Crypto crime reports by Chainalysis and CipherTrace reveal the workings of the hacker mind today

The cryptocurrency sector is a fast evolving one, yet so too is the criminal involvement biting at its heels as it runs along at a swift pace. Crypto is facilitating great progress and evolution in the tech and finance sector, making new inroads to streamline and facilitate greater efficiency for ever more people globally. And chasing after it like a rabid dog is the cyber crime sector, hoping to grab a few bites out of the thriving and evolving body of digital currency as it climbs to new heights year by year.

source

Although hackers appear to be an ominous giant beast always on the fringes of our safety zone, just across the fence, waiting for every chance to chomp a bite out of our legitimate crypto earnings, their reputation is actually bigger than their real influence. According to the latest report by Chainalysis, theft in the cryptocurrency sector isn’t as rife as we may think. The problem is rather that a few bad actors of large proportions have given the overall crypto space a bad reputation as high risk due to criminal behaviour.

For example just two hacking groups are responsible for the vast majority of the $1 billion stolen in 2018. That figure sounds like a lot, but compared to all the bitcoin activity annually, it comprises only 1% of all transactions, down from 7% in 2012. The crime stats are a mixed signal because although crypto hacking is down 6% in six years, it has increased in dollar volume compared to previous years.

Three types of crypto crime have been quantified, namely exchange hacks, darknet markets and Ethereum-based ICO scams, in that order of volume. Despite tight security measures, exchanges continue to get hacked by equally sophisticated cyber criminals who steal hundreds of millions of dollars at a time, dwarfing the other forms of crypto crime. Only two groups account for over 60% of this type of hacking at the moment, amounting to about $1 billion last year. Chainalysis has attempted to decode their modus operandi.

How hacked funds move through the system

When $90 million worth of cryptocurrency is being stolen at a time, one wonders how the thieves actually move the funds around in order to eventually sell them into fiat and cash out on their ill-gotten loot. The blockchain might be transparent, with all transactions visible to everyone, but there are still ways of hiding your activity it seems. Infiltrating the exchange to get their hands on the crypto is already a feat of evil genius. Security is obviously tightened every time such a breach is found, though it may be like closing the stablecoin door once the horse has bolted. Once they have control of the funds, hackers will move them through as many as 5000 wallets in order to disguise them.

They then leave them there for up to 40 days or more while interest in the crime blows over. They then proceed to cash out around 50% of the funds on average, over a period of 112 days, the rest being left to cash out still later. Generally Chainanalysis was able to observe that 75% of the funds would be cashed out within 168 days of the initial heist.

It seems ironic that Chainalysis can trace these movements quite clearly on the blockchain yet still we can do very little to actually stop the theft from occurring.

As you can see it takes many months to complete the heist and get the cash in hand, during which time you would expect an intervention of sorts. Curiously the goals of the top hacking group, a giant organization, are apparently not purely monetary, but also to create havoc in the sector. Such is the nature of these cypherpunks and anarchist geeks that it defies our comprehension.

Presumably sometimes just outsmarting the world is enough satisfaction for them. Such sophisticated criminal groups may always be one step ahead of the industry. The other top hacker group is apparently less organized and purely in it for the money. They don’t care as much about evading detection, sitting on the crypto for six to 18 months in some cases before cashing out up to $32 million or half their loot over a few days on some other exchange.

These top two hacking groups use slightly different methods to evade detection but either way they leave a digital fingerprint that identifies their style, which will help in capturing them in time... we hope.

They are basically expert in shuffling the crypto around. In one case up to 15000 movements from wallet to wallet were observed.

Until now exchanges have had little ability to track these funds because they look like they came from the legitimate original owners who were hacked. Chainalysis is helping with their detection software now though, and any unusual activity or spike triggers flags. They have already aided exchanges to track hacked crypto in some cases so there is an increasing defense against these high stakes infiltrators.

