Darknet Market Solaris Hacked by Competitor, Elliptic Reveals

January 22, 2023 Bitcoin.com

Onchain Researchers Discover $63M in Ethereum From Harmony Bridge Attack Moved, Hackers Attempt to Launder Funds on Major Exchanges

January 16, 2023 Bitcoin.com

Into the storm: The murky world of cryptocurrency mixers

December 7, 2022 Coin Telegraph

Coin Telegraph

A handful of obfuscation protocols are competing for the user base of OFAC-sanctioned Tornado Cash.

Cryptocurrency mixing services are a divisive subject in the industry. Some advocate for the privacy-enabling features of these protocols while others maintain that they are mainly used for illicit means.

For platforms like Tornado Cash, the mainstream verdict is “guilty as charged.” The infamous decentralized mixing protocol was sanctioned by the United States Office of Foreign Assets Control (OFAC) in August 2022, essentially making it illegal for anyone to make use of the service.

Tornado Cash continues to be a contentious topic and one of its developers, Alexey Pertsev, controversially remains in detention in the Netherlands while investigators look to build a case against the Russian developer and his alleged role in the mixer’s operation.

In a proverbial sense, one man’s loss is another man’s gain and that seems to be the case for cryptocurrency mixers according to a report from blockchain analytics firm Elliptic.

A blow to money-laundering operations

As highlighted in its analysis, Elliptic reveals that over $7 billion worth of cryptocurrencies were processed by Tornado Cash. An estimated $1.54 billion of illicit cryptocurrency was laundered through the platform, with a user base that included the likes of North Korean Lazarus Group state hackers.

In the wake of OFAC’s sanctions, Tornado Cash liquidity pools saw their holdings drop by 60% which is said to have drastically reduced the anonymizing potential of the platform for large-scale money laundering operations.

With Tornado Cash ostensibly shut down, a number of alternative mixing services have been identified as potential threats to cryptocurrency service providers and criminal investigators. Elliptic highlights six different protocols that have been used as mixers in the wake of Tornado Cash’s prohibition.

Not all mixers are being used for illicit means

Elliptic’s report unpacks how these mixer protocols operate in different ways and provide a variety of outcomes for potential users. A top-down view shows that these obfuscation protocols have mixed over $41 million of cryptocurrency, which pales in comparison to the total amount that was processed by Tornado Cash.

Ether (ETH), BNB (BNB), Wrapped Ether (wETH) and Tether (USDT) are the most commonly mixed tokens, given their usability within decentralized finance (DeFi). Elliptic’s figures notably exclude Polygon-based tokens.

Two particular protocols account for the highest mixing capacity of the tools analyzed and as a result, make up three-quarters of the cryptocurrency mixed.

The first is Railgun, a decentralized protocol that, according to Elliptic, caters to professional traders and DeFi users looking to conceal investment strategies. Railgun Privacy System removes wallet addresses from transactions on public blockchains using zero-knowledge-proof technology. It claims to be ERC-20 token compatible and has no mixing limit.

Cyclone Protocol is the second protocol, a Tornado Cash fork that touts a number of enhancements said to include yield farming to contributors of anonymity pools. Elliptic reports that Cyclone is able to mix 100 ETH/100,000 USDT in one instance and is available on IoTEX, Ethereum, BNB Smart Chain and Polygon.

Aside from Cyclone, which Elliptic highlights as the highest risk protocol among the six in its report, funds being mixed by these services “largely reflect legitimate DeFi trading activity.”

Just $40,000 of mixed funds were traced back to DeFi thefts which suggests that current activity reflects a lack of adoption of these alternative mixing protocols by nefarious actors and criminal elements.

Keeping tabs

Despite the fact that a relatively small amount of cryptocurrency has been mixed by nefarious actors, Elliptic still provides a cautionary note aimed at a couple of the services it highlighted.

