Wall Street Journal corrects article misciting Hamas’ crypto terrorism funding data

October 28, 2023 Coin Telegraph

Elliptic, the firm which Wall Street Journal sourced the data from, said it was “pleased” to see the news outlet acknowledge its mistakes.

The Wall Street Journal (WSJ) has partially corrected an article whic mischaracterized the extent to which Hamas and other militant groups have been funding its terrorism activities with cryptocurrencies.

The Oct. 10 article — titled “Hamas Militants Behind Israel Attack Raised Millions in Crypto” — cited blockchain forensics firm Elliptic to say Palestinian Islamic Jihad (PIJ), a terrorist organization operating on the Gaza Strip, raised as much as $93 million between August 2021 and June 2023.

In the cited report, Elliptic said Israel’s counter-terrorism unit seized PIJ-linked wallets which received $93 million from over that timeframe. However, Elliptic made it clear that this in no way meant that PIJ raised these funds to finance its terrorism activities.

Research from blockchain forensics firm Chainalysis suggests only $450,000 of these funds were sent to a known terrorism-affiliated wallet.

In WSJ’s correction, it stated PIJ and Lebanese political party Hezbollah “may have exchanged” up to $12 million in cryptocurrency — far less than its initial $93 million figure.

“Palestinian Islamic Jihad and Hezbollah may have exchanged up to $12 million in crypto since 2021, according to crypto-research firm Elliptic. An earlier version of this article incorrectly said PIJ had sent more than $12 million in crypto to Hezbollah since 2021,” WSJ said.

WSJ said it updated other parts of the article to include “additional context” about Elliptic’s research.

*Corrections made by the WSJ’s Oct. 10 article. Source: WSJ*

WSJ’s retraction follows an Oct. 25 statement by Elliptic which called on WSJ to correct its misinterpretation of the data. Elliptic added that cryptocurrency funding by Hamas remains “tiny” relative to other funding sources.

On Oct. 27, Elliptic was “pleased” to see WSJ acknowledge its mistakes but said it would've liked to see WSJ be more specific about its corrections.

We're pleased to see the Wall Street Journal issue some corrections to their article based on our feedback. While we would like to have seen them go further, we will continue to engage constructively.
— Elliptic (@elliptic) October 27, 2023

Coinbase's chief legal officer Paul Grewal also noted that WSJ's opening paragraph is still framed as though cryptocurrency was the primary funding source behind Hamas' Oct. 7 attack on Israel.

2/ @WSJ's lede still maintains that the funding supported Hamas attacks hinged on “One answer: cryptocurrency.” There's no evidence of that, and WSJ knows it. pic.twitter.com/BQK80b1jMd
— paulgrewal.eth (@iampaulgrewal) October 27, 2023

"This is barely a correction," he added.

Nic Carter, partner of Castle Island Ventures and others are now calling on United States Senator Elizabeth Warren to retract a related letter backed by over 100 U.S. lawmakers written to the White House on Oct. 17.

The letter cited WSJ’s misinterpreted data from Elliptic in an attempt to argue that cryptocurrency poses a “national security threat” to the U.S. and that Congress and the Biden administration should act swiftly before cryptocurrencies are used to finance another “tragedy.”

Liz Warren wyd? pic.twitter.com/e0Ew2TQzRb
— nic carter (@nic__carter) October 27, 2023

Magazine: US enforcement agencies are turning up the heat on crypto-related crime

Blockchain Analysis Firm Elliptic Says There Is ‘No Evidence’ Hamas Has Raised Significant Crypto Donations

October 27, 2023 The Daily Hodl

$7,000,000,000 in Illicit or High-Risk Funds Laundered Through Cross-Chain Protocols: Crypto Analytics Firm

October 10, 2023 The Daily Hodl

Criminals more reliant on cross-chain bridges than ever after mixer crackdowns

September 20, 2023 Coin Telegraph

Avalanche Bridge

The sanction of cryptocurrency mixer Tornado Cash in August caused the first major shift, but that is now accelerating even faster than projected.

Cybercriminals have accelerated their shift away from crypto mixers for cross-chain bridges over the past year, according to blockchain forensics firm Elliptic.

In June and July, nearly all of the crypto stolen was laundered through cross-chain bridges, Elliptic’s data shows a complete reversal from the first half of 2022.

In a Sept. 18 blog post, Elliptic explained the cross-chain crime trend is due to the “crime displacement” effect — where criminals move to a new method to carry out the illicit activity when the existing method gets over-policed. However, the shift to cross-chain bridges is rising ahead of their projections.

*Proportion of funds laundered between cryptocurrency mixers and cross-chain bridges between January 2022 and July 2023. Source: Elliptic.*

Between July and September 2022, the ratio of laundered funds passing through mixers vs. cross-chain bridges flipped, corresponding to the U.S. Office of Foreign Asset Control’s sanctioning of Tornado Cash in August 2022, said the firm.

