1. Home
  2. Elliptic

Elliptic

Crypto mixer Blender has been rebranded to Sinbad, says Elliptic

Elliptic's analysis of wallets tied to a suspected Blender operator showed $22 million going to Sinbad as well as similar "characteristics of transactions" between the mixers.

Blender, the cryptocurrency mixer sanctioned by the United States Department of the Treasury’s Office of Foreign Assets Control in May 2022, was “highly likely” relaunched as Sinbad, according to risk management firm Elliptic.

In a Feb. 13 report, Elliptic said its analysis of Sinbad suggested that the crypto mixer was likely a rebrand of Blender as well as having “the same individual or group responsible for it.” According to the firm, Sinbad was behind laundering roughly $100 million in Bitcoin (BTC) for North Korea’s hacking group Lazarus.

Elliptic said following U.S. authorities cracking down on crypto mixers — as OFAC did with Tornado Cash in August and Blender in May — Lazarus hackers used Sinbad to launder some of the funds from the $100-million attack on Horizon Bridge in January. Blockchain analysis of wallets tied to a suspected Blender operator also showed $22 million in crypto going to Sinbad and other funds sent to individuals who promoted the mixer.

“The on-chain pattern of behavior is very similar for both mixers, including the specific characteristics of transactions, and the use of other services to obfuscate their transactions,” said Elliptic. “The way in which the Sinbad mixer operates is identical to Blender in several ways, including ten-digit mixer codes, guarantee letters signed by the service address, and a maximum seven-day transaction delay.”

Source: Elliptic

Elliptic speculated that the individuals behind Sinbad may have rebranded to “gain trust from users” following Blender shutting down, adding that OFAC could consider ordering sanctions on the crypto mixer. The U.S. Treasury Department is already facing lawsuits for its sanctions on Tornado Cash.

Related: Into the storm: The murky world of cryptocurrency mixers

Lazarus has allegedly been responsible for several major attacks in the crypto space, including a $620-million hack of Axie Infinity's Ronin Bridge in March 2022. South Korea’s government has also imposed its own sanctions against North Korean entities tied to the theft of cryptocurrency.

Latam Insights Encore: Brazil’s Stablecoin Remittance Tax Is Doomed From the Start

Darknet Market Solaris Hacked by Competitor, Elliptic Reveals

Darknet Market Solaris Hacked by Competitor, Elliptic RevealsA leading marketplace on the dark web, Solaris, has been hit by a rival, according to crypto analytics company Elliptic. The Russia-linked platform, which tried to occupy space vacated by the busted Hydra, is believed to have conquered up to a fifth of the illicit market before the hack. Solaris Allegedly Taken Over by Darknet […]

Latam Insights Encore: Brazil’s Stablecoin Remittance Tax Is Doomed From the Start

Onchain Researchers Discover $63M in Ethereum From Harmony Bridge Attack Moved, Hackers Attempt to Launder Funds on Major Exchanges

Onchain Researchers Discover M in Ethereum From Harmony Bridge Attack Moved, Hackers Attempt to Launder Funds on Major ExchangesOn Jan. 15, 2023, onchain researchers discovered that funds stolen during the Harmony bridge attack had been moved. The suspected thieves, who are allegedly associated with the North Korean hacking syndicate Lazarus Group, moved 41,000 ethereum, worth $63.2 million at current exchange rates. Onchain Researchers Track Stolen Ethereum From Harmony Bridge Attack and Help Major […]

Latam Insights Encore: Brazil’s Stablecoin Remittance Tax Is Doomed From the Start

Into the storm: The murky world of cryptocurrency mixers

A handful of obfuscation protocols are competing for the user base of OFAC-sanctioned Tornado Cash.

Cryptocurrency mixing services are a divisive subject in the industry. Some advocate for the privacy-enabling features of these protocols while others maintain that they are mainly used for illicit means.

For platforms like Tornado Cash, the mainstream verdict is “guilty as charged.” The infamous decentralized mixing protocol was sanctioned by the United States Office of Foreign Assets Control (OFAC) in August 2022, essentially making it illegal for anyone to make use of the service.

Tornado Cash continues to be a contentious topic and one of its developers, Alexey Pertsev, controversially remains in detention in the Netherlands while investigators look to build a case against the Russian developer and his alleged role in the mixer’s operation.

