The Economics

Search, Explore, Discover
Monday, Oct 18, 2021

Rise of crypto laundries: how criminals cash out of bitcoin

Rise of crypto laundries: how criminals cash out of bitcoin

In the world of online crime, anonymous cryptocurrencies are the payment method of choice. But at some point, virtual hauls need to be turned into hard cash. Enter the “Treasure Men”.

Finding a Treasure Man is easy if you know where to look. They are listed for hire on Hydra, the largest marketplace by revenues on the dark web, a part of the internet that is not visible to search engines and requires specific software to access.

“They will literally leave bundles of cash somewhere for you to pick up,” says Tom Robinson, chief scientist and co-founder of Elliptic, a group that tracks and analyses crypto transactions.

“They bury it underground or hide it behind a bush, and they’ll tell you the co-ordinates. There’s a whole profession.”

The Russian-language Hydra offers plenty of other ways for criminals to cash out of cryptocurrencies, including exchanging bitcoin for gift vouchers, prepaid debit cards or iTunes vouchers, for example.

The ability to hold cryptocurrencies without divulging your identity has made them increasingly attractive to criminals, and particularly to hackers who demand ransoms after breaking into companies.

In 2020, at least $US350 million ($454 million) was paid out to ransoms to hacker gangs, such as DarkSide, the group that shut down the Colonial Pipeline last month, according to research group Chainalysis.

But at the same time, every transaction in a cryptocurrency is recorded on an immutable blockchain, leaving a visible trail for anyone with the technical know-how.

Several crypto forensics companies have sprung up to help law enforcement track criminal groups by analysing where the currencies flow to.

These include New York’s Chainalysis, which raised $US100 million at more than a $US2 billion valuation earlier this year, London-based Elliptic, which boasts Wells Fargo among its investors, and US government-backed CipherTrace.

In total, in 2020 some $US5 billion in funds were received by illicit entities, and those illicit entities sent $US5 billion on to other entities, representing less than 1 per cent of the overall cryptocurrency flows, according to Chainalysis.

Dark exchanges

In the early days of cryptocurrencies, criminals would simply cash out using the major cryptocurrency exchanges. Elliptic estimates that between 2011 and 2019, major exchanges helped cash out between 60 per cent to 80 per cent of bitcoin transactions from known bad actors.

By last year, as exchanges began to worry more about regulation, many of them bolstered their anti-money laundering and know-your-customer processes and the share shrank to 45 per cent.

Stricter rules have pushed some criminals towards unlicensed exchanges, which typically require no know-your-customer information. Many operate out of jurisdictions with less stringent regulatory requirements or lie outside of extradition treaties.

But Michael Phillips, chief claims officer at cyber insurance group Resilience, says such exchanges tend to have lower liquidity, making it harder for criminals to transfer crypto into fiat currencies. “The aim is to impose further costs on the business model.”

There are an array of other niche off-ramps into fiat currency. Chainalysis suggests that over-the-counter brokers in particular help facilitate some of the largest illicit transactions – with some operations clearly set up for that purpose alone.

Meanwhile, smaller transactions flow through the more than 11,600 crypto ATMs that have sprung up globally with little to no regulation, or through online gambling sites that accept crypto.

Forensics companies

Against this backdrop, the crypto forensics companies use technology that analyses blockchain transactions, together with human intelligence, to work out which crypto wallets belong to which criminal groups, and map out a picture of the wider, interlocking crypto criminal ecosystem.

With an overview of how criminals move their money, their research has shone a light on how hackers are renting out their ransomware software to networks of affiliates, while taking a cut of any proceeds.

Kimberly Grauer, head of research at Chainalysis, says hackers are increasingly paying for support services from other criminals, such as cloud hosting or paying for the login credentials of their victims, with crypto, giving investigators a more complete picture of the ecosystem.

“There’s actually fewer needs to cash out in order to sustain your business models,” she says. “We can see the ransom paid, and we can see the splitting and going to all the different players in the system.”

Losing the trail

But cyber criminals are increasingly wielding their own high-tech tools and techniques in a bid to muddy the crypto trail that they leave behind.

Some criminals undertake what is known as “chain-hopping” – jumping between different cryptocurrencies, often in rapid succession – to lose trackers, or use particular “privacy coin” cryptocurrencies that have extra anonymity built into them, such as Monero.

Among the most common tools for throwing investigators off the scent are tumblers, or mixers – third-party services that mix up illicit funds with clean crypto before redistributing them.


Related Articles

The Economics