US$1.2 billion of Cryptocurrency Stolen from Exchanges in Last Two Years

Over the last two years, criminals have stolen over US$1.2 billion from exchanges in cryptocurrency as reported last week by CipherTrace, a company that traces cryptocurrency transactions. In the first half of 2018, there has been nearly three times as much cryptocurrency stolen as in all of 2017.

Bitcoin transactions do not require criminals to use their real names or bank account numbers which enables them to evade investigators. Instead, the criminals can use pseudonyms. Transferring cryptocurrencies does not require banks for other financial intermediaries.

Unlike robbing a bank, criminals can raid cryptocurrency exchanges with little fear of being caught. Once Bitcoin is stolen from an exchange, received as ransom or acquired through other illegal activity, the criminals need to “cleanse” it and convert it to real money that they can spend.

These illicit funds needed to be laundered in order to prevent the criminal’s identity from being determined by investigators. The term “money laundering” comes from when gangsters allegedly purchased actual laundromats to mix their dirty money from prostitution and bootleg alcohol with legitimate the business proceeds from the laundromat itself.

In the traditional money laundering world, cleaning now involves purchasing gold bars, cars, jewelry or real estate, and then reselling them. Bitcoin cleaning is more complicated. In the virtual world, it involves moving money into the cryptocurrency system and moving it around by using “mixers”, “tumblers” and “chain hopping” which take in funds from multiple customers, mix those funds together, and then output the mixed funds. The purpose of these money laundering services is to obscure the origin and receipt of cryptocurrencies. These services typically charge between 1% and 3% per transaction for their services. Criminals will lose a percentage to move the funds, but in the end the funds appear legitimate.

The more dirty cryptocurrency that goes into the systems and the more it moves around, the harder it is for investigators to see through the movement and trace the path back to the source.

Cryptocurrency gambling sites are also used as money laundering facilities. There are about 200 gambling sites that focus on cryptocurrencies. Criminals can establish accounts and then transfer funds for laundering to them. They will make simple bets and withdraw funds to a new address. This helps to create a break in the funds flow trace and acts in many ways like a currency mixer.

Using cryptocurrencies makes it more convenient to launder money on a global basis compared with using traditional financial payment mechanisms. It happens online without the need to buy gold bars, a yacht, or fly to Vancouver with cash to buy a house. It also makes it harder for law enforcement, regulators and compliance departments at exchanges to find illicit transactions and trace their origins and destinations.


97% of Bitcoin Criminal Payments Go To Unregulated Cryptocurrency Exchanges, a CyberCurb partner, today published a detailed report which concludes that 97% of direct bitcoin payments from criminal sources were received by unregulated cryptocurrency exchanges. Cryptocurrency money laundering is directly correlated to anti-money laundering (AML) regulations and enforcement on exchanges.

Cryptocurrency exchanges in countries with weak AML regulation receive nearly 5% of their payments directly from criminal sources. The analysis does not cover additional indirect criminal payments.

Over the last nine months, the top exchanges have laundered approximately $2.5 billion at today’s prices.

Criminals are flowing large amounts of dirty bitcoin into these poorly regulated exchanges and other services, such as mixers, turning it into “clean” cryptocurrencies. Then, they can move funds into the global financial payments system with little risk of being detected.

CipherTrace Cryptocurrency Intelligence analyzed 45 million transactions at the 20 top cryptocurrency exchanges globally. These transactions were identified as criminal if they came directly from a criminal source. The study defined ‘criminal sources’ as dark market site, extortion, malware, mixer/tumbler/money laundering site, ransomware, and terrorist financing.

At least 79 countries have weak AML regimes because they have not implemented at least one of the following controls: regulate illegal drug dealing; regulate money laundering related to other criminal activity; enforce Know-Your-Customer (KYC) regulations; report large transactions; report suspicious transactions; and, maintain records.

Over the last nine months, the unregulated or weakly regulated exchanges have been used to purchase 236,865 bitcoins worth of criminal services, representing $1.5 billion at today’s prices.

One unregulated top 10 exchange processed more risky transactions than non-risky transactions. The exchange is growing at 300%, with risky transactions and criminal transactions growing fastest.

In July, CipherTrace issued an alert on a spike in online mass customized extortion (spear phishing) using cryptocurrency as payment for ransom or blackmail. Other threats include advanced malware targeting crypto exchange personnel. Another new threat, SIM swapping, is becoming widespread. It involves transferring the victim’s phone number to a SIM card held by a hacker. Once SIM swapping attackers receive the compromised phone numbers, they use them to reset passwords and break into the victims’ accounts, including accounts on cryptocurrency exchanges. In one case, a hacker used the technique to allegedly steal $24 million from a single investor.

Criminal activity, whether it involves illicit business in dark markets, outright theft, extortion or malware attacks, increases the demand for money laundering. The ill-gotten cryptocurrency gains must be laundered before the criminals can spend them in fiat currency.

CipherTrace estimates that the total cryptocurrency stolen and reported in 2018 will be well over $1 billion.

In addition to starving terrorists, global drug cartels and other bad actors of cash, one major emphasis observed is countries around the globe looking to grow their digital asset economies by rolling out and enforcing strong Crypto AML and Combating Financing of Terrorism (CFT) regulations. Establishing their countries’ reputations as ‘safe’ digital markets helps to attract trustworthy cryptocurrency exchanges and digital asset businesses.

The Financial Action Task Force (FATF) is the global standard-setting body for anti-money laundering and combating the financing of terrorism. President Marshall Billingslea of the United States has said currently the adoption of anti-money laundering standards and regimes pertaining to digital assets and virtual currencies is “very much a patchwork quilt or spotty process,” which is “creating significant vulnerabilities for both national and international financial systems.” FATF is prioritizing work on preventing the financing of the proliferation of weapons of mass destruction; expanding the current emphasis on combating terrorist financing; and fostering improvements in the regulation and supervision of virtual currencies/crypto-assets.

There is an emerging use of virtual currencies by terrorist organizations, including ISIS, as well as in extortion schemes, such as the WannaCry attacks. Besides small-scale drug trafficking and fraud, the link between virtual currencies/crypto-assets and other crimes appears to be growing. Virtual currencies/crypto-assets facilitate easy online access and global reach which make them attractive to move and store funds for money laundering and terrorist financing. FATF is monitoring the risks associated with virtual currency/crypto-asset payment products and services, including pre-paid cards linked to virtual currencies, Bitcoin ATMs, and ICOs.