Elliptic said many cybercriminals, like the North Korean-backed Lazarus Group, flocked to the Avalanche bridge after the sanctions.

This same bridge was reportedly used recently by the Lazarus Group to facilitate some of the stolen funds in Stake’s $41 million exploit on Sept. 4, according to blockchain security firm CertiK.

Crypto mixers saw a small comeback between November 2022 and January 2023, due to the shutdown of RenBridge — which closed in December after its financer, Alameda Research collapsed from FTX’s bankruptcy.

Elliptic estimates that RenBridge facilitated $500 million in laundered funds throughout its operation.

However, shortly after, criminals have moved back to cross-chain bridges again, even more than before.

Chain-hopping via bridges has become one of the most popular money laundering methods for illicit actors. That's been a problem for crypto investigators — until now. Meet TRM Phoenix — automated cross-chain tracing through 12+ bridges & services: https://t.co/OziATjlO4P pic.twitter.com/7QsLthn180
— TRM Labs (@trmlabs) August 25, 2022

Elliptic said that criminals may be preferring cross-chain bridges as it is difficult for blockchain forensic firms to track illicit activity across chains in a scalable manner.

“Criminals are aware that legacy blockchain analytics solutions do not have the means to trace illicit blockchain activity across blockchains or tokens in a programmatic or scalable manner.”

In addition, many of these stolen tokens are only exchangeable through cross-chain bridges, while most of these DeFi services do not require identity verification to use, Elliptic explained.

The firm estimates that $4 billion in illicit or high-risk cryptocurrencies have been laundered through cross-chain bridges since 2020.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

Bitcoin no longer asset of choice for criminals – former Elliptic crypto advisor

July 21, 2023 Coin Telegraph

Coin Telegraph

Criminals have moved away from using Bitcoin for money laundering, with stablecoins emerging as an alternative due to accessibility.

Crime in Web3 is shifting away from Bitcoin (BTC) to stablecoins while ponzi schemes remain prevalent, according to Elliptic’s former head of technical crypto advisory.

Tara Annison shared the latest insights from the murky world of cryptocurrency-related crime during a presentation on the final day of EthCC in Paris, addressing a wide variety of ways in which digitals assets are either facilitating crime or being used to launder funds.

According to Annison, Bitcoin is no longer the cryptocurrency of choice to carry out illicit activities or launder money. As the cryptocurrency industry has matured, the establishment of decentralized finance (DeFi) protocols, mixing services and stablecoins present new avenues for criminals to explore.

Criminals have shifted towards using dollar-denominated assets, like USD Coin (USDC), as their easy accessibility and ability to be laundered through decentralized exchanges (DEXs).

“The criminals use that as a target point. It's also super easy to launder through Dex's. There's deep liquidity, really good volume, so that's pretty worrying.”

Annison highlighted a potential silver lining from a law enforcement perspective, noting that centralized issuers like Circle could freeze specific USDC tokens before criminals are able to “off ramp out of the asset” into fiat through DEXs or centralized exchanges.

“What we're seeing now is an increased number of accounts with USDC and USDC being blacklisted, and these are frozen funds that the criminals now can't access.”

Ponzi and pyramid schemes remain a feature of the sector, with Annison noting that $7.8 billion were stolen from unwitting victims of these types of scams.

Criminals are finding more sophisticated ways to launder funds. Annison said chain swapping and asset swapping is prevalent as criminals try to hide illicit activity.

“We've seen that to the tune of about $4.1 billion. So they hop across using a dex. They use a coin swap service, they use a mixer, they use a bridge, all basically to try and throw blockchain analytics firms off the trail.”

Annison said that $1.2 billion stolen from DEXs eventually ends up on centralized exchanges. In comparison to previous years, scams in the sector are down 46%. The reason, according to Annison, is the ongoing bear market which has inevitably made the sector less appealing for cybercriminals.

“They're less hyped up, the prices are lower, so it's not as profitable for criminals. So at least next time we're in a bear market. Do bear in mind that the scams are at least down.”

Annison also touched in the increasing use of cryptocurrencies to evade sanctions and finance terrorist activities, highlighting TRON and USDT as popular assets for illicit use.

The advent of metaverse experiences has also seen the space attract nefarious actors. Various crimes are also emerging in virtual worlds, including phishing attacks, NFT theft, wallet tainting, and augmented reality hacks.

Annison’s presentation highlighted the reality of criminal activity in the sector, which will demand increased vigilance and security measures to protect users and combat illicit activities.

Magazine: US enforcement agencies are turning up the heat on crypto-related crime

Atomic Wallet hackers turn to OFAC-sanctioned Garantex: Elliptic

June 13, 2023 Coin Telegraph

Atomic Wallet

Stolen loot crypto from Atomic wallets has started passing through sanctioned Russian-based exchange Garantex, according to Elliptic.

