Caught Doing the Crypto Laundering

You’ve got to feel sorry for hackers. With all the problems they face in designing an attack and evading law enforcement, they also have to worry about being too successful. That’s right. Being too successful, getting too much money, is one of their biggest problems. Why? Because the real big time hackers, like ransomware groups, only accept their payments in cryptocurrency. The problem with cryptocurrency is in changing it into useable currency. That’s not much of a problem when you don’t have much to exchange, but when you’re looking to exchange millions of dollars, things get more complicated.

Cryptocurrency exchange platforms, like Coinbase, have limits on how much a person may withdraw over a certain period of time. Even Coinbase Pro will only allow a $50,000 withdrawal a day. There are also limits on deposits. In addition, these transactions come with fees and any conversions into real currency will be treated as income and must be reported as such. Any tax not paid on these withdrawals will get the person withdrawing the funds into trouble with tax agencies. Keep in mind that, in the U.S., there is a new question on the standard 1040 tax form. It simply asks if you have received any income from cryptocurrency.  Of course, if you say ‘no’ or don’t check the box and the government later finds you received such income, you will be in trouble. But it gets worse.

Coinbase does offer you the chance to raise your daily withdrawal limits, but, before you begin to do so, you should be aware of the personal information you will have to give them. You will have to

Now, Coinbase may already have much of this information, but maybe not. So what’s the problem? Of course, there’s always the worry that Coinbase will be hacked and all of this personal information you provided can be stolen. And that’s no idle fear. Coinbase was hacked as recently as October and customers lost a lot of money. The stolen money was purportedly reimbursed by Coinbase, but the story didn’t end there. As reported at the time, “apart from transferring funds, the Coinbase hack also exfiltrated users’ personally identifiable information (PII), including full names, birth dates, IP addresses, email, home addresses, account holdings, balances, account activity, and transaction history.” It goes without saying that, when hackers get such information, they will use it for more hacks, certainly on the users whose credentials they have obtained and possibly on Coinbase itself.

But even if Coinbase develops the best cybersecurity architecture on Earth, your information can still be accessed. If, for whatever reason, the government feels you have been involved in suspicious cryptocurrency activity, or have not paid your taxes, they can require Coinbase to give up your personal information and Coinbase will be happy to do so, because that’s what they’ve always done in the past.

The following chart from the most recent Coinbase transparency report shows that over half the requests for information came from the F.B.I. and Homeland Security. IRS requests accounted for 13.3% of requests, which is an increase of 4.5%. This is the biggest quarter-on-quarter increase of any sector and may indicate a trend. The fact that President Biden wants to double the number of IRS workers by hiring 87,000 more people would seem to indicate that IRS information requests to cryptocurrency exchange platforms should increase dramatically.

In other words, if you were a major hacking group, you would avoid these exchange platforms. You might want to do OTC (over the counter) or peer-to-peer exchanges which basically amounts to you making a deal with someone who wants to buy your Bitcoins. Even though you may be able to work through an agency and use escrow, this is a somewhat risky way to cash out. You’d have to proceed very cautiously or you will get scammed. I can’t say this would never work but there is high risk involved. People do lie.

In short, the Bitcoin exchange landscape looks a little bleak. So what’s a poor hacker to do? Enter Bitcoin mixers. These are special services that will help keep your Bitcoin transactions anonymous. Instead of being able to follow your transactions along the blockchain, these services put different Bitcoins from different sources into one account and then disburses them in mixed combinations. Other obfuscation methods, such as encrypting, may be thrown into the mixer to make transactions untraceable, or nearly so.

But isn’t this illegal? Yes and no. Some users may just want to get an extra level of anonymity, and there’s nothing illegal about that. However, if you are laundering or mixing a large amount of money, then, it is probably illegal.

Once upon a time there was a Bitcoin mixer named, Bitcoin Fog. It operated happily as a Bicoin mixing service for over a decade. Then, one day, as the owner of the company, Roman Sterlingov, was arriving at Los Angeles airport, he was arrested by the evil IRS.

They appeared to take a stand against mixer services in their affidavit, saying that mixers, like Bitcoin Fog allow “customers engaged in unlawful activities to launder their proceeds by concealing the nature, source, and location of their ‘dirty’ bitcoin. BITCOIN FOG publicly advertised this service as a way to help users obfuscate the source of their bitcoin. BITCOIN FOG charges customers a fee for this service.”

Bitcoin Fog was brought down by a special agent pretending to be someone trying to launder drug money. The case, at least from what I understand from the affidavit, is not particularly strong. The main charge is for operating a money transmission service without a license. The money laundering charge will be harder to prove. It is mainly a guilt by association charge. Because Bitcoin Fog, and by association, Stelingov, operated on deep web markets, it is assumed that they must have helped criminals launder their Bitcoins.

One of the biggest, if not the biggest, attempt to launder money occurred after Japan’s Coincheck Exchange was accessed by cyber criminals on January 26, 2018, and $530 million worth of a cryptocurrency named, NEM, was stolen. Apparently, the criminals realized in advance that their biggest problem would be cashing out their stolen currency. They, therefore, sent the currency out to 19 addresses which then sent them off to other addresses to make the coins more difficult to trace. They then opened their own cryptocurrency exchange and invited people to buy Bitcoins from them at very good prices. In the end, the coins were mixed and distributed to over 130,000 accounts. Buyers received mixed coins and were none the wiser for it. Of course, the criminals received their own share of mixed coins.

As of this date, about one-third of these coins have been tracked down but the bulk of them have not. Although the identity of the hackers remains unknown, 31 people were arrested for knowing that they were dealing with stolen currency. They were uncovered by reckless exchange habits that brought attention to themselves.

Although using any laundering service can be risky, these mixer sites continue to thrive. They often advertise on deep web markets because that’s where the customers are. People there pay for products or services that they’d rather not have law enforcement know about. They need as much anonymity as they can get. Be aware, though, that any mixer using deep web market sites puts itself in jeopardy of being closed by the government. This, however, does not apply to Russian mixer sites because, even if U.S. law enforcement may be able to get Russian law enforcement to close the site, the owners will not be extradited.

Currently, it appears that law enforcement is cracking down on mixer sites. Much will depend on the outcome of the Bitcoin Fog case. If, indeed, it is determined that even offering mixing on a deep web market is enough to qualify for money laundering, then these sites will begin to disappear. Enter at your own risk.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s