Upland: Berlin is here!

June 15th, Chainalysis report Cybercriminals are abusing mining pools to mix criminal proceeds with newly mined cryptocurrencies.

The report noted a very active deposit address on mainstream cryptocurrency exchanges. This wallet received large amounts of cryptocurrency from both mining pools and ransomware-linked wallets.

This address received $94.2 million worth of cryptocurrency, about 20% of which, or $19.1 million, came from ransomware-linked wallets. This address also received $14.1 million from the mining pool.

Chainalysis chain reactor
sauce: Chainalysis chain reactor

Chainalias discovered that both the ransomware wallet and the mining pool address sent funds to the exchange deposit wallet through an intermediary. However, in some cases, funds were transferred directly from the ransomware wallet to the mining pool.

The tactic is a “sophisticated attempt at money laundering,” Chainalysis said. Malicious actors funnel money into exchanges through mining pools to create the illusion that the tainted funds are mining earnings, rather than being related to cybercrime. Therefore, criminals are using mining pools as cryptocurrency mixers to avoid alarms on exchanges.

This is on the rise. Chainalysis found 372 exchange wallets that received funds from mining pools and at least $1 million from ransomware-linked wallets. Since 2018, these exchange addresses have received a total of $158.3 million from ransomware wallets.

Scammers also use mining pools to launder money

Scammers employ the same tactics as ransomware attackers. For example, according to Chainalysis, funds related to the BitClub Network scam, which saw more than $700 million stolen, were mixed with bitcoin obtained from a Russian-based mining operation in 2019.

In addition, the exchange wallet also received funds from BTC-e, a defunct Russian cryptocurrency exchange. BTC-e was shut down in 2017 for facilitating money laundering, including funds related to the Mt. Gox hack.

Criminals allegedly mixed funds from BitClub, BTC-e and a Russian mining operation to obfuscate the origin of the funds. The report stated:

“The money launderers in this case mined the funds from BitClub and BTC-e in order to make it appear that the funds transferred to the two exchanges all came from mining. We believe it may have been intentionally mixed with funds.”

Since 2018, such exchange addresses have received approximately $1.1 billion from fraud-linked wallets. Moreover, such exchange wallets received at least $1 million from mining pools during the period.

To combat this growing problem of illicit funds, Chainaracy suggests that mining pools and hashing services should implement rigorous wallet screening and customer awareness procedures. Mining pools must verify the source of funds and reject all deposits from illegal addresses, he said.

Full Chainarise report available here.

By Jules

Leave a Reply