Cryptomixers Enable Laundering of Ransomware Payments

0


[ad_1]

While cryptomixers are not illegal on their own, they have become “a mainstay of ransomware programs,” according to a report by Intel 471.

As the name suggests, cryptomixers, typically stand-alone services, mix streams of identifiable cryptocurrency to add anonymity to transactions. “They often use anonymous means of communication and do not keep customer transaction logs,” Intel 471 researchers wrote in a blog post.

But “actors around the world have taken advantage of the increased anonymity of this technology to buy and sell illegal goods, services, stolen data, underground infrastructure and force victims to pay ransom,” the researchers said. Intel 471. “While blockchain analysis allows researchers and law enforcement agencies to glean information about illicit transactions, criminals have retaliated by adopting the use of cryptomixers to hide their transactions and complicate more surveys. “

Cryptomixers allow criminals to cash in and hold “criminal underground liquid through the trade in illicit goods and services,” they said.

Threat actors use mixers to send Bitcoin or other cryptocurrency to a wallet address owned by a mixing service operator, where it is pooled with the service’s own cryptocurrency and that of other cybercriminals. “The cryptocurrency of the initial threat actor joins the back of the ‘chain’ and the threat actor receives a unique reference number known as the ‘mix code’ for deposited funds.” , wrote the researchers. “This code guarantees that the actor does not recover his own ‘dirty’ funds which could theoretically be linked to his operations.”

Then the threat actor gets “the same amount of bitcoin from the mixer pool, mixed using the service’s proprietary algorithm, minus a service fee,” they explained. “For more anonymity, the threat actor may choose to send this new ‘net’ amount of bitcoins to numerous wallet addresses to further cloud the trail of illicit funds,” hampering attempts by law enforcement agencies. order “to associate the original” dirty “crypt.”

Understanding how mixing services work and how they are used by underground forces can help law enforcement and others understand how cybercriminals launder money.

“Understanding how all facets of a ransomware operation work is important if civil society is to stop the losses inflicted by these schemes,” said Intel 471.

Intel 471 observed popular mixers like Absolutio, AudiA6, Blender, and Mix-btc, noting that all were well established on several well-known cybercrime forums. “All of the mixers had professional-looking sites, probably serving in an attempt to make their operations more legitimate and attract a wider range of customers,” the researchers wrote. “None of the vendors have announced their role in money laundering, preferring instead to suggest that their sites serve businesses using cryptocurrency and people interested in protecting their privacy.”

Some of the cryptomixer services allow users to select “dynamic” service charges, which the researchers say “are most likely made to complicate investigations of illicit cryptocurrency funds by changing the amount laundered at different stages of the process. process, which makes it more difficult to link funds to a specific crime or individual.

Cryptomixers are increasingly popular. “Since all four of the mixers mentioned in the blog post advertisements on several popular underground cybercrime forums, we are confident that mixers are widespread to the point of being a common tool,” said Greg Otto, researcher at Intel 471. “Cryptocurrency gives cybercriminals a layer of anonymity, so adding another layer with the use of cryptomixers is something cybercriminals will seek to use whenever possible.

The rise of the cryptomixer among criminals has prompted law enforcement to push “for crypto exchanges to incorporate financial compliance laws into their operations,” the researchers said.

“At this point, it’s difficult to limit the actual use of cryptomixers. Cryptomixers, by themselves, are not illegal, ”said Otto. “However, measures taken by governments to get legitimate trade and services to adhere to traditional anti-money laundering rules like KYC separate legitimate uses from criminal uses.”

He explained, “We don’t see any cryptomixers attached to legitimate services, so if investigators spot the use of any of the services, it becomes a red flag by default.”

[ad_2]

Share.

Comments are closed.