Cybersecurity professionals wrinkle their noses at the mere mention of cryptocurrency, immediately associating it with crypto crimes. This often extends to anything related to blockchain, as the gut rejection of anything related to crypto typically includes the entire blockchain technology.
How did a technology born from starry-eyed dreams of making the world a better place become such an anathema in the cybercommunity?
The anonymity granted by cryptocurrencies offers cybercriminals leeway to operate with relative impunity, to facilitate extortion through the payment of ransomware demands. One of the touted features of cryptocurrencies is the anonymity they provide for financial exchanges. This has made them attractive for those seeking to engage in illicit activities, as it allows them to mask their identity and avoid detection by law enforcement. Monero and other cryptocurrencies designed to champion anonymity have gained popularity among cybercriminals, making it even harder to trace their activities.
Despite their potential for abuse, there has been relatively little regulation of cryptocurrencies. While some governments have implemented measures to try and control their use, these regulations have often been inadequate or difficult to enforce. For example, many countries have implemented requirements for exchanges to report suspicious activity or comply with know-your-customer (KYC) regulations, but these have proven difficult to enforce and have not been sufficient to curb the use of cryptocurrencies for illegal purposes.
To make matters worse, global collaboration in regulating cryptocurrencies is still in its infancy, and the inherently international nature of blockchain complicates drawing actionable legislation.
Tracking the numerous and rapidly evolving crypto-related regulations is best undertaken by professionals, and an excellent first step for non-professionals to check the legality of their activity is this regularly updated article.
With the current chaotic regulatory environment, law enforcement agencies have struggled to keep up with the rapid growth of cryptocurrencies and the associated cybercrime but have succeeded in some major busts.
Aside from the infamous recent arrest of Bankman-Fried for massive fraud at the FTX crypto exchange, law enforcement has garnered some notable successes in the last years. Let’s mention, for example, the recent arrest of a gang who laundered $1.7 billion via crypto by the Chinese, last November’s seizure of $3.36 billion of bitcoin from “a man who unlawfully obtained more than 50,000 bitcoin from the dark-web market Silk Road over a decade ago”, and the arrest of Ilya Lichtenstein and his wife, Heather Morgan, for the 2016 hack of Bitfinex that netted them 119,754 bitcoin.
However, these have been isolated incidents targeting mainly targeting crypto thieves, but far less success is seen when targeting ransomware actors, those that destabilize entire economies. This is due partly to geographical obstacles. A large part of ransomware activity emanates from Russia with the allegedly tacit approval of the Kremlin. Other ransomware actors are operating out of North Korea or other faraway locations, with or without the backing of their local government.
Additionally, the perpetrators of ransomware attacks often use sophisticated techniques to cover their tracks and evade detection, such as anonymous servers and virtual private networks (VPNs). Finally, even if the perpetrators are identified and apprehended, they may be difficult to prosecute due to some countries’ lack of laws explicitly addressing ransomware attacks.
The lack of regulation and difficulty in tracing transactions have made it challenging for law enforcement to effectively investigate and prosecute cryptocurrency-related crimes.
Yet, according to Andy Greenberg's recent book “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency”, this might be changing.
Andy Greenberg chronicles the efforts of law enforcement agencies and cybersecurity experts to track and apprehend individuals who use cryptocurrency for illegal activities. The book covers several high-profile cases of cryptocurrency-related crime, including the arrest of Ross Ulbricht, the Silk Road darknet market operator, and the capture of Alexandre Cazes, the creator of the AlphaBay darknet market. It also discusses the use of techniques such as blockchain analysis and malware tracking to identify and locate suspects.
Other examples of caught criminals mentioned in the book include:
· Oleg Pliss, a hacker who stole the login credentials of over 400,000 Apple iCloud accounts and demanded a ransom in Bitcoin
· Roman Seleznev, a Russian hacker convicted of stealing and selling credit card numbers on the darknet
· Pavel Vrublevsky, a Russian cybercriminal convicted of hiring a DDoS attack against a rival company
The book also covers the challenges law enforcement agencies face in investigating and prosecuting cryptocurrency-related crimes, including the difficulty of tracing transactions on the blockchain and the jurisdictional issues that can arise when suspects are located in different countries.
Even the staunchest proponent of the lack of centralized authority to oversee financial transactions would like to be able to recuperate stolen funds when their or their friends and family’s wallets or savings on an exchange are being stolen.
