Crypto Crime: Mining for Clues
Author: Vesna Drofenik
Source: Lemur Legal
Thanks to the rise in popularity of cryptocurrencies, many industries outside of the financial sector have been exposed to blockchain technology – and crime is no different. From hacking online businesses to get to their assets, fraud under the guise of buzzwords like innovation and blockchain, all the way to being the preferred means of value transfer in illicit transactions, criminals have embraced this technology and made good use of it. Can we expect this trend to continue in the future and what can we do to protect our legitimate business from attack and stay on the regulator’s good side?
2019 so far in numbers
Blockchain analytics firm CipherTrace has reported that in the year’s first quarter, up to $1.2 billion may have been lost as a result of cryptocurrency hacks and fraud. This includes the $850 million lost from the Bitfinex exchange as reported by the New York Attorney General’s office back in April 2019.
On the other hand, blockchain analysis platform Chainalysis noted in their January 2019 Crypto Crime report that while crypto crime increased in 2018, it made up a much smaller share of the rapidly growing market. In 2012, around 7% of all economic activity on Bitcoin represented illicit transactions, which has fallen (relatively) to 1% in 2018. This goes to show that mainstream bitcoin adoption is growing faster than adoption growth in crime circles.
In a world where the internet has become an essential part of our civilizational infrastructure, it’s fair to say that we can expect hacks to continue to occur both in traditional industries as well as in the crypto/blockchain space. Chainalysis’ research has shed light on two prominent hacking groups who were active in 2018 and assumed to be responsible for at least 60% of all publicly reported hacks. Analyses have shown how these attackers prioritize fast movement and complex patterns to conceal their asset-moving activities and thus ease their cash-out. They have also shown the important role other crypto exchanges play in these activities, regardless of their willingness or even awareness (which is why a solid and well-implemented anti-money laundering (AML) and counter-terrorist financing (CTF) policy is key for them).
Typically, hackers move stolen funds through several wallets and exchanges at a quick pace in order to conceal the funds’ criminal origin. This jumble is followed by a quiet period of 6 weeks or more with the intent of letting the dust settle and interest in the theft wane. Once hackers feel confident it’s safe to proceed, they start cashing out using various conversion services (institutional or P2P exchanges, bitcoin ATMs, gambling services, etc.) and at a fast pace. Chainalysis estimates that over 75% of hacked funds are cashed out within 6 months of the attack.
Until now, the ability of law enforcement to track hacked funds has been limited. This is because it is difficult to tell funds that have come from legitimate owners apart from those which haven’t without specialized investigation software. To improve stakeholders’ ability of identifying unusual activity that could be tied to crime, cooperation between them is essential. Working together enables exchanges and other entities to verify the origin of inbound deposits and transactions and engage with law enforcement in earnest, which can help with tracking and recovering stolen funds.
The darknet market
When it comes to darknet market activity, we’ve seen a remarkable display of resilience despite continued efforts by law enforcement to shut them down. In what looks like a real-life game of whack-a-mole, new darknet markets pop up to replace those that had been closed. Since darknet market participants use it primarily to buy and sell illicit goods with cryptocurrency, price fluctuations have little impact on them.
The share of bitcoin economic value passing through darknet markets has declined since its 2012 peak, but total volume hit its highest mark back in 2017. After darknet markets AlphaBay and Hansa closed mid-2017, activity slowed by 60%, but it soon picked back up as participants diverged to other darknet platforms like Hydra. There is also a trend of moving away from centralized markets and toward systems with a distributed structure – law enforcement officials have reported to Chainalysis that criminals are increasingly migrating to encrypted messaging apps like Telegram and WhatsApp, for example. Because of the P2P nature of communications and transactions through these apps, the risk of shutting down the entire network by closing a website (like in the case of a centralized web marketplace) is much lower. However, a higher level of trust between parties is required to transact via a message app, which in turn increases the risk borne by each individual.
In short, it seems that darknet markets have much in common with traditional illicit markets, as the underlying activity is similar in many ways. In order to develop effective strategies to fight darknet market activity, a high level of understanding the patterns of behaviour among darknet buyers and sellers is essential.
Ethereum scams and fraud
When the Ethereum smart contract platform arose as an alternative, decentralized fundraising option, an investment rush followed. In the hope of receiving large returns on their investments, people were very open to parting with their funds by participating in initial coin offerings (ICOs), culminating in the crypto hype of late 2017. This new willingness to invest, as well as the fear of missing out stemming from the all-encompassing hype, attracted scammers’ attention.
While phishing scams (scams where the victim is tricked into submitting personal financial data and/or access to their crypto wallets) were the most common, there were other types of scams related to Ethereum as well. Most can be categorised as either ponzi scams, also called pyramid schemes, of which a few gained worldwide notoriety (thanks to pompous events and performances caught on camera for our continued amusement), or ICO exit scams, in which criminals would set up fake websites and social media accounts to simulate a legitimate business - only to run off with the raised money once the ICO is completed.
Looking at the evolution of Ethereum scams, there is a clear trend of a series of actions and reactions between scammers and people in general. Early Ethereum scams focused on the phishing aspect in order to gain access to victims’ wallets and siphon off the funds from there, but as users became better educated and the market was flooded by phishing scams competing against one another, the number of phishing scams eventually tapered off. Scammers saw an opportunity in the ICO model and got very creative when crafting large, innovative, and complex scams designed to pay massive returns. Chainalysis finds that twice as many users lost four times as much in assets in 2018 when compared to 2017 because of these new, sophisticated scams. They also recommend that users stay vigilant and keep track of market conditions, as ponzi schemes are more likely to spring up when prices are low while rising prices attract phishing scammers.
No matter the method they choose, criminals using crypto eventually face the same challenge: cashing out in spendable, government-back currency. With government regulators and banks ever so watchful (they have learned) and a number of new, tougher AML/CTF regulations on the way in 2020, the level of difficulty for these criminals will continue to increase. CipherTrace states that regulators are also recommending bans on privacy coins that are more difficult to trace (and thus preferred by criminals), for example Monero. Since they are inevitably a link in the chain of blockchain money launderers (if those are not caught, that is), banks also face stricter regulations and new control mechanisms. And of course, the ones who come under the heaviest fire are the crypto exchanges, where a history of hacks, busts, and even founder deaths have shown that regulation of this sector is unavoidable.
The stakes for crypto crime are high, forcing criminals to be ever more innovative, users to be ever vigilant, and most importantly, crypto exchanges to be ever more compliant with regulation and best practices from related industries, such as regular stock exchanges.