The Darknet

Regardless of recent price declines in crypto and efforts at closing down darknet sites, they continue to re-emerge elsewhere because people are always going to want to buy illicit goods. The known darknet volume peaked in 2017 at over $700 million. When top sites Alphabay and Hansa were closed there was a short lived slowdown in mid 2017 but many simply moved to Russian site Hydra. Around $2 million a day is spent in darknet markets overall. This is still less than 1% of all bitcoin activity. Most activity is predictably on Fridays and Saturdays, with the highest cash out by sites being on Monday, closely aligning to the drug trafficking sector.

2018 did however show a slight decrease in activity on the darkent compared to the year before, which was an ATH for the industry.

Apparently darknet users are changing their strategy and increasingly moving to encrypted messaging apps like Telegram and WhatsApp. To engage in transactions the decentralized, P2P (peer to peer) nature of the networks aids dealers and the law will be unlikely to shut down an entire website. China may be different of course. Around $600 million in crypto was spent over the darknet in 2018.

Ethereum-based scams

This third type of crypto crime is small compared to the rest. In 2018 only $36 million or 0.01% of ETH was stolen in scams. Not much though actually double the amount for the previous year. The number of scams declined but the size of those that remained was bigger and more sophisticated, thus the doubled profits for scammers. It’s mainly because Ether is the smart contract platform upon which most ICOs are run that it has been targeted in any way. People became used to parting with their cash for new ICO tokens during the hype of 2017 and scammers took advantage of that, based on people’s FOMO. Since 82% of all ICOs are built on the Ethereum blockchain, it has become a target, despite the genuine products launched there.

Three types of scams were identified, namely phishing, ponzi and ICO exit scams

• With phishing a person receives an email that tricks them into sharing personal information that allows the scammer access to their wallets.

• In a ponzi investors are promised very high returns. New incoming funds are used to pay out first movers in order to attract still more investors, until the scammers close down their activity, disappearing with the proceeds.

• And ICO exit scams are basically fake companies with elaborate websites or whitepapers who raise lots of collateral but then disappear soon after in the unregulated industry.

From late 2016 through to the end of 2018 Chainalysis tracked over 2000 scam addresses on Ethereum.

They had received funds from almost 40 000 users. And almost 75% of those were from 2018, presumably in the wake of the massive bull run in late 2017, which left the market quite euphoric.

Today fewer investors fall for phishing and fake ICOs and that scam has been saturated. Often it was for small amounts of money at a time from victims, though some scammers did make millions, and only increased in sophistication with time. It’s generally playing on people’s greed really, along with their lack of due diligence. Phishing is still a threat though and just recently, in January 2019, users of the Electrum and MyEtherWallet were on the receiving end of attacks from a fake Twitter account posing as Electrum offering an upgrade, or a fake email from MEW requesting personal information.

Almost $1 million was lost in BTC.

The exchange LocalBitcoins also suffered a phishing scam just recently this year via a bogus website address, and in January a hacker who stole $11 million worth of Iota through 2018 with a phishing attack was arrested by police.

Money laundering is of course also a concern with crypto and Chainalysis data shows that 65% of stolen funds flow through crypto exchanges, 12% through P2P exchanges and the remainder through suspect conversion services (mixers, tumblers and chainhoppers), Bitcoin ATMs and gambling websites. These facilities are also becoming more sophisticated with time.

Looking ahead

Since we are in a bear market now, the market has cooled somewhat. ICOs are no longer as attractive and investors have seen through the potential scams there. Criminals will always be there of course and even traditional criminals may want to utilize cryptocurrency in their operations of fraud, money laundering and illegal gambling. We need to be aware of cartels taking over entire exchanges or bitcoin mining operations. Cryptocurrency is also a way in which sanctioned governments are evading their sanctions, though whether that is good or bad is debatable.

Solutions involve introducing a tougher layer of KYC (know you customer) documentation, known as KYT (know your transaction). Software is emerging that will monitor the industry more closely and warn investors of suspicious behaviour.

Besides that the community simply needs to work more closely together to weed out hackers and scammers so that we all benefit and also so that a cleaner and more efficient crypto sector can attract more newer investors thus sparking the level of growth and volume needed to really fuel the next bull run.