Here are a few techniques used to trace cybercriminals:
This can be done using specialized software tools that visualize the flow of funds between different addresses and help identify clusters of activity that may be associated with particular individuals or organizations.
Malware tracking: Cybercriminals often use malware to infect computers and steal sensitive information, including login credentials for cryptocurrency wallets. By tracking the spread of malware and analyzing its behavior, investigators can identify the individuals or groups responsible for deploying it.
Network analysis: This involves analyzing the structure and relationships of the network of individuals and organizations involved in a particular cryptocurrency-related crime. This can be done by examining the metadata associated with transactions, such as IP addresses and timestamps, to identify the parties involved and their roles in the criminal enterprise.
Social media analysis: Social media platforms can be a valuable source of information for investigators trying to track down suspects. By examining the online activity of individuals and groups, investigators can identify patterns of behavior and potential connections to illicit activities.
Collaboration with exchanges: Cryptocurrency exchanges play a crucial role in facilitating the transfer of funds between different wallets and can be a valuable source of information for investigators. Many exchanges have policies to cooperate with law enforcement agencies and can provide data on the parties involved in particular transactions.
Legal action: In some cases, investigators may use legal action, such as court orders or subpoenas, to obtain information from individuals or organizations that can help identify the parties involved in a cryptocurrency-related crime. This can include data on wallet addresses, transaction histories, and other details that can help build a case against suspects.
The potential impact of cryptocurrencies as a facilitator of cybercrime on the global economy is significant. Cyber-attacks can majorly impact businesses, causing financial losses, reputational damage, or even bankruptcy. The worst offender, ransomware, infects a computer or network and encrypts the data, making it inaccessible to the victim unless a ransom is paid in cryptocurrency. The impact of ransomware has been so dire as to jeopardize entire economies and lead to the publication of the May 2021 US Executive Order on Improving the Nation’s Cybersecurity.
Yet, cryptocurrency-linked criminal attacks are not limited to ransomware.
They also include:
Crypto-jacking malware: This type of malware infects a computer and uses its resources to mine cryptocurrency without the victim’s knowledge or consent. This drain the resource of the networks, computers, or other devices successfully targeted, slowing down their performance and can cause long-term damage if left unchecked.
Blockchain-based botnets: A botnet is a network of compromised computers that can be controlled remotely by an attacker. Some botnets have been created using blockchain technology, allowing them to be more decentralized and harder to shut down. Botnet networks can be used in Distributed Denial of Service attacks (DDoS) or to spread disinformation for political or other causes. In the cryptoverse, it is often used to push pump and dump operations.
Pump and dump schemes are a type of market manipulation that involves the promotion of a cryptocurrency to create a buying frenzy that drives up the price, followed by the sale of the promoter’s own holdings at a profit. These schemes are often orchestrated through chat groups or social media, where members coordinate their efforts to buy the cryptocurrency in question, creating artificial demand and inflating the price. Once the price has been driven up, the promoters will sell their holdings, causing the price to plummet and leaving late investors with significant losses. Pump and dump schemes are illegal in many countries and are considered to be fraudulent activities.
Some crypto-criminal activity only targets active members of the cryptocurrency community, targeting services used only by them.
Malicious mining pools: A mining pool is a group of miners who combine their resources to increase their chances of finding a block and earning a reward. Some mining pools have been found to be malicious, with operators using their resources to attack other networks or engage in other illicit activities.
Smart contract exploits: Smart contracts are self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code. Some malicious actors are keen to exploit vulnerabilities in smart contracts to steal funds or manipulate the terms of the contract to their advantage.
Overall, the use of malware designed specifically to target vulnerabilities in blockchain code is a growing concern as the use of cryptocurrency and blockchain technology becomes more widespread.
Crypto-enthusiasts need to work within their communities — which include ransomware actors — to curb cryptocurrency-related crime as an essential step in the integration of cryptocurrencies into fiat-based economies.
Cybersecurity professionals might consider specializing in blockchain-related exploits, as smart contracts are not limited to cryptocurrency transactions but are also used in several industry sectors to reduce cost, increase transparency and fairness and advance the sector’s efficiency.
Blockchain application use cases include:
Given the ill-repute of cryptocurrency in the cybersecurity community, cybersecurity professionals specializing in smart contract exploits might well benefit from a niche sector for this highly specialized cybersecurity subdomain, with growing demand and limited offers, in the near future.
Also published here.