Cyber crimes: Hackers are Making Money using Digital Currencies

Cryptocurrency promised censorship-resistant, borderless money — and while it delivered on some of that, it also created a highly attractive highway for criminals. Over the past several years hackers and organized groups have taken billions of cryptocurrency and created sophisticated cash-out channels to convert digital thefts into cashable value. This article explains the way in which money is taken, the standard cash-out strategies (and their weaknesses) and the most notable cases that have shaped the playbook and steps defense experts can follow.

Why is crypto so attractive at the hands of thieves (short answer)

Crypto brings together the world’s liquidity with pseudonymity and a growing set of services (DEXs bridges, mixers, OTC desks). These properties permit criminals to be able to conceal and move value faster than traditional fiat and frequently at lower cost, especially when intermediaries or exchanges don’t have strict compliance checks. Global estimates indicate each year, thefts and hacks of billions of dollars in recent times. Chainalysis+1

How money is taken — the most common attack methods

• Smart contracts are exploited to attack DeFi platform. Vulnerabilities in code or design flaws are frequently utilized to take liquidity out of pools.

• Custodial and exchange breach. Centralized exchanges that keep users’ private keys are valuable potential targets.

• Phishing SIM exchanges and accounts takeovers. Human-targeted attacks to capture credentials or 2FA tokens.

• rug pulls as well as frauds to exit. Malicious token projects in which the creators disappear using investor funds.

A lot of incidents involve both an initial attack (technical or social) and follow-up actions to conceal the funds. The result is that stolen crypto appears in a ledger of blockchain which is easily visible, but linked to addresses that criminals are quick to try to conceal.

The toolbox for cash-outs to criminals — the main methods explained

1) Mixers & tumblers

Mixers try to break the chain link between sender and receiver by pooling funds and then distributing them. Services such as Tornado Cash gained notoriety due to their use to conceal the proceeds of major attacks and state-linked thefts. This led to regulatory scrutiny and sanctions efforts. The legality and the enforcement of these tools has been challenged in court and in debates over policy. U.S. Department of the Treasury+1

Risk to Criminals mixers are tracked using chain analysis and sanctioned services can trigger an enforcement action that blocks access to liquid assets.

2) Chain-hopping (cross-chain obfuscation)

Criminals transfer money across multiple Blockchains as well as wrapped crypto tokens (e.g., ETH – bridge – BSC – Polygon) to make it more difficult to trace and exploit weaknesses in cross-chain surveillance. Cross-chain swaps and bridges are frequently used when security assumptions are not met. Chain-hopping can be a time-consuming and complicated method to wash. Chainalysis+1

3.) DEXs, decentralized exchanges (DEXs) and liquid routes

Since DEXs generally require less identity verification than central exchanges, criminals frequently attempt to trade stolen tokens in exchange for more liquid assets that are on-chain. Highly skilled actors make a variety of small swaps between multiple DEXs or automated marketplace maker pool to hide their the source of their transactions and avoid massive shifts that could draw the attention of authorities.

4.) Counter-top (OTC) counters, shadow cash-outs as well as desks

Certain criminals employ OTC broker or even private dealer who exchange crypto for fiat in off-order book transactions, usually for a fee and often with insufficient KYC. These are more risky, however they can also provide access to fiat while limiting risk of exposure to the chain.

5) Utilization of intermediaries or the money mules (human layer)

The stolen funds are usually divided and then sent to thousands or hundreds of intermediary wallets, and then transferred to accounts managed by money mobsters who then cash the funds in fiat currency or purchase high-value products.

Some notable cases that have changed the game plan of the industry

• Poly Network (2021): One of DeFi’s most talked about scandals was that more than 600 million dollars were removed from the protocol, but the money was returned in extraordinary circumstances. The incident highlighted cross-chain risk and the magnitude of DeFi thefts. Chainalysis+1

• Ronin Bridge and other bridges (2022): Attacks on bridges that cross-chain and gaming platforms (e.g., Ronin) have resulted in millions being taken and showed the fact that trust points in bridges can create systemic risks. Groups linked to North Korea were repeatedly accused of massive crimes and sophisticated laundering. Chainalysis+1

• Widespread thefts from 2022 to 2022 was cited as one of the biggest years of hacks involving cryptography with billions of dollars stolen from exchanges bridges and DeFi protocols, resulting in an increased focus on ways to combat fraud and enforcement. Chainalysis

These cases show a repeated cycle of exploits – rapid distribution across addresses and chains mixing exchanges, swaps and OTC conversion – cash-out, or embedding into complicated DeFi flow.