In a proverbial sense, one man’s loss is another man’s gain and that seems to be the case for cryptocurrency mixers according to a report from blockchain analytics firm Elliptic.

A blow to money-laundering operations

As highlighted in its analysis, Elliptic reveals that over $7 billion worth of cryptocurrencies were processed by Tornado Cash. An estimated $1.54 billion of illicit cryptocurrency was laundered through the platform, with a user base that included the likes of North Korean Lazarus Group state hackers.

In the wake of OFAC’s sanctions, Tornado Cash liquidity pools saw their holdings drop by 60% which is said to have drastically reduced the anonymizing potential of the platform for large-scale money laundering operations.

With Tornado Cash ostensibly shut down, a number of alternative mixing services have been identified as potential threats to cryptocurrency service providers and criminal investigators. Elliptic highlights six different protocols that have been used as mixers in the wake of Tornado Cash’s prohibition.

Not all mixers are being used for illicit means

Elliptic’s report unpacks how these mixer protocols operate in different ways and provide a variety of outcomes for potential users. A top-down view shows that these obfuscation protocols have mixed over $41 million of cryptocurrency, which pales in comparison to the total amount that was processed by Tornado Cash.

Ether (ETH), BNB (BNB), Wrapped Ether (wETH) and Tether (USDT) are the most commonly mixed tokens, given their usability within decentralized finance (DeFi). Elliptic’s figures notably exclude Polygon-based tokens.

Two particular protocols account for the highest mixing capacity of the tools analyzed and as a result, make up three-quarters of the cryptocurrency mixed.

The first is Railgun, a decentralized protocol that, according to Elliptic, caters to professional traders and DeFi users looking to conceal investment strategies. Railgun Privacy System removes wallet addresses from transactions on public blockchains using zero-knowledge-proof technology. It claims to be ERC-20 token compatible and has no mixing limit.

Cyclone Protocol is the second protocol, a Tornado Cash fork that touts a number of enhancements said to include yield farming to contributors of anonymity pools. Elliptic reports that Cyclone is able to mix 100 ETH/100,000 USDT in one instance and is available on IoTEX, Ethereum, BNB Smart Chain and Polygon.

Aside from Cyclone, which Elliptic highlights as the highest risk protocol among the six in its report, funds being mixed by these services “largely reflect legitimate DeFi trading activity.”

Just $40,000 of mixed funds were traced back to DeFi thefts which suggests that current activity reflects a lack of adoption of these alternative mixing protocols by nefarious actors and criminal elements.

Keeping tabs

Despite the fact that a relatively small amount of cryptocurrency has been mixed by nefarious actors, Elliptic still provides a cautionary note aimed at a couple of the services it highlighted.

Cyclone Protocol is identified as the highest-risk service in the wake of Tornado Cash sanctions. The service’s high transaction limit, large liquidity available in its mixing pools, and its ability to process Tornado Cash’s eponymous governance token (TORN) are cause for concern according to Elliptic:

“It’s confirmed use to launder at least some proceeds of DeFi exploits, the large amount of funds it has since processed and the apparent absence of its developer team to address concerns only strengthen these risks.”

Buccaneer V3 (BV3) was scored as a “medium-high” risk tool. The Ethereum-based token (BUCC) allows users to “bury” funds for an indefinite period of time without having to mix, pool or cycle transactions. A decoy mode displays fictitious BUCC balances on user interfaces as an obfuscation technique.

The service could be attractive for illicit use cases as it makes use of a Gas Station Network in order to pay transaction fees by claiming a small proportion of transferred BUCC. This could allow users to avoid using regulation-compliant cryptocurrency exchanges and services:

“BV3 therefore claims that it solves the ‘funding problem’ — the issue that addresses typically need to source ETH to pay transaction fees, typically from a centralized KYC exchange.”

A caveat provided by Elliptic is that BV3 uses technology that is still being tested, with its features and capabilities still to be fully realized. The remaining four protocols all have factors that Elliptic believes will inhibit large-scale illicit use.

Latam Insights Encore: Brazil’s Stablecoin Remittance Tax Is Doomed From the Start

Illicit cross-chain transfers expected to grow to $10B: Here’s how to prevent them

Forecasts predict cryptocurrency criminals laundering more than $10 billion through cross-chain bridges by 2025, leading to calls for holistic screening solutions.

