Search This Blog

Showing posts with label Money Laundering. Show all posts

ChipMixer: Cryptocurrency Mixer Taken Down After ‘Laundering $3bn in Cryptocurrency’

Darknet cryptocurrency mixer, ChipMixer has been shut down as a result of a sting conducted by Europol, the FBI, and German police, which investigated servers, and internet domains and seized $46 million worth of cryptocurrency. 

During the raid, it was discovered that wallets connected to North Korean cybercriminals and Russian intelligence services had evidence of digital currencies. 

The US criminal prosecutors have booked a Vietnamese man they claim to have run the service since its August 2017 creation. Potentially contaminated funds are gathered by mixers and sent at random to destination wallets. 

Minh Quoc Nguyen, 49, of Hanoi has been accused of money laundering, operating an unlicensed money-transmitting business, and identity theft. The FBI has included him on the wanted criminal list. 

Criminals laundering more than $700 million in bitcoin from wallets identified as stolen funds, including money taken by North Korean hackers from Axie Infinity's Ronin Bridge and Harmony's Horizon Bridge, were among the service's customers. 

It has also been reported that APT28, the Russian military intelligence, and Fancy Bear also utilized ChipMixer in order to buy infrastructure used from Kremlin Drovorub malware. Moreover, according to Europol, the Russian RaaS group LockBit was also a patron. 

ChipMixer joins a relatively small group of crypto mixers that have been shut down or approved, enabling criminals to conceal the source of the cryptocurrency obtained illegally. The list presently includes, which was probably renamed and relaunched as Sinbad, and Tornado Cash, a favorite of cybercriminals that helped hackers launder more than $7 billion between 2019 and 2022. 

The Federal Criminal Police Office of Germany seized two ChipMixer back-end servers and more than $46 million in cryptocurrencies, while American investigators seized two web domains that pointed to the company. 

According to court documents, ChipMixer has enabled customers to deposit Bitcoin, which would then be mixed with other users’ Bitcoin in order to anonymize the currency. 

Court records state that ChipMixer allowed users to deposit Bitcoin, which was then combined with Bitcoin from other users to make the currency anonymous. But, this mixer took things a step further by converting the deposited money into tiny tokens with an equal value called "chips," which were then combined, further anonymizing the currencies and obscuring the blockchain trails of the funds. This feature of the platform is what attracted so many criminals. 

The domain now displays a seizure notice, stating: “This domain has been seized by the FBI in accordance with a seizure warrant.” 

“Together, with our international partners, we are firmly committed to identifying and investigating cybercriminals who pose a serious threat to our economic security by laundering billions of dollars’ worth of cryptocurrency under the misguided anonymity of the darknet,” adds Scott Brown, special agent in charge of Homeland Securities Investigations (HSI) Arizona.  

How Threat Actors Are Changing Money Laundering Campaigns

Change in the money-laundering game

It is next to impossible to locate the exact amount of money that's been laundered globally, conservative estimates suggest anywhere between $800 million to $2 trillion. This is just the tip of the iceberg. It's a crime that fuels some of the world's most dangerous criminal operations. 

It's also a tactic threat actors use to cover up their tracks and the profits they make from campaigns like large-scale ransomware attacks. The increase of cryptocurrency has also allowed cybercriminals to avoid getting caught. 

Financial enterprises, cryptocurrency companies, and other institutions have to pay fines for not being able to root out money laundering as regulators and government agencies worldwide try to crack down on this major challenge. 

The bad news is that as we move toward 2023, automation is going to make the situation only worse. We can expect a rise in money laundering as-a-service. The good news is that there are ways to fight this problem and collectively mitigate cyber criminals' ability to operationalize. 

The Crypto money laundering case

A go-to tactic by threat actors looking to advance in ranks is using 'money mules.' Money mules are individuals that help launder money- sometimes, unknowingly. They're often baited under promises of legitimate jobs and false pretenses, only to find later that the job is to help launder profits from cybercrime. 

Traditionally, money laundering was done through anonymous wire transfer services. These transfers can be tracked easily by law enforcement agencies and regulators. Nowadays, cybercriminals have shifted to using cryptocurrency. 

A lack of regulatory supervision along with anonymous transactions, make it the ideal platform for money laundering. A Chainalysis report discovered that cybercriminals laundered $8.6 billion in cryptocurrency in 2021. It's a 30% increase since that year. 

