Crypto Exchange Bug Reveals North Korean Monero LaunderingShapeShift's Systems Reduced Privacy for Monero, Researcher Says
Weaknesses in the systems of ShapeShift, a U.K.-based cryptocurrency exchange, reveal how a North Korean-linked group laundered cryptocurrency that came from a notorious ransomware attack in 2017.
The issues also put at risk the privacy of some other users of Monero, a cryptocurrency designed to provide a high degree of privacy, who transacted on ShapeShift.
The bug appears to have been discovered by multiple parties, including Nick Bax, who recently received a doctoral degree from Stanford University School of Medicine and is an independent analyst who studies blockchain and cryptocurrencies. He published a blog post about the bug on Tuesday.
Bax's analysis "is a good real-world example of flaws in Monero that have been understood, theoretically, for a long time," says Ian Miers, an assistant computer science professor at the University of Maryland and a cofounder of Zcash, a privacy-focused digital currency.
Miers says the research highlights broader security issues with Monero, and ones that are not unique to ShapeShift. "You can play connect the dots with some Monero transactions if you have data from exchanges. And Monero was supposed to protect you even if that data was known," he says.
The issues in ShapeShift's systems have been known for a number of years, says Justin Ehrenhofer, the host of Breaking Monero, a video series focused on Monero. But it shouldn’t reflect on Monero's current privacy state, which has improved since 2017, Ehrenhofer says.
Also, Ehrenhofer says that the Lazarus group made some notable and revealing moves, including sending large amounts of Monero around at a time when those transactions would have been unusual.
Follow the Chain Hop
The technical details dig into the intricacies of how virtual currencies can be shifted around, and the challenges those shifts pose in tracing.
Bax says that between April 2015 and November 2019, ShapeShift's API used 32-byte payment IDs. Those payment IDs are available from Monero's blockchain, which meant those transactions would be easier to trace using an EAE attack, also known as a "poisoned outputs" attack, he says.
ShapeShift stopped using payment IDs in November 2019 and switched to using subaddresses, which cannot be publicly determined. But the API was still available until Friday without rate limiting. That meant that anyone could have simply downloaded the transaction data, which poses a continuing privacy threat, Bax says. He estimates that as many as 100,000 XMR historical deposits and 250,000 XMR historical withdrawals may be at risk.
Bax wrote that an EAE attack against ShapeShift could be used to "trace transactions by innocent users who are attempting to protect their own privacy."
In a statement, ShapeShift says that it has now addressed the API issue and indicated that users should have known their transaction details could be gathered per its terms of service. The company's full statement is here.
The exchange has surfaced in media reports in the past, including this one from The Wall Street Journal, in connection with how suspected cybercriminals may have abused it.
Bax first notified ShapeShift in October 2020 of the issues he found, but kept it under wraps as he waited for the exchange to fix up the API.
Last week, however, a clue appeared that suggested other people had come across ShapeShift's weaknesses, including a tantalizing connection to one of the most notable computer security incidents of all time, WannaCry 2.0. It prompted Bax to move ahead with his own findings.
It started when documents purportedly belonging to cryptocurrency tracing company Chainalysis were posted on the internet. Chainalysis hasn’t confirmed the veracity of the documents, which are written in Italian and are marked "proprietary and confidential."
One document claims the company was able to follow the path of bitcoins laundered as a result of the WannaCry 2.0 ransomware.
It says that Chainalysis was able to follow bitcoins being exchanged for Monero and then to bitcoin cash. The technique is known as "chain hopping," and it is designed to make transactions harder to follow. The documents didn't offer more information on how Chainalysis was purportedly able to follow the laundering.
Thousands of organizations were infected with WannaCry 2.0, which was a network worm that rapidly spread through computers and then encrypted files. The U.S. government blamed the attack on the Lazarus group, believed to be sponsored by North Korea (see: After 2 Years, WannaCry Remains a Threat).
Bax's blog post details the nitty gritty of how he traced the path of the Lazarus group's laundered bitcoins. Lazarus received at least 52 bitcoins from victims. Bax says that on Aug. 2, 2017, Lazarus exchanged bitcoin for 820.79942522 XMR, the abbreviation for Monero.
Lazarus also appeared to exchange some bitcoin at Changelly, another exchange. Then on Aug. 17, 2017, it consolidated the Monero in three transactions on ShapeShift. Finally, on Nov. 2, 2017, Lazarus exchanged 536 XMR to bitcoin cash on ShapeShift in nine transactions.
It is expected that tracing cryptocurrency is going to become harder if bitcoin falls out of favor and Monero or other privacy-focused coins are embraced by cybercriminals. Nonetheless Bax writes that all hope is not lost, though, particularly as exchanges may still have internal data that could help investigators.
"While most exchanges do not readily provide information about all of their Monero deposits and withdrawals, this example serves to demonstrate that Monero tracing is sometimes feasible when exchange-level data is leaked, stolen or obtained through legal means," Bax writes.