Cybercriminals garnered $1.4B from cryptocurrency crimes in spring 2020

This year could see the second-highest value in cryptocurrency crimes recorded, with coronavirus-themed attacks contributing to growth, CipherTrace found.

Bitcoin ATMs: Security, demographics, transaction fees, and other details

In the first five months of 2020, cryptocurrency crimes have totaled $1.4 billion, indicating that the year 2020 could see the second-highest value in cryptocurrency crimes, outside 2019's  whopping $4.5 billion, a CipherTrace report found. 

Contributing to this growth is a large number of coronavirus-themed crypto crimes, which quickly spread as COVID-19 content flooded the media. Many criminals posed as credible coronavirus-related sources, only to commit fraud or steal money, according to the report. 

SEE: Security Awareness and Training policy (TechRepublic Premium)

The Spring 2020 Cryptocurrency Anti-Money Laundering and Crime report assessed the different tactics cybercriminals are using to commit cryptocurrency offenses. While some Anti- Money Laundering (AMT) measures have been effective, hackers appear to be getting savvier. 

Top hacks and fraud 

Coronavirus-inspired fraud has been one of the most popular forms of attack. Governments and other public officials funneling a large amount of resources to mitigating health and economic impacts of the virus has resulted in a lack of regulatory oversight and enforcement on money laundering. In response, bad actors are taking advantage, the report found. 

Scammers are especially profiting off of the fear created by the health crisis, luring individuals to seek healthcare information, buy nonexistent products, or contribute to fake relief efforts. 

The fraud is generally committed by persuading unaware users to leave a "trusted" dark market site and join a messaging platform, where the scammer then convinces the victim to pay crypto in exchange for PPE, medicine, or other in-demand supplies. 

The report also noted new dark net markets pop-ups claiming to sell COVID-19 diagnostic tests, secret vaccines, or cures. 

Many ransomware strains have also capitalized on coronavirus, using the virus' name, or version of it. Strains include Corona Ransomware, CoronaVi2022, N2019cov, and SARS-CoV-2. 

Some ransomware strains don't have a COVID-19-related name, but are attacking hospitals and other healthcare providers. An example is EDA2, associated with HiddenTear, which sent its bitcoin to a Canadian crypto payment processor. 

Malicious "Covid-related" Android applications have also been a common form of attack. The criminal creates applications that claim to offer information about the virus, but instead allows the attacker to spy on the user, encrypt the device, and hold it for ransom. A couple of well-known apps are COVID19 Tracker and Wisecleaner.best (coronaVi2022), the report found. 

Scammers have catered phishing attacks to COVID-19 as well. Several email campaigns exist in which criminals impersonate official groups to extract personal information or cryptocurrency payments. The report identified the following popular email scams: 

  • CDC email scam
  • Cdc-gov.org Email (steals email credentials)
  • Delayed payment confirmation caused by COVID-19 Email (steals email credentials)
  • Red Cross Email Scam
  • WHO Email Scam

Exchanged and dark net marketplaces 

The global average of direct criminal funds received by exchanges dropped 47% in 2019. This trend marks a three-year low for cryptocurrency exchanges worldwide; only an average of 0.17% of funds received by exchanges in 2019 came directly from criminal sources, the report found. 

With more crypto AML regulations being implemented across the world, criminals are having more difficulty offloading illicit funds directly ro cryptocurrency exchanges, which is the most popular crypto-to-fiat offramp, according to the report. 

This obstacle is only making criminals more savvy, however. Stronger AML protocols make it more difficult for criminals to directly deposit tainted funds into an exchange. Scammers are instead figuring out how to layer funds through multiple private wallets before cashing out through regulated fiat off-ramps, such as exchanges. 

This action means that exchanges must remain diligent to both one-hop and multi-hop risks to criminal funds. While only 9.8% of the dark market's one-hop interaction went directly to exchanges, some 30.7% of its two-hop interactions went to exchanges, which more than tripled the risk exposure to exchanges, the report found.
 
For the third year in a row, Finnish exchanges ranked No.1 in the highest percentage of criminal BTC received, with 12.% of all BTC funds coming directly from criminals. Finland-based Localbitcoins, one of the biggest peer-to-peer marketplaces, received more than 99% of those criminal funds, according to the report. 

Looking at location, an average of 74% of bitcoin in exchange-to-exchange transactions were moved cross-board in 2019. This finding highlights the importance of AML/Counter Terrorist Financing (CTF), according to the report, because criminals take advantage of discrepancies between regions with stronger and weaker crypto regulations. 

Bitcoin ATMs 

The report also reviewed aloof the US-based bitcoin ATM transactions and found that users sent more funds to high-risk exchanges than low-risk exchanges in 2019. The number of funds sent to high-risk exchanges from US BATMs has seen significant growth, doubling each year since 2017. 

High-risk exchanges are "nefarious exchanges known for facilitating criminal activities and money laundering," according to the report. While these exchanges aren't intrinsically criminal, the flow of criminal funds through such exchanges makes that transaction more worrisome, it said.
 
e019 Stay informed, click here to subscribe to the TechRepublic Tech News You Can Use newsletter. 

With crypto regulations proving effective, the report urged more countries to adopt such protections, especially with how much crypto crime has grown already in 2020. 

For more, check out The 3 most popular coronavirus-related scams on TechRepublic. 

Also see 

istock-847880254-1.jpg

NicoElNino, Getty Images/iStockphoto