundering that year – were very sophisticated “privacy wallets” with anonymization techniques, including including mixing capabilities.
“It’s basically a trustless version of a mixer and it’s all done in software,” said Robinson, noting that an open source project called Wasabi Wallet was the dominant player in the space.
What happens after?
Authorities “must modernize confiscation and asset freezing” to make it easier for law enforcement to seize crypto from exchanges, said Tom Kellermann, head of cybersecurity strategy for VMware and member of the Advisory Board on Cyber Investigations for the US Secret Service.
Individual scholarships can now register with the services of forensic firms which will notify them of suspicious activity based on their intelligence.
But experts have in the past touted the idea of sharing blacklists of wallets known to be used by bad actors – a sort of Interpol alert, with exchanges, analysis groups and the government openly sharing information. on their investigations in order to make this possible.
“Perhaps now is a better time to reconsider some of these policy initiatives,” said Kemba Walden, deputy general counsel for Microsoft’s Digital Crimes Unit.