Improved blockchain analytics will become increasingly important to combat the use of cross-chain bridges for illicit means, which are estimated to surpass $10 billion in value by 2025.

Blockchain analytics firm Elliptic forecasts a 60% rise in the value of illicit cryptocurrency laundered through cross-chain bridges from $4.1 billion in June 2022 to $6.5 billion next year. This figure is projected to double midway through the decade.

Cross-chain crime has been a major talking point in 2022 with over $2 billion fleeced in hacks targeting cross-chain bridges. Aside from these bridges and their contracts being targeted, these bridges have also become an avenue for criminals to launder cryptocurrency. A prime example is an unknown hacker moving stolen funds from the now bankrupt FTX using cross-chain bridges.

Cointelegraph unpacked the findings of research released by Elliptic in correspondence with senior cryptocurrency threat analyst Arda Akartuna. 

The Elliptic analyst explained that billions of dollars in assets have been transferred between Bitcoin, Ethereum and other blockchains using bridge services such as Portal, cBridge and Synapse. Decentralized cross-chain bridges offer an unregulated alternative to exchanges for transferring value between blockchains.

Related: After FTX: Defi can go mainstream if it overcomes its flaws

While some bridges are used legitimately, Akartuna noted that the tools have emerged as a key facilitator in money laundering. ‘Chain-hopping’, or moving proceeds of crime between blockchains, has long been used to evade tracing efforts by exchanging cryptocurrency assets through decentralized or anonymous exchanges.

As blockchain surveillance, enforcement and regulatory efforts have improved, criminals have turned to cross-chains to continue laundering illicit funds:

“Decentralized cross-chain bridges provide unregulated alternatives that are being embraced by cybercriminals.”

Akartuna also notes that the sanctioning of cryptocurrency mixing service Tornado Cash has seen a shift in the way criminals launder money. Decentralized exchanges, cross-chain bridges and coin swap services are becoming a new means of moving illicit funds:

“Although the use of these platforms is overwhelmingly legitimate, they facilitate cross-chain money laundering and terrorist financing due to their lack of identity checks and anti-money laundering controls.”

An example of increased use of a cross-chain avenue for illicit means is RenBridge, which Elliptic research found to have laundered around $540 million of criminal proceeds as of August 2022. Meanwhile centralized exchanges, which also facilitate cross-chain or cross-asset swaps, are less popular for illicit actors given the push for AML and identity screening/KYC solutions.

The growing prevalence of cross-chain bridge usage for illicit means highlights the need for solutions or efforts to minimize criminal usage. Akartuna suggested users conduct due diligence on the services used to hop between blockchains and tokens and be wary of platforms associated with illicit activity.

Businesses should make use of blockchain analytics tools to screen addresses and transactions and set clear risk rules for their cryptocurrency usage. Nevertheless, there are some circumstances that simply cannot be predicted or avoided, as Akartuna explained:

“The sanctions against Tornado Cash is a prime example of how legitimate wallets may be inadvertently tainted due to sudden enforcement actions, as you now have 'pre-sanctions activity' which doesn't carry the same risk as post-sanctions activity.”

Existing single blockchain analytics solutions have done a lot to combat money laundering in the cryptocurrency space but fall short of capabilities to trace, screen or forensically investigate transactions across blockchains or tokens.

As the Elliptic threat analyst highlighted, once an asset 'hops' to a different blockchain, investigations become significantly more complex and resource intensive.

“The risk here is that a wallet can hold any number of different assets, and legacy blockchain solutions are not able to automatically trace the activities of the same entity across separate chains.”

Screening the movement of funds on separate blockchains may see some assets flagged as sanctioned while others may show no risk. In theory, this could lead to an exchange or wallet user unwittingly transacting with a sanctioned entity.

Elliptic, for example, makes use of a proprietary analytics tool with ‘holistic screening’ capabilities which merges existing blockchains into an interconnected system. This allows for visualization and screening across chains to better detect the movement of illicit funds.