Rise in money-laundering recruitment campaigns

Making recruitment campaigns for money mules takes a lot of time and resources. To hide their true purpose, threat actors will sometimes go to great extents and build genuine-looking websites for fake companies and also post fake job openings to make the business look authentic. 

But machine learning (ML) and automation will make the process much easier and quicker. ML can effectively target potential recruits in less time. We can also expect a few manual campaigns replaced with automatic services that will allow cybercriminals to launder money through layers of crypto exchanges- it's going to make the process fast and difficult to track. It also means that it will be hard to recover stolen money. 

Together, these tactics make 'money-laundering-as-a-service' (MLaaS), and it's going to be another weapon in the cybercrime inventory. 

Combatting new money-laundering challenge

While threat actors will look for any means possible to launch an attack and launder money easily, it doesn't mean that we have to accept the situation as it is. 

The biggest factor in fighting the MLaaS is going to include public-private collaboration on a massive scale. Companies across the globe can share threat intelligence with each other, helping to build a secure defense. 

Dark Reading says, "it must be reiterated that cyber hygiene and education must be prioritized as well. No matter the type of organization you're in or the role you're in, this is essential for everyone. Everyone can play a key role in helping keep organizations safe from bad actors. This includes things like more digital literacy — and how to recognize a too-good-to-be-true job ad for the scam it really is. And of course, there's the concept of fighting fire with fire — as bad actors adopt more automation and ML-based approaches, so, too, must defenders."

Ex Uber Employee Made 388 Fake Driver Profiles, Duped Company of Rs 1.17 Crore

Ex Employee dupes Uber of Rs 1.17 Crore

A former Uber employee has been charged for duping the company of Rs. 1.17 crore by making 388 fake driver profiles and putting them on the company's server. The money was then transferred to only 18 bank accounts linked with these fake profiles. The accused was working with the company till December 2021 as a contractor. Uber's authorized signatory lodged the complaint in April last year. The accused's job was to look over driver payments and update the information of the authorized drivers in the company's spreadsheet so that the money could be transferred to the respective accounts.

FIR registered

Uber during its inquiry, discovered that out of the 388 fake driver profiles, 191 profiles were made using the same IP addresses associated with the accused man's system. 

"To avoid inconveniencing driver partners, a spreadsheet is automatically uploaded regularly. A large number of transactions were processed by this automated spreadsheet and the accused was responsible for updating the details of the driver-partner accounts to be paid," Uber said in the complaint. The man created and made various fake driver partners’ accounts in the spreadsheet.

According to the police, the accused has been booked under sections 408 (criminal breach of trust by a servant), 420 (cheating), 477-A (falsification of accounts), and 120-B (criminal conspiracy) of the IPC. 

The Uber complaint further read "191 cases out of 388 cases matched with the IP addresses used by Viney Gera to log into his work computer on the same day as the creation of the accounts. In the above manner, a total amount of Rs 1,17,03,033 has been fraudulently paid to these fake driver partners into only 18 bank accounts."

PTI quotes Inspector Deepak Kumar, SHO, Sushant Lok Police Station said "we are investigating the matter and the accused will be arrested as soon as possible," PTI reports.  

Handling of driver partner payments

An Indian Express report explained how Uber handles driver payments when their accounts show a negative balance. A negative balance in an Uber driver's account means payment is overdue. This is removed when the driver pays the amount to the company. After this, a positive payment is credited to the partner's account, and the details of the transaction are updated in a spreadsheet. 

The data (company spreadsheet) is then "uploaded to an Uber Payment Tool through an automated python script." The upload adds a positive balance to the driver partner's account to remove arrears that allow the driver to drive again. 

Expansion of the LockBit Ransomware


To keep the masses notified about potential threats, the Cybereason Global Security Operations Center (GSOC) Team publishes Cybereason Threat Analysis Reports. The Threat Analysis Reports examine into such threats and offer suggestions for how to defend against them. 

LockBit, which was first identified in September 2019, uses the ransomware-as-a-service (RaaS) attack method and targets businesses. The ransomware operators are improving their techniques to disable Endpoint detection and response (EDR) tools and other security solutions. 

Variables of the Virus 

Using the infrastructure and tools already in place for ransomware, Lockbit RaaS enables affiliates to conduct their own attacks while splitting a portion of the money received.

The affiliates associated with the LockBit gang utilized their own malware and tools to exploit the targets in the first attack that the researchers were able to document, which happened in Q4 2021. The majority of the infections that the researchers examined involved threat actors infiltrating the target networks by taking advantage of a misconfigured service, particularly an RDP port that was left accessible to the public. 

