The prospect of crypto mining being utilized as a tool to bolster money laundering activities has recently come under scrutiny, particularly with regard to nation-state actors and conventional criminals. Blockchain forensic firm Chainalysis has reported that sanctioned countries such as Iran have turned to crypto mining as a means to accumulate capital outside the conventional financial system.
In a recent development, cybersecurity company Mandiant revealed that the notorious North Korean hacking group, the Lazarus Group, has been using pilfered cryptocurrencies like Bitcoin to obtain newly-mined crypto through hashing rental and cloud mining services. Essentially, cybercriminals use stolen crypto to mine “clean” coins and launder them through various services.
Chainalysis identified one unnamed mainstream exchange that received substantial funds from both mining pools and wallets linked to ransomware activities. A single deposit address for this exchange received as much as $94.2 million, with $19.1 million originating from ransomware addresses and $14.1 million coming from mining pools. In some cases, ransomware wallets were found to be sending funds to a mining pool, both directly and through intermediaries, possibly as an attempt at money laundering.
The alleged abuse of mining pools by ransomware actors appears to be on the rise. Chainalysis’s data shows a large, steady increase in value sent from ransomware wallets to mining pools since the beginning of 2018. Mining pools and ransomware addresses have transferred cryptocurrency worth at least $1 million to a total of 372 exchange deposit addresses, which may indicate an attempt to make illicit funds appear as proceeds from crypto mining activities.
Since 2018, these deposit addresses have received a total of $158.3 million from ransomware addresses, with this figure likely being an underestimate. Chainalysis points to BitClub, the infamous crypto Ponzi scheme that operated between 2014 and 2019, as an example of cybercriminals turning to mining pools. BitClub Network transferred millions of Bitcoins to wallets linked to underground money laundering services believed to be located in Russia. Over the course of three years, those money laundering wallets transferred Bitcoin to deposit addresses at two major exchanges.
One of the wallets alleged to be associated with the money launderers also received funds from BTC-e, the crypto exchange accused by the U.S. government of facilitating money laundering and operating an unlicensed money service business. Chainalysis believes that the money launderers purposely mingled funds from BitClub and BTC-e with those gained from mining to create the impression that all funds sent to the two exchanges came from mining activities.
Chainalysis suggests that one effective way to ensure that Bitcoin mining – and mining for other blockchains – is not compromised is for mining pools and hashing services to implement rigorous wallet screening procedures, including Know Your Customer (KYC) protocols. By using blockchain analysis and other tools to verify the source of funds and by rejecting cryptocurrencies originating from illicit addresses, these screening measures could effectively prevent bad actors from exploiting mining for money laundering purposes.
Source: Decrypt