Visible to the public Cybersecurity Snapshots #23 - Cybercriminals Are Decreasing Their Use of BitcoinConflict Detection Enabled

Cybersecurity Snapshots #23 -

Cybercriminals Are Decreasing Their Use of Bitcoin

In a new report, McAfee researchers discovered that from Q3 to Q4 of 2020, the number of ransomware incidents that affected organizations rose 69% compared to Q1 and Q2 of 2020. Many ransomware gangs have used Bitcoin to collect ransomware payments; however many ransomware groups are now requesting ransom payments to be paid using "more secure" cryptocurrencies.

The U.S. Treasury has tracked $5.2bn worth of Bitcoin transactions likely to have been ransomware payments in the first half of 2021. Its Financial Crimes Enforcement Network (FinCEN) bureau stated that the $5.2bn figure is associated with 177 wallet addresses mentioned in the Suspicious Activity Reports (SARs) sent by banks to the authorities to combat financial crime and money laundering. The number of those SARs related to ransomware has soared over the first half of 2021, FinCEN said. Some 635 were filed during the reporting period of January 1 and June 30, 2021, up 30% from the total of 487 SARs filed for the entire 2020 calendar year.

Researchers at Elliptic found that cybercriminals are becoming more sophisticated in their use of cryptocurrencies to launder money, with hundreds of millions of dollars of dirty funds last year flowing through digital wallets that allow users to hide their trail. At least 13% of all criminal proceeds in Bitcoin passed through privacy wallets, making it harder to track cryptocurrency transactions in 2020, up from 2% in 2019. Bitcoin has often been mislabeled as an anonymous digital currency, but the reality is very much the opposite; anonymity has never been a characteristic of the currency or the blockchain it's built on. The currency's public ledger records every transaction broadcast across the network, resulting in the ability to trace all coins from their originating source to their final destination. For that reason, Bitcoin is referred to as pseudonymous rather than anonymous. Over the past decade, law enforcement has become better at tracking illicit activity on blockchains. Privacy wallets, of which there are several types, combine, mix, and anonymize cryptocurrency transactions, making it complicated to follow a money trail. The security researchers at Elliptic stated that privacy wallets make it practically impossible to track funds, especially if adversaries do a series of transactions through privacy wallets. Recent law-enforcement action to seize or disrupt high-profile criminal marketplaces (Empire, Dark Market, and AlphaBay) show the advancement of blockchain analysis techniques. Cybercriminals now realize that even with using privacy wallets, there is an inherent danger that the owner of a wallet may be unmasked through historical transactions with arrested individuals, identifiers, and previous connections to criminal platforms. Cybercriminals are increasingly advocating a shift from Bitcoin to alternative, privacy-based digital currencies, such as Monero.

Monero is emerging as the new go-to criminal coin because of its reputation and experience. Monero is regarded as one of the industry's most privacy-focused coins in existence. The currency builds on the strengths of Bitcoin but looks to maintain the privacy of the user's transaction activity. The Monero community recently attempted to get the currency included as a viable payment option, alongside Bitcoin, for Tesla. This showcases its popularity in the crypto world. Another cryptocurrency that adversaries might use in the future includes ZCash. ZCash started in 2016 and stems from the same code as Bitcoin, but the currency operates on its blockchain with a PoW (Proof of Work) mining consensus separate from that associated with Bitcoin. The currency incorporates the use of private "shielded" and public transfers. This enables transactions to be verified without revealing the sender, receiver, or transaction amount. Interestingly, this currency allows a user to disclose particular details of a transaction for compliance or audit purposes.

Another cryptocurrency that might be used by cybercriminals in the future includes Dash. Although the coin's creator states the currency is not an "AEC" (Anonymity-Enhanced Cryptocurrency), a function called PrivateSend allows a user to opt to send transactions anonymously. The technology essentially complicates transactions by continuously pooling groups of transactions to the point that analytics cannot detect where coins are being sent or received. Cybercriminals may also use Verge cryptocurrency in the future. This digital currency was created in 2014 and runs on its blockchain. Initially known as "DogeCoinDark," Verge enables private transfers through the use of I2P or Tor, which helps conceal user locations. Cybercriminals may also use two newer cryptocurrencies called Beam and Grin in the future. These currencies emerged on the scene in 2019 with a newer blockchain technology called Mimblewimble. This technology introduces the concept of no identifiable or reusable addresses, meaning that all transactions look like random data to an outsider, with blocks looking like one large transaction rather than a combination of several individual ones.

Researchers believe that in the future, the use of Bitcoin by cybercriminals to receive payments from victims will decrease. Cybercriminals will still probably use Bitcoin, but most of the time, victims will be expected to make payments using more "secure" cryptocurrencies. This will make it harder for law enforcement to track payments and cybercriminals in the future.