The attacker started the reconnaissance work and credentials extraction after gaining the first foothold on the vulnerable network. In this instance, the attackers employed advanced network monitoring tools like Netscan and Mimikatz to find the network's structure and valuable assets. 

The researchers describe a second infection that happened in Q2 of 2022. The researchers described the attack's many phases, including the initial compromise, lateral actions, creating durability, upgrading of privileges, and the generation of the ransomware in its final stages. 

The attackers made use of net.exe to create domain accounts and grant themselves 'domain administrator' rights. They then exploited these accounts to propagate throughout the victim's network and maintain persistence. The researchers also discovered that the attackers were using Ngrok, a reliable reverse proxy tool that enables them to build a tunnel to servers protected by firewalls.

Additional PCs in the target network were also infected by the threat actors with the malware 'Neshta', a file infector that inserts malicious code into targeted executable files. 

Exfiltration of Records

The data was collected and exfiltrated when the LockBit affiliate secured persistent remote access and the necessary credentials. For this, the actors employed three different tools: 
  • Filezilla.exe is used to establish a connection to attacker-controlled remote FTP service. 
  • Data exfiltration using Rclone.exe to a cloud hosting provider associated with 'Mega'.
  • Data exfiltration tool Megasync.exe to a "Mega"-related cloud hosting provider .
The LockBit affiliate has now fulfilled all the steps required to run the LockBit payload and start encryption:
  • Through several hacked devices, persistence in the system.
  • Access to accounts with high privilege.
  • Gathered and leaked victim info.
  • List of the most valuable assets discovered through network scans .
Along with Mitre mapping, the experts also discussed signs of vulnerability. LockBit 3.0, which includes significant innovations like a bug bounty program, Zcash payment, and new extortion techniques, was just launched by the Lockbit ransomware operation. The group is now one of the most active ransomware gangs and has been active at least since 2019.

DeepDotWeb Operator Sentenced to Eight Years for Role in $8.4 million Kickback Scheme


An Israeli national was sentenced to 97 months in prison in connection with operating the DeepDotWeb (DDW), a website that connected internet users with darknet marketplaces.

From 2013, Prihar (37) and co-defendant Michael Phan (34), started operating DeepDotWeb and provided a platform for Dark Web news and links to marketplaces, redirecting visitors to their .onion addresses -- websites that are not available via standard search engines in the clear web.

The conviction of Tal Prihar, 37, was announced last week by the U.S. Department of Justice and U.S. Attorney Cindy K. Chung for the Western District of Pennsylvania for money laundering and was ordered to forfeit $8,414,173, ASUS laptop, iPhone, and accounts at various cryptocurrency exchanges such as Kraken, Binance and OKCoin. 

Prihar had pleaded guilty to conspiracy to commit money laundering in March 2021, almost two years after his arrest and the site's seizure, while Phan remains in Israel and is currently undergoing extradition proceedings.

For linking users with the illegal darknet marketplaces, Prihar received a total of 8,155 bitcoins from his affiliate marketing deals with marketplace operators. To conceal the sources of these payments, Prihar converted them to fiat currency and laundered it through other Bitcoin and bank accounts he controlled in the name of shell companies. 

"To conceal the nature and source of these illegal kickback payments, Prihar transferred the payments from his DDW bitcoin wallet to other bitcoin accounts and to bank accounts he controlled in the names of shell companies." explains the DoJ announcement. 

The investigation into DDW involved the FBI's Pittsburgh Field Office, French authorities, Europol, the IRS, German law enforcement, the Israeli National Police, and the UK's National Crime Agency (NCA), among other organizations. 

Additionally, the DoJ also announced the sentencing of an associate of the Dark Overlord hacking group for his role in possessing and selling more than 1,700 stolen identities, including social security numbers, on the dark web marketplace AlphaBay. 

Slava Dmitriev, a 29-year-old Canadian citizen who was arrested in Greece in September 2020 and extradited to the U.S. in January 2021, was sentenced to a jail term of three years after he pleaded guilty in August 2021 to fraud charges.

French Authorities Have Detained a Suspect in Case of Money Laundering of €19 Million


This week, French authorities apprehended a suspect under suspicion of laundering more than €19 million ($21.4 million) in ransomware extortion payouts. 

Law enforcement agencies have not revealed the accused's name, which has only been recognized as a person from the Vaucluse area in southeast France, and neither the title of the ransomware organization with which he worked. 