Cyclone Protocol is identified as the highest-risk service in the wake of Tornado Cash sanctions. The service’s high transaction limit, large liquidity available in its mixing pools, and its ability to process Tornado Cash’s eponymous governance token (TORN) are cause for concern according to Elliptic:

“It’s confirmed use to launder at least some proceeds of DeFi exploits, the large amount of funds it has since processed and the apparent absence of its developer team to address concerns only strengthen these risks.”

Buccaneer V3 (BV3) was scored as a “medium-high” risk tool. The Ethereum-based token (BUCC) allows users to “bury” funds for an indefinite period of time without having to mix, pool or cycle transactions. A decoy mode displays fictitious BUCC balances on user interfaces as an obfuscation technique.

The service could be attractive for illicit use cases as it makes use of a Gas Station Network in order to pay transaction fees by claiming a small proportion of transferred BUCC. This could allow users to avoid using regulation-compliant cryptocurrency exchanges and services:

“BV3 therefore claims that it solves the ‘funding problem’ — the issue that addresses typically need to source ETH to pay transaction fees, typically from a centralized KYC exchange.”

A caveat provided by Elliptic is that BV3 uses technology that is still being tested, with its features and capabilities still to be fully realized. The remaining four protocols all have factors that Elliptic believes will inhibit large-scale illicit use.

Illicit cross-chain transfers expected to grow to $10B: Here’s how to prevent them

November 30, 2022 Coin Telegraph

<div>Illicit cross-chain transfers expected to grow to B: Here's how to prevent them</div>

Analytics

Forecasts predict cryptocurrency criminals laundering more than $10 billion through cross-chain bridges by 2025, leading to calls for holistic screening solutions.

Improved blockchain analytics will become increasingly important to combat the use of cross-chain bridges for illicit means, which are estimated to surpass $10 billion in value by 2025.

Blockchain analytics firm Elliptic forecasts a 60% rise in the value of illicit cryptocurrency laundered through cross-chain bridges from $4.1 billion in June 2022 to $6.5 billion next year. This figure is projected to double midway through the decade.

Cross-chain crime has been a major talking point in 2022 with over $2 billion fleeced in hacks targeting cross-chain bridges. Aside from these bridges and their contracts being targeted, these bridges have also become an avenue for criminals to launder cryptocurrency. A prime example is an unknown hacker moving stolen funds from the now bankrupt FTX using cross-chain bridges.

Cointelegraph unpacked the findings of research released by Elliptic in correspondence with senior cryptocurrency threat analyst Arda Akartuna.

The Elliptic analyst explained that billions of dollars in assets have been transferred between Bitcoin, Ethereum and other blockchains using bridge services such as Portal, cBridge and Synapse. Decentralized cross-chain bridges offer an unregulated alternative to exchanges for transferring value between blockchains.

While some bridges are used legitimately, Akartuna noted that the tools have emerged as a key facilitator in money laundering. ‘Chain-hopping’, or moving proceeds of crime between blockchains, has long been used to evade tracing efforts by exchanging cryptocurrency assets through decentralized or anonymous exchanges.

As blockchain surveillance, enforcement and regulatory efforts have improved, criminals have turned to cross-chains to continue laundering illicit funds:

“Decentralized cross-chain bridges provide unregulated alternatives that are being embraced by cybercriminals.”

Akartuna also notes that the sanctioning of cryptocurrency mixing service Tornado Cash has seen a shift in the way criminals launder money. Decentralized exchanges, cross-chain bridges and coin swap services are becoming a new means of moving illicit funds:

“Although the use of these platforms is overwhelmingly legitimate, they facilitate cross-chain money laundering and terrorist financing due to their lack of identity checks and anti-money laundering controls.”

An example of increased use of a cross-chain avenue for illicit means is RenBridge, which Elliptic research found to have laundered around $540 million of criminal proceeds as of August 2022. Meanwhile centralized exchanges, which also facilitate cross-chain or cross-asset swaps, are less popular for illicit actors given the push for AML and identity screening/KYC solutions.

