Attacking Cryptocurrency Theft: Transaction Databases and Analytics Have Criminals on the Run

A new reality is hitting home with cryptocurrency criminals and changing this category of cyber risk for the better: It has become more difficult to get away with illicit transactions and hold onto stolen goods, because the crypto world is not as opaque and anonymous as was once believed.

Although the data encryption embedded in the design of bitcoin and other digital currencies has yet to be compromised, crypto exchanges, virtual asset service providers (VASPs) and the blockchain ledger are not as impenetrable. Readily available surveillance and tracking technologies and services from such sources as Chainalysis, CipherBlade, CipherTrace and Elliptic are casting light on the vulnerabilities and aiding in investigations and law enforcement.

In addition, AI-powered solutions from the likes of Concentric, RapidMiner and SAS help organizations detect and recover from ransomware attacks that typically seek to extort payment in cryptocurrency.

“We definitely see cryptocurrency crime evolving,” says John Jefferies, chief financial analyst at blockchain analytics and compliance company CipherTrace, which is being acquired by Mastercard. Taking advantage of the blockchain's visibility along with analytic and monitoring tools, “You can typically follow the money around via numerous hops.”

He describes an exchange or VASP as the “choke point, where criminals will try to get the funds converted to cash, and that's where these guys often get caught.”

Still, “once you harden one aspect of the cryptocurrency landscape, we see the bad guys find a different way,” Jefferies adds. So there is no end to the threat as it continuously morphs.

Total Cost Down

The trend is going in the right direction. According to a CipherTrace report, this year's tally of “crypto thefts, hacks, and frauds,” at $681 million through July, has fallen significantly, from $1.9 billion in all of 2020 and $4.5 billion in 2019

Within that 2021 total, however, was a record-high $474 million in the decentralized finance (DeFi) sector, where conventional financial intermediation is being challenged. The PolyNetwork hack in August, the largest-ever crypto hack, was in the DeFi class, suggesting that hackers are seeking out targets with greater coding and communication vulnerabilities.

“Nothing about the PolyNetwork attacker's behavior was typical of a true white hat hacker,” Chainalysis director of research Kim Grauer told Bloomberg after the perpetrators returned the more than $600 million taken and reportedly offered to help the industry close the security gap. “The good news is that the blockchain is transparent, and we, along with the cryptocurrency community, had our eyes on the funds.”

Tom Robinson, chief scientist at Elliptic, as reported by Reuters, stated that hackers have found it increasingly difficult to get around the transparency of blockchain markets. That transparency is precisely what organizations such as Elliptic can exploit in countering crypto crimes.

"We need to dispel the myth that crypto assets are anonymous,” U.K. lawyer Syedur Rahman told Reuters. “The reality is that with the right rules and applications they can be tracked, traced and recovered,” said the Rahman Ravelli partner who represents Fetch.ai in litigation against the Binance exchange.

Small Number of Bad Actors

Chainalysis director of regulation and compliance Caitlin Barnett points out that “the vast majority of people who use cryptocurrencies do so for legitimate purposes, with less than 1% of cryptocurrency activity tied to bad actors.”

Chainalysis works with government agencies, exchanges, financial institutions, insurers and cybersecurity companies in over 60 countries. It offers the type of tracking strategy that was credited with recovering some of the $4.2 million in digital currency paid in the Colonial Pipeline ransomware incident in May. The New York Times headlined a report on that case: Pipeline Investigation Upends Idea That Bitcoin Is Untraceable.

The Chainalysis 2021 Crypto Crime report found cryptocurrency-related crime has declined in relation to total transactions: “In 2019, criminal activity represented 2.1% of all cryptocurrency transaction volume, or roughly $21.4 billion worth of transfers. In 2020, the criminal share of all cryptocurrency activity fell to just 0.34%, or $10.0 billion in transaction volume. One reason the percentage of criminal activity fell is because overall economic activity nearly tripled between 2019 and 2020.”

“Cryptocurrency crime remains a small part of the overall cryptocurrency economy” and is “comparatively smaller than the amount of illicit funds involved in traditional finance.”

Ransomware Rising

In 2020, scams including bogus initial coin offerings (ICOs) accounted for 54% of illicit cryptocurrency activity, representing approximately $2.6 billion of cryptocurrency received. Darknet markets were next, at $1.7 billion.

Chainalysis said the most notable rise in cryptocurrency crime last year was in ransomware, with funds received rising more than 300% from 2019, to $406 million. The average known ransomware payment grew from $12,000 in 2019's fourth quarter to $54,000 in the first quarter of 2021. In one headline-making case, in March, insurer CNA Financial was hit by a ransomware attack reportedly costing $40 million.

Basic Countermeasures

In terms of lessons learned, Paul Sibenik, lead case manager and expert in blockchain forensics at CipherBlade, says a key one is that both individuals and businesses must store cryptocurrency in a personal or self-custodial wallet, ideally in hardware form, and should never enter master passwords or seed phrases on a digital device. “If people actually followed that advice, about 99.5% of thefts wouldn't happen,” he says. But that will not necessarily protect against all scams.

Sibenik also offers due-diligence advice: Use more than one exchange, ascertaining that they have completed independent, third-party security audits and proofs of reserves. Users also need to keep in mind that “just because an exchange claims to have a 'comprehensive AML [anti-money laundering] program' doesn't make it true,” he says.

J. Gdanski, CEO and founder of crypto-asset and blockchain-risk insurer Evertas, says that corporate investors want to work with exchanges that have gone through an audit and have insurance from a reputable carrier. “Always ask to see the insurance policy and make sure they operate in a regulated jurisdiction and in the one you operate in,” he says.

Steffen Kern, chief economist and head of risk analysis, European Securities and Markets Authority, and Simi Siwisa, head of group public policy, Absa Group, in a World Economic Forum blog post, say that to combat these crimes, “Collaboration is crucial, and digital assets require regulation through international cooperation, local enforcement, and by authorities technologically equipped to keep track of these very fast developments.”

Kern and Siwisa call for broader acceptance of 2019 guidelines from the Financial Action Task Force on crypto-asset supervision and risk mitigation. They add that “only a quarter of countries have adopted those guidelines.”

They conclude, “Once scalability issues with blockchain are ironed out and technological solutions reduce the risk of fraud, digital currencies could deliver a positive experience around the world.”

Katherine Heires is a freelance business journalist and founder of MediaKat llc.