Bitcoin, hacking exchanges and darknet - told about the new report by Chainalysis

After a series of small spoilers in January, analytical company Chainalysis finally presented the promised full-fledged report on criminal activity in the cryptocurrency ecosystem. In addition to Bitcoin, it also affects the situation in the Ethereum network. So, according to the authors of the report, criminal activity using Bitcoin increased in 2018, but in reality it was a fairly modest part of all transactions - less than 1%. This is a significant decrease from 7% in 2012. However, despite the fact that the percentage of criminal activity in the cryptocurrency ecosystem has decreased, it still presents a significant problem. 'The result of hacking exchanges became billions of dollars received by criminals, activity on the darknet brought them hundreds of millions of dollars of illegal income, and as a result of fraudulent schemes, individuals lost tens of millions,' the researchers write. But, most importantly, the use of cryptocurrency for criminal purposes has begun to acquire more and more sophisticated forms, analysts say. Malefactors very quickly react to the changes occurring around, skillfully adapting to new conditions. Using various cryptocurrencies, they are very resourceful in their schemes, and if we talk directly about the year 2018, the main trends in this area can be divided into three categories: 1) Two large groups involved in hacking exchanges and laundering stolen funds In 2018 alone, hacking exchanges brought about $ 1 billion to hackers, while, according to Chainalysis, in most cases two large groups were involved in them. Attackers work quickly, cash out the stolen funds within three months after the attacks and create complex transactional patterns to confuse the tracks. 2) The darknet demonstrates resilience In 2017, a number of large marketplaces on the darknet were closed, but in 2018 many other sites appeared in their place. Despite the collapse of the market, the total volume of bitcoin transactions on them last year exceeded $ 600 million - criminal organizations value the darkness for the offered confidentiality and convenience, paying little attention to current cryptocurrency prices. 3) Fraud schemes using Ethereum are small in volume, but develop qualitatively Despite the fact that the total amount of Ethereum cryptocurrency stolen by fraudsters in 2018 has doubled, it is less than 0.01% of the total value of the ETH in circulation . Moreover, the reduction in market agiotage and a higher user base awareness mean that many schemes were not as successful as a year earlier. The peak in the number of users who fell victim to scams and other fraudulent schemes fell at the beginning of 2018, but after that the curve sharply went down. Nevertheless, analysts note the cyclical nature of successful phishing attacks and its correlation with the price of the asset. For this reason, according to Chainalysis, users should beware of ponzi-schemes and fraudulent ICOs at low prices and be prepared for more sophisticated phishing attacks if the value of cryptocurrency rises. Hacking exchanges Hacking exchanges predominate over the other crimes in the field of cryptocurrency, and as established by the Chainalysis researchers, two professional groups of hackers dominate here. Only these two organizations, conditionally called 'Alpha' and 'Beta', account for about 60% of the total number of hacker attacks made during the entire existence of the cryptoindustry. As a result of malicious actions, these groups managed to get about $ 1 billion. On average, as a result of their hacking, Alpha and Beta stole $ 90 million, while using sophisticated schemes involving numerous wallets and exchanges to withdraw funds to Fiat. According to researchers, on average, stolen funds were moved at least 5,000 times before they were converted to Fiat. It was also established that these two groups hold different tactics. “Alpha” supposedly conducts transactions with “extracted” assets almost immediately, while “Beta” does not hurry with these - the movement of cryptocurrency is postponed, on average, for 18 months, until “the dust settles” and the public will remember less about attack.