The detention this week follows as law enforcement agencies throughout the world have started to collaborate and crackdown on ransomware activities following years of recurrent attacks, most of which have disrupted government agencies and private sector organizations on many occasions. 

This year has seen several crackdowns targeting ransomware gangs, including: 

  • February – The arrest of Egregor/Maze members in Ukraine. 

According to French radio station France Inter, participants of the Egregor ransomware cartel were apprehended in Ukraine. The existence of a law enforcement activity was already verified by sources in the threat intelligence community. The Egregor gang, reportedly began operations in September 2020, follows a Ransomware-as-a-Service (RaaS) strategy. They rent ransomware strain access, but they depend on some other cybercrime gangs to organize attacks into corporate networks and distribute the file-encrypting ransomware. 

  • March – The arrest of a GandCrab affiliate in South Korea. 

The arrest of a 20-year-old accused on allegations of spreading and infecting victims with the GandCrab ransomware was announced by South Korean national police. The accused, whose identity has not been revealed, was a client of the GandCrab Ransomware-as-a-Service (RaaS) cybercrime organization. Police described the suspect as an associate — or a distributor — who operated by obtaining copies of the GandCrab ransomware and spreading them via email to victims around South Korea. 

  • June – The arrest of a group of Ukrainian money launderers who worked with the Clop gang.

Representatives of the Clop ransomware gang, who were apprehended in Ukraine as part of an international law enforcement operation, also provided money-laundering facilities to other cybercrime organizations. The group was involved in both cyber-attacks and "a high-risk exchanger" that laundered funds for the Clop ransomware gang and other criminal groups, according to cryptocurrency exchange portal Binance. 

  • September – Sanctions against Suex, a Russian crypto-exchange used to process ransomware 

Suex, a cryptocurrency exchange incorporated in the Czech Republic but managed by Russia, was sanctioned by the US Treasury. According to a blockchain analysis company, Suex has assisted ransomware and other cybercrime organizations in laundering more than $160 million in stolen assets. Suex has aided in the processing of ransom payments to gangs like Conti, Ryuk, and Maze.

  • October – The arrest of 12 suspects behind the LockerGoga ransomware. 

According to Europol, twelve members of a ransomware cell were apprehended in Ukraine and Switzerland. The accused are suspected of orchestrating the ransomware attack that damaged Norsk Hydro in 2019, the organization was linked to 1,800 ransomware assaults in 71 countries.

  • November – The arrest of a REvil affiliate in Ukraine for the Kaseya attack. 

The US Department of Justice charged a 22-year-old Ukrainian national with coordinating the ransomware assaults against Kaseya servers on July 4th of this year.

  • December – The arrest of a Canadian citizen for the attack against an Alaskan healthcare provider. 

Since 2018, Canadian authorities had jailed an Ottawa resident on suspicion of organizing ransomware attacks on commercial companies and government agencies in Canada and the United States.

Interpol Collaborated International Operation- 'HAEICHI-II'


The International Criminal Police Organization commonly known as the Interpol has run a collaborated international operation, ‘HAECHI-II’ that led to the arrest of 1,003 criminals while intercepting a total of nearly USD 27 million of illicit funds, which were found to be linked to various cyber-crimes such as investment frauds, romance scams, online money laundering, and illegal online gambling. The organization has published more than 50 notices relating to Operation HAECHI-II and discovered 10 new fraudulent schemes. 

The operation that ran for over four months from June to September 2021  according to the sources  collaborated between specialized police forces coming from 20 countries including the Hong Kong police unit, Angola, Brunei, Cambodia, Colombia, China, India, Indonesia, Ireland, Japan, Korea (Rep. of), Laos, Malaysia, Maldives, Philippines, Romania, Singapore, Slovenia, Spain, Thailand, Vietnam, and Macao. 

During the operation, Interpol researchers used a new global stop-payment mechanism named as Anti-Money Laundering Rapid Response Protocol (ARRP), which allows researchers to intercept and recover illicit funds. 

The officers blocked 2,350 individuals’ bank accounts that were linked to the illicit proceeds of online financial crime and intercepted over 27 million dollars.

“The results of Operation HAECHI-II show that the surge in online financial crime generated by the COVID-19 pandemic shows no signs of waning,” said INTERPOL Secretary General Jürgen Stock.