The growing prevalence of cross-chain bridge usage for illicit means highlights the need for solutions or efforts to minimize criminal usage. Akartuna suggested users conduct due diligence on the services used to hop between blockchains and tokens and be wary of platforms associated with illicit activity.

Businesses should make use of blockchain analytics tools to screen addresses and transactions and set clear risk rules for their cryptocurrency usage. Nevertheless, there are some circumstances that simply cannot be predicted or avoided, as Akartuna explained:

“The sanctions against Tornado Cash is a prime example of how legitimate wallets may be inadvertently tainted due to sudden enforcement actions, as you now have 'pre-sanctions activity' which doesn't carry the same risk as post-sanctions activity.”

Existing single blockchain analytics solutions have done a lot to combat money laundering in the cryptocurrency space but fall short of capabilities to trace, screen or forensically investigate transactions across blockchains or tokens.

As the Elliptic threat analyst highlighted, once an asset 'hops' to a different blockchain, investigations become significantly more complex and resource intensive.

“The risk here is that a wallet can hold any number of different assets, and legacy blockchain solutions are not able to automatically trace the activities of the same entity across separate chains.”

Screening the movement of funds on separate blockchains may see some assets flagged as sanctioned while others may show no risk. In theory, this could lead to an exchange or wallet user unwittingly transacting with a sanctioned entity.

Elliptic, for example, makes use of a proprietary analytics tool with ‘holistic screening’ capabilities which merges existing blockchains into an interconnected system. This allows for visualization and screening across chains to better detect the movement of illicit funds.

Prospects Don’t Look so Hot for Sam Bankman-Fried’s Invitation-Only Crypto Bahamas Event

November 25, 2022 Bitcoin.com

Terrorists are funding their horrible deeds with crypto: UN officials

October 31, 2022 Coin Telegraph

Antonio Guterres

Cash and hawala remain the “predominant methods of terror financing,” according to a UN official, however, "advanced" terror organizations are turning to cryptocurrencies.

Terrorist groups who have been excluded from the “formal financial system” have turned to crypto to fund their heinous activities, according to Svetlana Martynova, the Countering Financing of Terrorism Coordinator at the United Nations (UN).

The UN official made the comments during a speech at a “Special Meeting” run by the UN’s Counter-Terrorism Committee (CTC) in New Delhi and Mumbai on Oct. 28-29 — which was focused on combating the use of “new and emerging technologies” for terrorist purposes.

Martynova said that while cash and "hawala" — a traditional system of transferring money in Arab countries and South Asia — have been the "predominant methods" of terror financing, "we know terrorists adapt to the evolution of conditions around them and as technologies evolve they adapt as well," she said.

Martynova noted that these technologies include cryptocurrencies, which have been used to “create opportunities for abuse,” she said, adding:

“If they’re excluded from the formal financial system and they want to purchase or invest in something with anonymity, and they’re advanced for that, they’re likely to abuse cryptocurrencies.”

UN Secretary-General Antonio Guterres also stated that while emerging technologies have an “unmatched potential to improve human conditions everywhere,” the harm done also expands far beyond that of terror financing:

“Terrorists and others posing hateful ideologies are abusing new and emerging technologies to spread disinformation, foment discord, recruit and radicalize, mobilize resources and execute attacks.”

As for how the UN plans on handling the issue at an international level, Martynova said the main challenge is to get nation-states on board with its regulation.

“We have very clear global standards from the Financial Action Task Force (FATF) and the resolutions of UNSC,” she said.

However, Martynova added that very few countries have started the work on regulation, and even less so are “successfully enforcing that regulation” to deter ill-intended non-state actors.

Some efforts are being made at the state level, with the United States Department of the Treasury most notably sanctioning crypto mixer Tornado Cash over money laundering and cybercrime concerns.

A number of blockchain-based forensic firms such as Chainalysis and Elliptic have also come about in recent years to track down cybercriminals and report their activities to governments — which has helped fade away the myth that cryptocurrency is a criminal’s safe haven.