Latam Insights Encore: Brazil’s Stablecoin Remittance Tax Is Doomed From the Start

Prospects Don’t Look so Hot for Sam Bankman-Fried’s Invitation-Only Crypto Bahamas Event

Prospects Don’t Look so Hot for Sam Bankman-Fried’s Invitation-Only Crypto Bahamas EventFollowing the FTX collapse and amid the aftermath, people have been wondering about the company’s Crypto Bahamas conference that was scheduled to happen on April 17-20, 2023, at the exclusive Grand Hyatt Baha Mar, in Nassau. The event planned for April 2023 was supposed to be hosted by the now-bankrupt FTX and the Skybridge Capital-backed […]

Latam Insights Encore: Brazil’s Stablecoin Remittance Tax Is Doomed From the Start

Terrorists are funding their horrible deeds with crypto: UN officials

Cash and hawala remain the “predominant methods of terror financing,” according to a UN official, however, "advanced" terror organizations are turning to cryptocurrencies.

Terrorist groups who have been excluded from the “formal financial system” have turned to crypto to fund their heinous activities, according to Svetlana Martynova, the Countering Financing of Terrorism Coordinator at the United Nations (UN). 

The UN official made the comments during a speech at a “Special Meeting” run by the UN’s Counter-Terrorism Committee (CTC) in New Delhi and Mumbai on Oct. 28-29 — which was focused on combating the use of “new and emerging technologies” for terrorist purposes.

Martynova said that while cash and "hawala" — a traditional system of transferring money in Arab countries and South Asia — have been the "predominant methods" of terror financing, "we know terrorists adapt to the evolution of conditions around them and as technologies evolve they adapt as well," she said. 

Martynova noted that these technologies include cryptocurrencies, which have been used to “create opportunities for abuse,” she said, adding:

“If they’re excluded from the formal financial system and they want to purchase or invest in something with anonymity, and they’re advanced for that, they’re likely to abuse cryptocurrencies.”

UN Secretary-General Antonio Guterres also stated that while emerging technologies have an “unmatched potential to improve human conditions everywhere,” the harm done also expands far beyond that of terror financing:

“Terrorists and others posing hateful ideologies are abusing new and emerging technologies to spread disinformation, foment discord, recruit and radicalize, mobilize resources and execute attacks.”

As for how the UN plans on handling the issue at an international level, Martynova said the main challenge is to get nation-states on board with its regulation.

“We have very clear global standards from the Financial Action Task Force (FATF) and the resolutions of UNSC,” she said.

However, Martynova added that very few countries have started the work on regulation, and even less so are “successfully enforcing that regulation” to deter ill-intended non-state actors.

Related: Terrorists still raise money through crypto, but the impact is limited

Some efforts are being made at the state level, with the United States Department of the Treasury most notably sanctioning crypto mixer Tornado Cash over money laundering and cybercrime concerns. 

A number of blockchain-based forensic firms such as Chainalysis and Elliptic have also come about in recent years to track down cybercriminals and report their activities to governments — which has helped fade away the myth that cryptocurrency is a criminal’s safe haven.

Latam Insights Encore: Brazil’s Stablecoin Remittance Tax Is Doomed From the Start

‘New frontier’ of crypto laundering involves cross-chain bridges and DEXs: Elliptic

Curve, Uniswap, 1inch, and the Ren bridge were the top platforms of choice for laundering illicit crypto, according to Elliptic.

New research from blockchain analytics and crypto compliance firm Elliptic has revealed the extent to which cross-chain bridges and decentralized exchanges (DEXs) have removed barriers for cybercriminals.

In an Oct. 4 report titled “The state of cross-chain crime,” Elliptic researchers Eray Arda Akartuna and Thibaud Madelin took a deep dive into what they described as “the new frontier of crypto laundering.” The report summarized that the free flow of capital between crypto assets is now more unhindered due to the emergence of new technologies such as bridges and DEXs.

Cybercriminals have been using cross-chain bridges, DEXs, and coin swaps to obfuscate at least $4 billion worth of illicit crypto proceeds since the beginning of 2020, it reported.

Around a third of all stolen crypto, or roughly $1.2 billion, from the incidents surveyed, was swapped using decentralized exchanges.

Delving further into the details, the report noted that more than half of the illicit funds it identified were swapped directly through two DEXs — Curve and Uniswap, with the 1inch aggregator protocol coming a close third.

A similar amount (around $1.2 billion) has been laundered using coin swap services which allow users to swap assets within and across different networks without having an account.

“Many are advertised on Russian cybercrime forums and cater almost exclusively to a criminal audience,” it noted.

Sanctioned entities are increasingly turning to such technologies in order to move funds and carry out cyber-attacks, according to Elliptic.