“It also underlines the essential and unique role played by INTERPOL in assisting member countries combat a crime which is borderless by nature. “Only through this level of global cooperation and coordination can national law enforcement effectively tackles what is a parallel cybercrime pandemic,” added Secretary General Stock.

HAECHI-II is the second operation in a three-year effort to take down certain types of financially motivated cybercrimes, such as illegal online gambling and romance scams. 

Headquartered in Lyon, France — Interpol is popularly known for its work and operations relating to the prevention and suppression of crimes. The organization provides worldwide police cooperation and crime control, it is the world's largest international police organization, with seven regional bureaus worldwide and a National Central Bureau in all 195 member states.

Cyber Criminals Using a New Darknet Tool to Escape Detection


There has been an ongoing war between criminals and authorities in cyberspace for years. Although cryptocurrencies are anonymous in nature, new techniques for tracking funds around the cryptocurrency blockchain have led to the arrest of dozens of cyber-criminals in the previous two years. 

But recently a new website has surfaced on the darknet that allows criminals to assess how "clean" their digital currencies are. 

Dr. Tom Robinson, chief scientist and founder at analysis provider Elliptic, who discovered the website explained, "We're seeing criminals start to fight back against blockchain analytics and this service is a first." 

"It's called Antinalysis and criminals are now able to check their own Bitcoin wallets and see whether any association with criminal activity could be flagged by authorities." 

According to Elliptic, the finding demonstrates how complex cybercrime networks are becoming and how concerned criminals are about being detected. 

"It's a very valuable technique. If your funds are tainted, you can then do more laundering and try to remove that association with a criminal activity until you have clean coins," he said. 

According to Dr. Robinson, this new trend is concerning that could make their work and law enforcement difficult. However, as per the researchers who examined it, the service isn't functioning very well right now. 

"It actually wasn't very good at identifying links to criminal sites. However, it will inevitably improve over time. So I think this is going to be a significant capability for criminals and money launderers in the future." 

Authorities all across the world, including China, the United Arab Emirates, and the United Kingdom, are attempting to address the rising problem of money laundering using cryptocurrencies. Cryptocurrency monitoring has resulted in several high-profile arrests, such as US teenager Graham Ivan Clark, who is presently in prison for plotting one of the largest-ever social media hacks. 

Last year, on July 15, Clark hacked into the accounts of dozens of celebrities, including Kim Kardashian, Elon Musk, Bill Gates, and Joe Biden, on Twitter.

"Everyone is asking me to give back," Mr. Gates stated in a tweet purportedly sent from his account. "You send $1,000, and I send you $2,000 back." After that, Clark and his hacking team tweeted an ad for a cryptocurrency fraud, which resulted in hundreds of transfers from people wanting to profit from the fraudulent giveaway. 

Clark gained more than $100,000 (£72,000) in only a few hours and began the process of transferring the money around to cover his tracks. He is now 18 years old, pleaded guilty, and is currently serving a three-year sentence in a Florida jail. 

The growing usage of so-called privacy coins is another trend that authorities are concerned about. Cryptocurrencies like Monero, for example, provide more secrecy than popular coins like Bitcoin. 

Hackers are now urging victims to pay with these currencies in return for a discount in some extortion incidents. This is a trend that is yet to completely take off, and Kim Grauer, director of research at bitcoin monitoring firm Chainalysis, believes that this technique offers disadvantages for criminals. 

"Privacy coins haven't been adopted to the extent that one may expect. The primary reason is they aren't as liquid as Bitcoin and other cryptocurrencies. Cryptocurrency is only useful if you can buy and sell goods and services or cash out into mainstream money, and that is much more difficult with privacy coins."

Uttarakhand, India Special Task Force Exposed a China Based Money Laundering Racket


The Police of Uttarakhand, India claimed that the web racket has duped naïve investors with at least 250cr Rs by guaranteeing to almost double their money in just 15 days but rather by turning it out in the cryptocurrency. 

Pawan Kumar Pandey was detained on a Monday night from Gautam Buddh Nagar, Noida a district in Uttar Pradesh, who is accused of running a ghost corporation to transfer his defrauded money to his alleged "handler in China." He has been caught with his 19 laptops, 592 SIM, 5 mobile phones, 4 ATM cards, and a passport. 

Uttarakhand police chief (DGP) Ashok Kumar said that after two Haridwar locals, Rohit Kumar and Rahul Kumar Goyal had complained about this scam the racket was scrutinized. 