‘New frontier’ of crypto laundering involves cross-chain bridges and DEXs: Elliptic

October 5, 2022 Coin Telegraph

Bridges

Curve, Uniswap, 1inch, and the Ren bridge were the top platforms of choice for laundering illicit crypto, according to Elliptic.

New research from blockchain analytics and crypto compliance firm Elliptic has revealed the extent to which cross-chain bridges and decentralized exchanges (DEXs) have removed barriers for cybercriminals.

In an Oct. 4 report titled “The state of cross-chain crime,” Elliptic researchers Eray Arda Akartuna and Thibaud Madelin took a deep dive into what they described as “the new frontier of crypto laundering.” The report summarized that the free flow of capital between crypto assets is now more unhindered due to the emergence of new technologies such as bridges and DEXs.

Cybercriminals have been using cross-chain bridges, DEXs, and coin swaps to obfuscate at least $4 billion worth of illicit crypto proceeds since the beginning of 2020, it reported.

Around a third of all stolen crypto, or roughly $1.2 billion, from the incidents surveyed, was swapped using decentralized exchanges.

Delving further into the details, the report noted that more than half of the illicit funds it identified were swapped directly through two DEXs — Curve and Uniswap, with the 1inch aggregator protocol coming a close third.

A similar amount (around $1.2 billion) has been laundered using coin swap services which allow users to swap assets within and across different networks without having an account.

“Many are advertised on Russian cybercrime forums and cater almost exclusively to a criminal audience,” it noted.

Sanctioned entities are increasingly turning to such technologies in order to move funds and carry out cyber-attacks, according to Elliptic.

“Wallets connected to groups eventually sanctioned by the United States – including those used by North Korea to perpetrate multi-million-dollar cyberattacks – have laundered more than $1.8 billion through such techniques.”

In a June report on virtual asset risks, global money laundering, and terrorist financing watchdog, the Financial Action Task Force (FATF), also fingered cross-chain bridges and “chain hopping” as a high risk.

The Ren bridge was mentioned as a top choice for crypto laundering with the vast majority of illicit assets, or more than $540 million, passing through it.

“Ren has become particularly popular with those seeking to launder the proceeds of theft,” it said.

One potential solution to mitigate crypto theft was proposed by Stanford researchers last month. It involves an opt-in token standard called ERC-20R that provides the option to reverse a transaction within a set time period.

Bad Actors Have Stolen More Than $100,000,000 Worth of NFTs Since Last Year: Crypto Analytics Firm

August 25, 2022 The Daily Hodl

More than $100M worth of NFTs stolen since 2021 — Elliptic

August 24, 2022 Coin Telegraph

More than 0M worth of NFTs stolen since 2021 — Elliptic

Business

The firm reported that although the market downturn had caused the value of NFTs to “slump”, scammers stole an estimated 4,647 of the tokens in July 2022.

Cryptocurrency risk management firm Elliptic has released a report suggesting that scammers stole more than $100 million worth of nonfungible tokens, or NFTs, starting in 2021.

In its NFTs and Financial Crime report released on Wednesday, Elliptic said crypto users had been the victims of roughly $100.6 million worth of scams related to NFTs in the 13-month period from July 2021 to July 2022. The firm reported that although the market downturn had caused the value of NFTs to “slump”, scammers stole the most tokens in July 2022 — estimated to be 4,647 assets — and the most value in May 2022 at roughly $23.9 million.

According to Elliptic, the most valuable NFT theft the firm verified as part of its analysis was a CryptoPunk valued at $490,000 at the time it was stolen in November 2021. In December 2021, scammers were able to pilfer “16 blue chip NFTs worth $2.1 million” from a single victim in the crypto space.

The report stated that individuals had laundered more than $8 million on illicit funds through NFT platforms since 2017, while more than $328 million went through cryptocurrency mixers including Tornado Cash, sanctioned by the United States Office of Foreign Asset Control in August. The controversial mixer reportedly processed $137.6 million worth of crypto from NFT platforms and was “the laundering tool of choice” for the majority of scams.