Illicit funds gained from the $35 million Atomic Wallet hack are on the move again, with sanctioned Russian-based crypto exchange Garantex reportedly becoming the latest to come in contact with the hacked crypto.

On June 13, blockchain security and compliance firm Elliptic updated the situation regarding the stolen Atomic Wallet funds. It alleges that the North Korean hacking collective, the Lazarus Group — which is believes is behind the attack — has used sanctioned Russian-based crypto exchange Garantex to launder the loot.

In a Twitter post, the firm said there had been a significant and successful cross-community effort between Elliptic and many exchange partners to freeze the stolen crypto. However, Lazarus has now found other means to trade their assets for Bitcoin (BTC).

After a significant and successful cross-community effort between @elliptic, many of our exchange partners and friends to freeze stolen @AtomicWallet funds, Lazarus have now turned to OFAC-sanctioned Exchange, Garantex, to trade their assets for BTC... pic.twitter.com/5Lk9DeGjr8
— Elliptic Investigations (@Elliptic_Inv) June 12, 2023

The U.S. Office of Foreign Assets Control (OFAC) sanctioned Garantex and the Russian Hydra dark web marketplace in April 2022.

Garantex was founded in late 2019 and originally registered in Estonia before moving the majority of its operations to Moscow, the Treasury Department noted at the time.

“Analysis of known Garantex transactions shows that over $100 million in transactions are associated with illicit actors and darknet markets,” it added.

Earlier this month, Cointelegraph reported that the ill-gotten gains were being channeled through the Sinbad.io mixer, a service frequently used by the Lazarus Group.

Elliptic added that the funds withdrawn from Garantex by the hackers continue to be obfuscated through the Sinbad.io mixer.

The Treasury Department also sanctioned Blender.io (the former iteration of Sinbad.io) in May 2022, warning that the service was being used by North Korea to “support its malicious cyber activities and money-laundering of stolen virtual currency.”

On June 3, a number of Atomic Wallet user accounts were compromised, resulting in losses of up to $35 million in digital assets.

Five days later, Atomic stated that it had engaged blockchain security and analyst company Chainalysis as the leading incident investigator. Cointelegraph reached out to Chainalysis for an update on the investigation but a spokesperson said they couldn’t comment on the Atomic Wallet case.

The notorious North Korean hacking collective has been linked to several major crypto exploits in the past year, including the Harmony Bridge hack and the Ronin Bridge hack.

Magazine: Huawei NFTs, Toyota’s hackathon, North Korea vs. Blockchain: Asia Express

Japan leads world in losses from North Korean crypto hacking with 30% of total: Report

May 15, 2023 Coin Telegraph

Coin Telegraph

An Elliptic report commissioned by Nikkei says Asian countries account for over 60% of losses to North Korean hackers and ransomware users; lax security played a role.

Japan is the biggest loser of cryptocurrency to North Korean hackers, according to a study by blockchain analytics firm Elliptic. Asian countries make up three of the four top targets for the so-called Hermit Kingdom’s hackers, Elliptic found.

The study, commissioned and reported on by Japanese financial publication Nikkei, looked at losses of cryptocurrency from cyberattacks originating in North Korea from 2017 through 2022. The study took into account both hacking and ransomware attacks. It described the attacks as a “national strategy.”

Japan suffered losses of $721 million in those attacks, which was 30% of the world total of over $2.3 billion, Elliptic found, based on an estimate of $640 million of crypto lost in 2022. According to the United Nations, North Korean crypto theft reached a new high in 2022. Nikkei said:

“According to the Japan External Trade Organization, the $721 million stolen from Japan is 8.8 times greater than the value of North Korea’s exports in 2021.”

Vietnam was the second-most attacked country, according to the report, losing $540 million in that time span. The United States was third with $497 million in losses, and Hong Kong trailed in fourth place with losses of $281 million.

Elliptic: North Korean hackers stole $2.3B in crypto from businesses from 2017 to 2022, including $721M from Japan, $497M from the US, and $281M from Hong Kong (Nikkei Asia)https://t.co/abeNfsBd5k https://t.co/undE8tEmJq
— Techmeme (@Techmeme) May 15, 2023

Elliptic pointed to lax security in Japanese and Vietnamese cryptocurrency markets as the rationale for the hackers’ targeting. Nikkei cites an unnamed source as saying at least three Japanese crypto exchanges have been broken into between 2018 and 2021.

North Korea’s Lazarus Group has been behind some of the biggest heists in crypto, such as the Ronin Bridge exploit and the Harmony Bridge hack. North Koreans have also been alleged to steal nonfungible tokens and to launder their stolen funds through decentralized finance services and crypto mixers.

