When the FBI successfully breached a crypto wallet held by the Colonial Pipeline hackers following the trail of money on the bitcoin blockchain, it was a wake-up call for any cybercriminal who thought that transacting cryptocurrency automatically protected them from scrutiny. .
One of the basic principles of bitcoin is that its public ledger, which stores all token transactions in its history, is visible to everyone. This is why more hackers are turning to currencies like dash, zcash, and monero, which have additional anonymity built in.
Monero, in particular, is increasingly the cryptocurrency of choice for the world’s top ransomware criminals.
“The smartest criminals are using monero,” said Rick Holland, director of information security for Digital Shadows, a cyber threat intelligence firm.
Created in 2014
Monero was launched in 2014 by a consortium of developers, many of whom chose to remain anonymous. As detailed in their white paper, “privacy and anonymity” are the most important aspects of this digital currency.
The privacy token operates on its own blockchain, which hides practically all the details of the transaction. The identity of the sender and recipient, as well as the amount of the transaction itself, are disguised.
Due to these anonymity features, monero allows cybercriminals greater freedom from some of the tracking tools and mechanisms offered by the bitcoin blockchain.
“On the bitcoin blockchain, you can see which wallet address transacted, how many bitcoins, where it came from, where it goes,” explained Fred Thiel, former president of Ultimaco, one of the largest crypto companies in Europe, who has worked with Microsoft, Google, and others on post-quantum encryption.
“With monero, [the blockchain] It obfuscates the wallet address, the amount of the transactions, who the counterpart was, which is exactly what the bad actors want, ”he said.
While bitcoin still dominates ransomware lawsuits, more threat actors are starting to ask for monero, according to Marc Grens, president of DigitalMint, a company that helps corporate victims pay ransoms.
“We have seen REvil… give discounts or request payments in monero, only in the last few months,” Holland continued.
Monero was also a popular option on AlphaBay, a popular mass underground market until it closed in 2017.
“It’s almost as if we’re seeing, at least from a cybercriminal perspective, a resurgence … in monero, because it inherently has more privacy than some of the other currencies,” Holland said of the recent rise in popularity of monero among actors in the space. ransomware.
However, there are some major barriers when it comes to monero integration.
For one thing, it’s not as liquid as other cryptocurrencies – many regulated exchanges have chosen not to list it due to regulatory concerns, explained Mati Greenspan, portfolio manager and founder of Quantum Economics. “He’s certainly not enjoying the recent wave of institutional investment as much,” he said.
In practice, that means that it is more difficult for cybercriminals to charge directly in the currency.
“If you are a corporation and you want to acquire a lot of monero to pay someone, it is very difficult to do,” Thiel told CNBC.
The digital currency could also be more vulnerable to regulation on its entry and exit ramps, which is the bridge between fiat cash and crypto tokens.
“I would bet to say that the United States and other regulators will close them [monero] very hard, “said Thiel.
One way they could do it: tell an exchange that if they list monero, they risk losing their license.
But while the US government may keep monero at bay by marginalizing liquidity points, Castle Island Ventures founding partner Nic Carter believes that the markets that allow peer-to-peer transfers from monero to fiat will always be difficult to regulate.
There is also nothing to keep hackers within the jurisdiction of the US Criminals could easily choose to conduct all of their transactions abroad, in places that are not subject to the kinds of controls that US regulators could put in place.
Bitcoin still rules ransomware
Cyber insurance is another reason bitcoin remains the currency of choice for most ransomware attacks.
“Insurance is so important in this space, and insurers often refuse to reimburse a ransom payment if it was in monero,” said former CIA case officer Peter Marta, who now advises companies on the cyber risk management as a partner at the Hogan Lovells law firm.
“One of the things that insurers will always ask is what type of due diligence the victim company carried out, before making the payment … to try to minimize the possibility that the payment will go to an entity on the sanctions list,” explained Marta . .
Traceability is more easily achieved with bitcoin, since its blockchain shows the transaction amounts and the addresses of both the sender and the recipients participating in the exchange. There is also an infrastructure in place for officials to monitor these transactions.
The authorities maintain lists of bitcoin wallets, which are linked to different sanctions regimes.
While monero offers a higher degree of privacy over bitcoin, Holland notes that threat actors have mastered certain techniques to anonymize transactions in bitcoin, in order to obscure the chain of custody.
He says that cybercriminals often turn to a mixing or dumping service, where they can combine illicit funds with clean crypto to essentially create a new type of bitcoin, at which point they turn to currency exchanges.
“Just like you would from dollars to pounds … they can switch to bitcoin, to monero, then back to bitcoin, and then get a bitcoin ATM card, where they can withdraw dollars with it,” Holland explained.
So even though the bitcoin blockchain is public, there are still ways to make it difficult for researchers to trace transactions to their final destination.