Comparative table of the number of transactions per day after hacking. Blue color - group “Alpha”, yellow - group “Beta”

In general, the withdrawal of funds is often preceded by a 'period of silence' with a length of 40 days or more. At least 50% of the stolen funds were withdrawn within 112 days, 75% - within 168 days. The report also says that Alpha is a supposedly 'huge, tightly controlled organization that is at least partially guided by intangible motivation.' “Beta” is much smaller than “Alpha”, it is not so rigidly organized and in its activity is guided mainly by monetary motives. Both organizations, the researchers note, have not yet been identified, but, in all likelihood, continue their activities. As noted, to this day, the stock exchanges and law enforcement agencies have limited opportunities with regard to tracking the stolen cryptocurrency. Moreover, the exchanges regularly process transactions involving these funds, allowing hackers to convert them to fiat or other cryptocurrencies. Thus, in the course of his study, Chainalysis studied in detail four cases of hacking exchanges, finding that at least $ 135 million had been withdrawn through well-known trading platforms. According to analysts, this is partly due to the fact that for the exchanges these funds look like they came from their legal owners, and without specialized software it is very difficult to establish the origin of cryptocurrency. According to Chainalysis, knowledge of how hackers move funds, and the study of their strategies can provide an opportunity to identify unusual bursts of transactions and help in catching criminals. Also, cooperation between representatives of the industry and law enforcement agencies can be better protected against new attacks. “The hacks become more because it works. Taking into account the scale with which opponents operate, it makes protection difficult, and therefore the rates for stock exchanges and cryptocurrency ecosystems are generally very high, ”the report says. Darknet markets Despite the ongoing attempts by law enforcement agencies to repel illegal activities on the Internet, the darknet continues to demonstrate a high degree of stability. As stated in the study, the general trend is that at the site of one site closed by the authorities, others immediately appear, as, for example, was the case with AlphaBay and Hansa. Both of these sites were closed in mid-2017, and although immediately after this, the volumes of bitcoin transactions in the darknet and decreased by 60%, this did not last long. Moreover, by the end of 2017, the volume of transactions turned out to be a record one - $ 707 million However, the most remarkable thing is that the popularity of illegal markets was almost not affected by the fall in markets - despite the decline in quotations, the volume of transactions in dollar terms throughout most of 2018 showed growth, reaching an aggregate figure of $ 603 million

Today, darknet activity is on the rise again - analysts estimate a daily bitcoin inflow to illegal trading platforms in the amount of about $ 2 million. However, this represents less than 1% of the total economic activity in the network. Most of the activity at the same time was redirected to another popular marketplace, which is currently dominant on the darknet and at the peak exceeded AlphaBay in its volume four times. This is the Russian-language marketplace Hydra, which to date has already received more than $ 780 million in cryptocurrency - 14% more than AlphaBay ($ 690). Another interesting detail that the researchers noticed is the sensitivity of the darknet to the days of the week. Thus, the largest influx of cryptocurrency is observed on Fridays and Saturdays, and the peak of withdrawals falls on Mondays. 'This pattern corresponds to what we know about drug trafficking. People buy drugs at the beginning of the weekend, when they have more free time for private browsing (this is not the same thing as secretly stopping at work on Amazon), and drag dealer converting cryptocurrency into cash on Monday, ”the report authors write. Attempts to combat such illegal sites have brought some success, however, as already noted, a significant part of the demand was transferred to other markets. Moreover, sellers and buyers are developing new communication methods, including using distributed technologies and encrypted instant messengers like Telegram and WhatsApp. Thus, operators reduce the risk of closing the entire network of their trading platforms - even if one site is liquidated, the rest will continue to work.

Ethereum fraud schemes

In a brief teaser of this report, Chainalysis researchers have already stated that as a result of various fraudulent schemes, the owners of Ethereum cryptocurrency in 2018 lost $ 36 million in dollar terms. This, although twice as much as in 2017, when users had stolen $ 17 million, however, was less than 0.01% of the total value of all the ETHs in circulation. Thus, the fraud schemes with Ethereum in 2018 were among the least profitable for their organizers. Moreover, their number itself throughout the past year has been steadily declining, although those that continued to operate were more extensive, and the methods of weaning funds from users became more sophisticated. “For a variety of reasons, the broadcast has long been known as the most preferred cryptocurrency for scammers. Ethereum's smart contracting platform created a new phenomenon of decentralized investment through primary coin offers (ICO), and in the wake of the HYIP at the end of 2017, people easily parted with their coins in the hope of getting huge profits. Scammers took full advantage of this willingness and the syndrome of missed opportunities - they created phishing sites with fraudulent investment offers, where users left their personal data, ”the report authors write. Not only Ethereum has such fraudulent schemes, but since 82% of all ICOs are conducted on this platform, it quickly became a favorite among scammers, the researchers also note. At the same time, it was phishing that remained the most profitable fraudulent method during 2017 and 2018. However, if in 2017 its share accounted for more than 88% of all fraudulent schemes, then in 2018 this method became less effective, and its success rate dropped to 38.7%. Other most popular methods of weaning coins (and we are talking about millions of dollars on the air) were the disappearance of the organizers of the ICO (31.5%) and the Ponzi-schemes (pyramid schemes) - 15%. Another common method has become malware infection.

