Last year saw quite a bit of action in the industry and of course, not all of it was positive. With fake ICOs, wash trading, misplaced wallet information, accusations of fraud, and successful hacks, there was a virtual ton of lost currency in 2018.
In fact, according to the report by CipherTrace, there was $1.7 BILLION worth of stolen cryptocurrency, a rise of 3.6x over 2017, with $950 million alone being stolen from exchanges and wallet providers.
While some exchanges successfully foiled would-be heists by freezing associated accounts, it could be next to impossible for those organizations to retrieve the ill-gotten assets and there were multiple attacks that got away with quite lucrative hauls.
So, what do the hackers and thieves do with that stolen loot?
ChainAlysis recently released a second edition to their “Crypto Crime Report” and in it, they took a look at hacks targeting cryptocurrency exchanges and traced hacked funds’ movements from the moment of the attack, to their withdrawal points.
The report discovered that two main professional hacking groups, which they dub Alpha & Beta, are responsible for at least 60% of all publicly reported hacks and that in the months after a successful breach, there were some signature patterns in transaction activity.
Of course in order to hide their illicit actions, the culprits created complex patterns of transactions, but they generally cashed out at another exchange within six months of the attack.
ChainAlysis found that the two groups stole an average of $90M per hack and shuffled those funds around an average of 5,000 times each, using a variety of wallets and exchanges. Once they’d completed their virtual version of the shell game, the hackers would generally sit patiently, letting interest in the theft die down while the funds rested quietly.
The Alpha group was found to generally begin moving the stolen funds around immediately and averaged a higher number of transfers than the Beta group. One of the traced hacks had up to 15,000 movements and the investigators determined that Alpha would convert up to 75% of their loot to cash within 30 days of the hack.
The Beta group’s methods were found to be quite different. Not only do they wait to cash-out for 6 to 18 months, they didn’t appear to be as concerned with hiding the source of the funds and didn’t execute anywhere near the amount of movements that Alpha did. Beta would then apparently utilize a single exchange over a few days to cash-out over 50% of the stolen currency, grabbing over $30M in one episode.
Between the two groups, at least $135M ended its journey at known exchanges. Those exchanges were unwitting participants in the laundering process because without specialized investigation software, it’s difficult to differentiate between legitimate and illegitimate funds.
Unfortunately, 2019 isn’t likely to see these numbers drop unless the exchanges and the industry as a whole make some changes. A consensus among the exchanges to cooperate and share information has quickly become vital and PIN retrieval by text must be eradicated. And that’s just for starters.
51% attacks are on the rise and hack attempts are almost constant. As long as wallets, users, and exchanges are vulnerable and/or fail to learn from the mistakes of their peers, nefarious individuals and entities are going to take advantage.
Hopefully the investigation by Chainalysis will eventually assist in identifying and recovering hacked assets, while the CipherTrace report awakens more in the industry to the huge monetary implications of their inaction and others in the industry continue to trace the money and put pressure on the culprits.