Euro Security Watch with Mathew J. Schwartz

Cryptocurrency Fraud , Fraud Management & Cybercrime , Ransomware

Criminals Still Going Crazy for Cryptocurrency

Innovation and Privacy Enhancements Complicate Law Enforcement Investigations
Criminals Still Going Crazy for Cryptocurrency
A shop in Dundee, Scotland, advertises its bitcoin ATM. (Photo: Mathew Schwartz)

Cybercrime as we know it today wouldn't exist without a multitude of technologies and services, including cryptocurrency, that criminals have been able to turn to their advantage.

See Also: 5 Requirements for Modern DLP

That point has been driven home in the latest Internet Organized Crime Threat Assessment from Europol, the EU's law enforcement intelligence agency. The IOCTA report is based on what law enforcement agencies across the 27 EU member states have been seeing in the course of their investigations during the past year (see: Cybercrime: 12 Top Tactics and Trends).

One common theme: the extent to which criminals have been able to abuse legitimate technologies to further their illicit purposes as well as the extent to which they keep innovating.

Cryptocurrency is one of the prime examples. "Cryptocurrencies are a perfectly legal payment mechanism in most countries, but what we see there is a move to more privacy-enhanced cryptocurrencies," Philipp Amann, head of strategy at Europol's European Cybercrime Center, tells me.

To be clear, bitcoins and other virtual currencies are also a frequent target of many criminals, who continue to target cryptocurrency wallets being held by individuals, organizations and cryptocurrency exchanges. A successful exchange heist, for example, can potentially net attackers millions of dollars' worth of cryptocurrency.

During 2019, the report counted 10 successful hits against exchanges hosting digital wallets for their customers, leading to the loss of 240 million euros ($281 million). While that was a record number of attacks, the record loss on an annual basis so far remains 950 million euros ($1.1 billion) in 2018, largely due to the nearly 500 million euros stolen from Japanese exchange Coincheck.

Ransomware, Darknet Markets and More

Cryptocurrencies, of course, also underpin many criminal enterprises. Ransomware attackers, for example, typically demand payment in bitcoin. Buyers and sellers of illicit products and services - firearms, illegal narcotics, stolen databases, malware - typically rely on cryptocurrency because it helps disguise transactions.

For these reasons, darknet markets also rely on cryptocurrencies, sometimes offering escrow services that hold a buyer's payment to a seller until the buyer receives their goods. Given that millions of dollars' worth of cryptocurrency might be in escrow at any given time, however, the temptation for administrators to simply run away with it all and leave the market to die - in what's known as an exit scam - continues to be strong, as the recent fall of the Empire market demonstrates.

Accordingly, Europol predicts that "more marketplaces are likely to deprecate the traditional centralized model with deposit and escrow accounts in favor of direct transactions between buyers and sellers, decreasing the influence of market administrators and discouraging exit scams."

Follow the Coins

Investigators have the ability to "follow the money" even where cryptocurrencies are concerned, including with bitcoin. But law enforcement officials say that the rise of more privacy-focused cryptocurrency, such as monero, zcash, and dash, has made tracing transactions more difficult.

"Privacy-focused services aside, the bitcoin protocol itself is expected to soon implement features that will make it less transparent to casual observers and investigators alike," Europol's report notes.

Criminals have long employed tumbling, which means using a third-party service or technology to launder bitcoins by attempting to mix them by routing them between numerous addresses.

More recently, criminals have also begun using a legitimate concept known as "coinjoin," which is offered by Samourai and Wasabi and sometimes built into cryptocurrency wallets as a feature. This involves users agreeing to mix their virtual coins together while paying for separate transactions, which can make individual transactions much tougher to trace.

Exchanges Improve Their Reporting

To help stop the flow of illicit cryptocurrency funds, more governments are attempting to make exchanges implement classic anti-fraud and anti-money-laundering tactics, including know your customer - KYC - rules. Some government agencies, such as the U.S. Internal Revenue Service, have also been investing in new tools for tracking such transactions.

"Exchanges still differ in the degree to which they address the issue and the level of assistance they provide to investigators," Europol's report states. But it notes that numerous exchanges have been improving their KYC practices and flagging suspicious users and transactions.

"In Europe, the most important legislative development in this area was a transposition of the 5th Anti-Money Laundering Directive," the IOCTA report notes. "The directive states that cryptocurrency exchanges and wallet providers who own private keys of their clients are obliged entities, mandating them, among other things, to a proper identification of their clients." All 27 EU member states were required to implement the directive via national laws by January. But at that point, only 20 had done so, although Europol says more have been doing so this year.

Oversight of cryptocurrency ATMs - estimated to number more than 9,000 globally - is also improving. "ATMs have often been perceived as a way to privately obtain or sell cryptocurrency," Europol's report notes. "Nevertheless, compliance also gradually improves as an increasing number of operators require customer identification and flag suspicious transactions."

Such moves won't stop criminals from being able to use cryptocurrency to profit from cybercrime or otherwise launder ill-gotten gains. But the increased monitoring of such transactions could help give authorities a better edge when they attempt to track and disrupt criminal enterprises.

Senior correspondent Chinmay Rautmare contributed to this post.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.