It’s unclear how close the aforementioned figures were to the true value of crypto and NFTs involved in scams, as many go unreported or are identified after the fact. Elliptic reported more than 2,000 NFTs were stolen at rough value of $20 million in April 2022, but the fake airdrop targeting Bored Ape Yacht Club NFT holders accounted for an estimated tens of millions of dollars stolen at the time. Elliptic's data suggested that scammers removed $58.1 million worth of Ape NFTs from the Bored Ape Yacht Club and Mutant Ape Yacht Club in July 2022.

“Across June and July 2022, thefts of valuable NFTs decreased while those affecting lower value early-stage projects rose,” said Elliptic. “This trend likely partially reflects valuable NFT owners ‘hodling’ their assets throughout the bear market and not engaging as actively with new projects vulnerable to scammer activity.”

Scammers continue to employ a variety of methods to relieve crypto users of their NFTs, through phishing attacks, exploits of a marketplace, and others. The tokens recently became the target in a class-action lawsuit with the potential to influence how the U.S. Securities and Exchange Commission may view assets in the crypto space as securities.

Cross-chain bridge RenBridge laundered $540M in hacking proceeds: Elliptic

August 11, 2022 Coin Telegraph

Cross-chain bridge RenBridge laundered 0M in hacking proceeds: Elliptic

blockchain bridges

The blockchain forensics firm said cross-chain bridges provide an "unregulated alternative" to exchanges for transferring value between blockchains.

Cross-chain bridges have been the target of more than a few hacks this year, but new data from blockchain analytics provider Elliptic alleges one has been used to launder over half a billion dollars in ill-gotten crypto assets.

According to an Aug. 10 report, crypto bridge RenBridge has facilitated the laundering of at least $540 million in proceeds of crime since 2020 through a process known as chain hopping — converting one form of cryptocurrency into another and moving it across multiple blockchains.

Elliptic said that decentralized cross-chain bridges provide “an unregulated alternative to exchanges for transferring value between blockchains.”

Rogue states and hacker groups

For the most part, cross-chain bridges or blockchain bridges are used for legitimate purposes, enabling users to move cryptocurrencies seamlessly across blockchain networks.

Users typically deposit their tokens from one chain to the bridge protocol, which is locked into a contract, then the user is issued the equivalent of a parallel token in another chain.

However, Elliptic noted these bridges have also been used by ransomware gangs, exploiters, and hackers to launder proceeds of crime, with RenBridge accounting for at least $540 million of laundered proceeds since 2020.

Most recently, at least $2.4 million in crypto assets stolen during the Nomad hack on Aug 2 went through the cross-chain bridge, according to the firm.

Elliptic also noted that assets from decentralized finance (DeFi) services worth at least $267.2 million have been laundered using RenBridge in the last two years, while a portion of the $80 million stolen from Liquid Global exchange last year, allegedly by North Korea, has passed through RenBridge.

The Conti ransomware group, which famously attacked the Costa Rican government back in June, has also laundered over $53 million through RenBridge so far.

Authorities concerned

Elliptic noted that blockchain bridges such as RenBridge poses a challenge to authorities trying to clamp down on individuals and groups using the emerging technology for illicit activities.

"Blockchain bridges such as RenBridge pose a challenge to regulators since there is no central service provider that facilitates these cross-chain transactions," it said.

In a Jun. 30 status report from the Financial Action Task Force (FATF), the intergovernmental organization highlighted increasing risks associated with "chain hopping," particularly in the DeFi space:

“The rapid growth and evolution of the Defi sector is a cause for concern as it could cause risks to accelerate and proliferate.”

Elliptic

A blow to money-laundering operations

Not all mixers are being used for illicit means

Keeping tabs

Rogue states and hacker groups

Authorities concerned

Share this video