“Wallets connected to groups eventually sanctioned by the United States – including those used by North Korea to perpetrate multi-million-dollar cyberattacks – have laundered more than $1.8 billion through such techniques.”

In a June report on virtual asset risks, global money laundering, and terrorist financing watchdog, the Financial Action Task Force (FATF), also fingered cross-chain bridges and “chain hopping” as a high risk.

Related: $2B in crypto stolen from cross-chain bridges this year: Chainalysis

The Ren bridge was mentioned as a top choice for crypto laundering with the vast majority of illicit assets, or more than $540 million, passing through it.

“Ren has become particularly popular with those seeking to launder the proceeds of theft,” it said.

One potential solution to mitigate crypto theft was proposed by Stanford researchers last month. It involves an opt-in token standard called ERC-20R that provides the option to reverse a transaction within a set time period.

Latam Insights Encore: Brazil’s Stablecoin Remittance Tax Is Doomed From the Start

Bad Actors Have Stolen More Than $100,000,000 Worth of NFTs Since Last Year: Crypto Analytics Firm

Bad Actors Have Stolen More Than 0,000,000 Worth of NFTs Since Last Year: Crypto Analytics Firm

New data from a prominent crypto intelligence firm is revealing that criminals have stolen over a hundred million dollars worth of non-fungible tokens (NFTs) since last year. According to blockchain analytics firm Elliptic, over $100 million worth of NFTs have been reported stolen between July 2021 and July 2022, with July of this year being […]

The post Bad Actors Have Stolen More Than $100,000,000 Worth of NFTs Since Last Year: Crypto Analytics Firm appeared first on The Daily Hodl.

Latam Insights Encore: Brazil’s Stablecoin Remittance Tax Is Doomed From the Start

More than $100M worth of NFTs stolen since 2021 — Elliptic

The firm reported that although the market downturn had caused the value of NFTs to “slump”, scammers stole an estimated 4,647 of the tokens in July 2022.

Cryptocurrency risk management firm Elliptic has released a report suggesting that scammers stole more than $100 million worth of nonfungible tokens, or NFTs, starting in 2021.

In its NFTs and Financial Crime report released on Wednesday, Elliptic said crypto users had been the victims of roughly $100.6 million worth of scams related to NFTs in the 13-month period from July 2021 to July 2022. The firm reported that although the market downturn had caused the value of NFTs to “slump”, scammers stole the most tokens in July 2022 — estimated to be 4,647 assets — and the most value in May 2022 at roughly $23.9 million.

According to Elliptic, the most valuable NFT theft the firm verified as part of its analysis was a CryptoPunk valued at $490,000 at the time it was stolen in November 2021. In December 2021, scammers were able to pilfer “16 blue chip NFTs worth $2.1 million” from a single victim in the crypto space.

Source: Elliptic

The report stated that individuals had laundered more than $8 million on illicit funds through NFT platforms since 2017, while more than $328 million went through cryptocurrency mixers including Tornado Cash, sanctioned by the United States Office of Foreign Asset Control in August. The controversial mixer reportedly processed $137.6 million worth of crypto from NFT platforms and was “the laundering tool of choice” for the majority of scams.

It’s unclear how close the aforementioned figures were to the true value of crypto and NFTs involved in scams, as many go unreported or are identified after the fact. Elliptic reported more than 2,000 NFTs were stolen at rough value of $20 million in April 2022, but the fake airdrop targeting Bored Ape Yacht Club NFT holders accounted for an estimated tens of millions of dollars stolen at the time. Elliptic's data suggested that scammers removed $58.1 million worth of Ape NFTs from the Bored Ape Yacht Club and Mutant Ape Yacht Club in July 2022.

“Across June and July 2022, thefts of valuable NFTs decreased while those affecting lower value early-stage projects rose,” said Elliptic. “This trend likely partially reflects valuable NFT owners ‘hodling’ their assets throughout the bear market and not engaging as actively with new projects vulnerable to scammer activity.”

Related: OpenSea introduces new stolen item policy to combat NFT theft

Scammers continue to employ a variety of methods to relieve crypto users of their NFTs, through phishing attacks, exploits of a marketplace, and others. The tokens recently became the target in a class-action lawsuit with the potential to influence how the U.S. Securities and Exchange Commission may view assets in the crypto space as securities.

Latam Insights Encore: Brazil’s Stablecoin Remittance Tax Is Doomed From the Start