To launder their stolen cryptocurrency, ransomware developers use tools like crypto mixers, layered exchanges, cash-out, and more.
Cryptocurrency is hardly an anonymous payment system. Given that all Bitcoin transactions (well, almost all; more on that below) are recorded in the blockchain, their flow can be tracked with relative ease. It is possible to track down the origin and final resting place of such cash with the help of specialized analytical techniques.
Knowing this, some people who fall victim to ransomware believe that paying the ransom and regaining access to their company’s resources is the best course of action, followed by reporting the incident to law enforcement and patiently waiting for the investigation to conclude so that they can get their money back.
But alas, it’s not quite that easy. In response to the extreme openness of blockchains, cybercriminals have developed a wide range of countermeasures. Tracing cryptocurrency transactions using those approaches is extremely difficult, if not impossible. That’s the topic for today’s chat.
Bitcoin wallets that act as middlemen
Spreading filthy crypto to false wallets is an easy way for thieves to make money. Massive thefts like the one at BitFinex or the Sky Mavis heist could include thousands of counterfeit wallets.
False wallets don’t help with the issue of tracking down money because all transactions are recorded in the blockchain anyway. Therefore, this method is typically only used at the outset of the laundering process in order to, first, confuse investigators and, second, divide huge funds into smaller ones that may be more easily concealed.
These phony wallets are typically used to store dirty crypto for extended periods of time. Sometimes this is because avaricious hackers are holding off till the currency rate is more favorable. Reason for care applies to transactions significant enough to draw the attention of law authorities. The perpetrators of the attacks prefer to remain anonymous until the media attention subsides and the money can be withdrawn more easily.
Homogenizers of Cryptographic Messages
The purpose of crypto mixers is to mitigate the aforementioned issues of excessive blockchain transparency and inadequate privacy. The way they function is as follows: all of the users’ cryptocurrency deposits are combined into a single “pot” and extensively shuffled. It is hard to identify transactions or match incoming and outgoing amounts since outgoing transfers of random amounts are done on a random timetable to completely distinct wallets.
This is, without a doubt, the most efficient way to handle shady crypto. And while not all users of crypto-mixers are cybercriminals, unlawful funds do account for a large amount of the flows into crypto-mixers; so significant, in fact, that US officials eventually went after them in 2022, ordering sanctions on not one but two popular crypto mixers.
Major cryptocurrency markets
Most trades on cryptocurrency exchanges occur between the accounts of the same client, and are recorded in full only in the databases of those exchanges. Only the aggregate outcomes of several such internal transactions are recorded in the blockchain.
This is done to save costs and wait times (there is only so much bandwidth on the blockchain). Since incoming and outgoing transfers can’t be matched using blockchain analysis alone, this makes any cryptocurrency exchange a natural crypto mixer. When money enters an exchange, the trail can no longer be traced back to its original source.
On the one hand, it makes it easier to commit crimes. On the other hand, it introduces substantial new dangers, as thieves lose control of their cash once they are moved to a big cryptocurrency exchange. Since such deals typically involve cooperation with authorities, the odds of losing out on the loot are astronomically low. The hazards and complications of money laundering are exacerbated by the fact that legitimate crypto exchanges always have a Know Your Customer (KYC) verification mechanism.
Localized Bitcoin Markets
Small crypto exchanges are less likely to meet regulatory criteria and are more likely to self-identify as anonymous, making them an attractive option for thieves. Such marketplaces frequently morph into fully functional cryptocurrency laundering platforms.
However, the greater the volume of trade with cybercriminals, the more probable it is that law enforcement will take notice. Eventually, the authorities’ patience wears thin and they figure out a means to shut down the platform. The owner of Bitzlato Ltd., an exchange that traded hundreds of millions of dollars in illicit cryptocurrency, was arrested by U.S. officials earlier this year. And the operators of ransomware and crypto scammers were responsible for a sizeable portion of that dirty currency. The European police seized the exchange’s hardware and rendered it useless, effectively ending its operations.
Parallel interactions
There are multiple “nested exchanges,” or smaller crypto markets within larger ones. These services function as middlemen between buyers and sellers on cryptocurrency exchanges, removing the need for traders to open exchange accounts.
In the crypto industry, these services are designed to protect one’s anonymity by avoiding the Know Your Customer (KYC) requirements imposed by the largest cryptocurrency exchanges. In theory, layered exchanges help not just cybercriminals, but also money launderers, because the latter might use them to avoid answering questions about their illegal activities.
Decentralized protocols; DeFi
Finally, bitcoin money launderers can resort to decentralized finance protocols (DeFi) as another method. These are fundamental to the functioning of decentralized, smart-contract-based automated cryptocurrency exchanges. Decentralized exchanges (DEX) benefit fraudsters because they don’t verify their customers or need them to sign up for an account.
One more benefit of DEX is that barring a mistake in the smart contract, the original owner of the funds never loses possession of them. However, there is a major drawback: all DEX-based transactions are recorded on the blockchain, making it possible to trace them even with minimal effort. Therefore, there aren’t very many cybercriminals who use DeFi. However, DeFi can be a useful part of elaborate multi-step money laundering systems.
Money laundering through the dark web
If you’re expecting that certain extortionists aren’t good at hiding their money, we have some bad news: that’s not the case. Today’s cybercrime takes a very specific form. And recently, there has been a rise in the usage of underground services whose sole purpose is to launder illicit cryptocurrency. Their services, which may be summed up as “laundering as a service,” involve using variations on the aforementioned methods to conceal the transfer of cryptocurrency.
Everything about money laundering is designed to protect the privacy of its clients, from the advertising of services on the dark web to the use of encrypted messaging between the service provider and the customer. Even by the most reasonable estimations, this industry brought in over $6 billion in revenue last year.
Turning Your Money Into Cash
A paradox of Bitcoin is that it may be used to purchase an expensive picture of a monkey but not a loaf of bread, as you may already know. As a result, getting their hands on the money is the ultimate goal of every cryptocurrency scam. This is the ultimate step in any money laundering strategy, as blockchain analysis will be useless in tracing Bitcoin once it has been converted to fiat cash.
The aforementioned ideas are just a few of the numerous possibilities that offer such an exit into the actual world. Large and small cryptocurrency exchanges, “nested” exchanges that provide trading without creating an account, and “dark-web laundering services” that specialize in helping crooks (without elaborating) can all be utilized to withdraw funds.
Impact on Victims of ransomware
As you can see, thieves can use a variety of techniques to clean their illicit cryptocurrency. And they need not stick to just one of the aforementioned strategies. In reality, most hackers use complex, multi-step laundering operations including a wide variety of tools, such as crypto mixers, intermediary wallets, exchanges, and cash-out mechanisms.
Therefore, even if law enforcement is successful in their investigation, it is often difficult to retrieve most of any stolen funds. In other words, you may forget about getting back any ransom money you may have paid. Always, the wisest course of action is to take precautions: choose a security solution that has been independently proven to be effective against ransomware, and install it on all of your devices.