Magazine: Why Animism Gives Japanese Characters a NiFTy Head Start on the Blockchain

Ukraine Raises More Crypto Than Russia in Year of War, Analysis Unveils

February 26, 2023 Bitcoin.com

Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers

February 15, 2023 Coin Telegraph

Binance and Huobi freeze .4M in crypto linked to North Korean hackers

accounts

The North Korean-based hacker outfit Lazarus Group resorted to different privacy mixers attempting to anonymize the stolen funds, but it didn’t work.

Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022.

Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea.

The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen.

Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks to intel from Elliptic’s real-time investigations tools and a swift response by the receiving exchanges.https://t.co/f5bVpm8yfH
— elliptic (@elliptic) February 14, 2023

Elliptic explained it passed on the intelligence to Binance and Houbi who then acted promptly to freeze the Lazarus Group-linked accounts:

“The stolen funds remained dormant until recently, when our investigators began to see them funneled through complex chains of transactions, to exchanges. By promptly notifying these platforms about these illicit deposits, they were able to suspend these accounts and freeze funds.”

Since the Harmony exploit, it has been well documented that Lazarus Group resorted to the now United States OFAC-sanctioned privacy mixer Tornado Cash in an attempt to break the transaction trail back to the original theft.

While this supposedly makes it easier to cash out funds at an exchange, Elliptic investigators were able to trace the entirety of the stolen funds sent through the mixer in this case, the report stated.

Elliptic CEO Simone Maini suggested the events showed the industry was taking on the responsibility to prevent money laundering and stop crypto from becoming a “haven” for illicit activity:

“Today, money laundering was detected and stolen funds linked to North Korea were frozen, in real time. As an industry we have the power and responsibility to prevent digital assets becoming a haven for money launderers and sanctions evaders, and ensure that they are a force for good.”

The Harmony bridge attack was also attributed to the Lazarus Group by the United States Federal Bureau of Investigation (FBI) on Jan. 24.

This isn’t the first time Binance and Huobi have cooperated together on the matter.

The two platforms managed to freeze and recover 121 Bitcoin (BTC), worth $2.5 million at the time, linked to the Harmony attack on Jan. 16.

The recovery was, however, only a fraction of the $63.5 million laundered over that weekend, according to crypto sleuth ZachXBT, which he claims was funneled through Ethereum-based privacy protocol RAILGUN before being sent off to three different exchanges:

1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh
— ZachXBT (@zachxbt) January 15, 2023

Recent efforts from Elliptic last week also found that Lazarus Group has laundered about $100 million in Bitcoin through “Sinbad,” which they claim to be a re-launch of the now OFAC-sanctioned privacy mixer Blender.

Lazarus Group is believed to have stolen well over $2 billion in crypto since it shifted its focus to the industry in 2017 according to estimates from Elliptic.

Crypto mixer Blender has been rebranded to Sinbad, says Elliptic

February 13, 2023 Coin Telegraph

Business

Elliptic's analysis of wallets tied to a suspected Blender operator showed $22 million going to Sinbad as well as similar "characteristics of transactions" between the mixers.

Blender, the cryptocurrency mixer sanctioned by the United States Department of the Treasury’s Office of Foreign Assets Control in May 2022, was “highly likely” relaunched as Sinbad, according to risk management firm Elliptic.

In a Feb. 13 report, Elliptic said its analysis of Sinbad suggested that the crypto mixer was likely a rebrand of Blender as well as having “the same individual or group responsible for it.” According to the firm, Sinbad was behind laundering roughly $100 million in Bitcoin (BTC) for North Korea’s hacking group Lazarus.

Elliptic said following U.S. authorities cracking down on crypto mixers — as OFAC did with Tornado Cash in August and Blender in May — Lazarus hackers used Sinbad to launder some of the funds from the $100-million attack on Horizon Bridge in January. Blockchain analysis of wallets tied to a suspected Blender operator also showed $22 million in crypto going to Sinbad and other funds sent to individuals who promoted the mixer.

“The on-chain pattern of behavior is very similar for both mixers, including the specific characteristics of transactions, and the use of other services to obfuscate their transactions,” said Elliptic. “The way in which the Sinbad mixer operates is identical to Blender in several ways, including ten-digit mixer codes, guarantee letters signed by the service address, and a maximum seven-day transaction delay.”

Elliptic speculated that the individuals behind Sinbad may have rebranded to “gain trust from users” following Blender shutting down, adding that OFAC could consider ordering sanctions on the crypto mixer. The U.S. Treasury Department is already facing lawsuits for its sanctions on Tornado Cash.

Lazarus has allegedly been responsible for several major attacks in the crypto space, including a $620-million hack of Axie Infinity's Ronin Bridge in March 2022. South Korea’s government has also imposed its own sanctions against North Korean entities tied to the theft of cryptocurrency.

Elliptic

Share this video