Who is responsible for laundering the money? (actors and motives)

• State-linked organizations (e.g., Lazarus): Some well-resourced groups are accused of massive coordinated thefts in order to fund the state’s priority areas. They are able to combine cyber-related operations with complicated laundering chains. Chainalysis+1

• Organised criminals groups that coordinate ransomware as well as theft and conversion operations.

• Opportunities for independent hackers: Individual hackers or small teams that exploit vulnerabilities and then use services to make money.

• Insiders/corrupt employees: People within exchanges, OTC desks, or financial services who help facilitate conversions.

The reason why law enforcement and compliance battle?

• Pseudonymous ledgers can be viewed as transparent, but require expert knowledge. Chain analysis can identify flows, but criminals use cross-chain tumblers, cross-chain transactions to make it more difficult.

• The fragmentation of jurisdictions. Exchanges and mixers are worldwide; subpoenas as well as asset freezes require cooperation across borders that may be slow.

• Legal uncertainties. Tools like mixers brought legal questions (e.g. whether smart contracts are considered property) as well as regulators and courts have issued contradictory rulings, making enforcement strategies more difficult. Reuters+1

Human cost is far more than headline dollar amounts

The consequences of crypto-related crimes go beyond balance sheet losses for tech firms. entrepreneurs lose their savings, individuals are unable to access liquidity, investors lose confidence and the cost of insurance and remediation are a major issue for the market. These types of thefts could shut down services and threaten critical infrastructure when hackers convert crypto fast to finance further operations.

Practical defenses: What exchanges, initiatives, and individuals need to do

For custodians and exchanges

1. Harden onboarding and KYC/AML. Strong identity checks and constant monitoring of flow.

2. Chain monitoring and algorithms. Use blockchain analytics to identify deposits that are part of illegal clusters, mixer exits and suspect chain-hopping.

3. The discipline of cold-storage and the withdrawal control. Limit hot wallet exposure and demand staged, manual reviews for withdrawals that are large.

4. Collaboration with law enforcement and quick freezing. Be prepared to react quickly to valid requests for takedown and provide traceable money when necessary.

For DeFi bridges and projects

1. Secure code and audits. Multiple independent audits and bug-bounty systems.

2. Timelocks and least-privilege multisigs. Reduce unilateral control over funds, and requires the time to respond.

3. Monitoring of suspicious transactions that are large and complex. Alerting on unusual outflows and drains of liquidity.

For those who are individuals

• Make sure you use reputable exchanges with robust compliance programs for conversions to fiat.

• Be wary of interacting with tokens that are not known or with suspicious projects.

• Save long-term possessions in wallets made of hardware or custodians that have insurance.

• If you’re creating or managing your project, consider security as a requirement for the product not a last-minute thought.

The policy levers and the road ahead

Exchanges, policymakers and blockchain analytics firms are working together on several issues that include improving the global AML guidelines for blockchain, establishing legal guidelines for privacy tools and committing to international cooperation to track and retrieve stolen funds. The balance is a challengeexcessive rules could impede legitimate development and privacy and encourage profit-driven criminals to profit from. Recent legal disputes regarding legalized mixers demonstrate how unclear the regulatory terrain is. U.S. Department of the Treasury+1

Final thoughts on the cat-and-mouse continues

The open nature of crypto is positive and negative. The ledger is publicly accessible and allows powerful tools for tracing however, the ecosystem changes quickly and criminals are able to adapt. Most effective security measures include security-conscious product design Monitoring and compliance by intermediaries, swift cross-border cooperation from law enforcement agencies, and well-informed user behavior.