The peak of the activity of fraudsters - 45% of all recorded cases - occurred in the first quarter of 2018, which, according to analysts, is related to the market hyip at the end of the previous year. Blue is the total amount of money stolen in USD, yellow is the number of active smart contracts created by fraudsters.

At the same time, it is noted that in 2018 phishing became less effective - the median amount of funds sent to the fraudulent smart contracts amounted to only $ 94. For comparison, in 2017 the same figure was $ 144.

200 most profitable fraud schemes by type (2017 - 2018)

Moreover, the median amount of fraudsters in 2017 was $ 6,500, while in 2018 the same figure was $ 2,440. In addition, in 2017 only 49 illegal schemes brought their organizers less than $ 100, but in 2018 this figure rose to 181, of which 65 “earned” less than $ 10. However, even if fraudulent schemes using Ethereum were generally less profitable, some of them brought millions of dollars to their authors. The activity of this small group of inventive criminals peaked in the second half of 2018. 'What to do? Users need to protect themselves from various types of fraudulent schemes along with changing market conditions. With low prices, the number of Ponzi-schemes increases, with rising prices, you need to be attentive to possible phishing, ”the researchers write. Money laundering The authors of the report also paid attention to the laundering of illegally obtained funds, noting that in this aspect, cryptocurrencies have a lot in common with traditional money. In particular, in the money laundering process, three basic stages are inherent in all of them: 1) Placing criminal money in the financial system 2) Entangling traces 3) Integrating funds into the real economy funds in 2018 passed through the traditional centralized exchanges (64.3) and p2p-exchanges (11.9%). The rest (23.8%) accounted for other conversion services - mixers, Bitcoin-ATMs and gambling sites.

Researchers, however, recognize that this analysis affects only part of the problem. According to them, a significant part of the illegally obtained cryptocurrency is laundered offchan - for example, when they are used for international payments by the drug cartels. To track these streams, you need special software that complements the already known analytical tools. Such software, for example, can identify unusual transaction activity (frequency and size), usually associated with tracing of traces. The authors of the report are also convinced that the role of cryptocurrencies in money laundering will continue to grow as the regulatory changes and the overall market situation. Nevertheless, it is becoming easier to track transactions, and coupled with the growing requirements to comply with the “know your customer” (KYC) policy, this means that for criminal organizations, cryptocurrency is not a special method of money laundering, although their use by small players like drug dealers and continues to harass law enforcement.

What to expect in 2019?

According to Chainalysis, 2019 will be the year of distributed crime. Criminal activity moves to distributed platforms, and this is a big challenge for law enforcement. In particular, analysts believe that criminal organizations will begin to leave the darknet, preferring encrypted applications (Telegram, Signal, WhatsApp). Some of these platforms already have channels for people involved in drug trafficking and child pornography. In addition, cryptocurrencies are increasingly becoming part of traditional crime, and this trend will also continue in 2019. Many criminal groups have already used Bitcoin in their business, and are also more and more willing to use the services of cryptocurrency experts who advise them on the integration of cryptocurrencies into fraudulent schemes, money laundering and illegal gambling. In addition, there are cases when cartels and other criminal groups take control of stock exchanges and miners, using them as a source of 'clean' money. Finally, another threat related to cryptocurrencies is the use of them by states and individuals to circumvent international sanctions. It also poses a big challenge for law enforcement agencies, who, in addition to this, also have to deal with a growing number of applications that pose a threat to cyber security in general.