“A week ago, they claimed that one of their friends told them about a mobile app on Google Play Store named Power Bank, which doubled returns on investment within 15 days. Believing him, they downloaded the app and deposited ₹91,200 and ₹73000,” said Kumar. 

However, after one month of making the deposit, when they didn't receive any returns, they realized that they were tricked, he added. 

The special task force launched a test to find out that the relevant mobile app was available on the Google Play Store from February 2021 to May 12, 2021, during which a minimum of 50 lakh individuals installed the application. Police also established that the money deposited through the app was moved to the detained person's bank accounts via payment gates. 

He said the money was subsequently converted into cryptocurrencies. The application was connected to China during the cyber forensic examination, where Pandey's operators reside. They used to cash the cryptocurrencies into their local currencies to complete the money laundering chain, that began with the Indians being duped by the app. 

“In this case too, they partnered with Pandey and used his identity documents to register a shadow company with the Registrar of Companies (RoC) and to open two bank accounts, where the money siphoned off from the victims was deposited. They opened a shadow company in Noida named Purple Hui Zing Zihao. Pandey was registered as the company’s owner and the firm was shown as the developer of the fraudulent app,” said Bharne, Uttarakhand’s deputy inspector general (law & order). 

Pandey added that though he earned commissions from the Chinese accused, the bank accounts and the business was handled remotely. He had received a salary payment of 1.50 lakh from the Chinese. He also told cops that his operators are using the same modus operandi, as there are many other identical apps. Initially, however, the accused doubled certain investments to win the confidence of future investors. 

“We have taken at least 20 such shadow companies under our radar for suspected fraudulent activities like the above-mentioned one. We have received 20 other similar complaints from people in the state and they [the complaints] are under probe,” the senior police officer said.

Creator of McAfee Antivirus Software Charged For Conspiracy?


Creator of McAfee antivirus software, Businessman John McAfee is charged under a conspiracy to commit fraud and money laundering in the U.S. McAfee and his bodyguard Jimmy Gale Watson Jr are found guilty of advertising cryptocurrencies on Mr. McAfee's huge Twitter follower base to inflate prices. As per prosecutors, these currencies were then sold, earning a total of $2m (€1.45 M). The accused have not issued any response to the charges made.  Currently, McAfee (age 75) is under detention in Spain due to separate charges relating to tax fraud, that he is denying. 

The fresh charges were filed in the Manhattan Federal Court, New York. He is facing potential extradition to the U.S, whereas Watson was captured earlier this week. According to BBC, "in 2012, he made headlines after police in the Central American country of Belize investigated the death of one Mr. McAfee's neighbors and named him as a 'person of interest'. Mr. McAfee left the country saying he feared for his own safety. Officials ultimately said he was not a suspect." McAfee and his bodyguard are accused of buying promoting the cryptocurrency assets on Twitter, where Mr. McAfee has millions of followers. 

As per the US justice department and the Commodity Futures Trading Commission, the plan was to sell these assets the moment the asset's price rose. The pair is said to make $11M (€8m) from the cryptocurrency startup payments via promoting the assets on Twitter, while the investors who bought them were unaware of the payments. As per the federal prosecutor, this equals exploiting a widely used social media platform (in this case Twitter) and the enthusiasm of investors in the growing cryptocurrency sector to profit millions via deceit and lies. In the former case which was disclosed the previous year. 

Mr. McAfee was charged for not filing tax returns from 2014-2018. He is also accused of using different people's names to hide his assets which include a yacht and property. "The entrepreneur, who was born in the UK, also launched unsuccessful bids to become the Libertarian Party's candidate for the US presidential elections in 2016 and 2020. Mr. McAfee has previously expressed his disdain for taxes, tweeting in 2019 that he had not filed tax returns for years because "taxation is illegal", reports BBC.  

3 Unique Procedures to Counter Money Laundering in India


The main weapon used by money launders to launder cash is bitcoin and other cryptocurrencies alternatives. India’s cryptocurrency exchanges deployed their own KYC regulations and anti-money laundering protocols for users.

Nishal Shetty, CEO of India’s largest cryptocurrency exchange WazirX said we follow all the necessary protocols such as asking users for ID and address proof like Aadhar and PAN Card. Our platform also emphasizes that money must come from the concerned customers' bank account and not from the third party bank account.

Cryptocurrency exchanges use various procedures to conduct KYC, one such method is penny drop. Penny drop method helps in verifying the user’s personal information and bank details, for example, a token of 10 rupees is transferred to the user’s account to confirm bank account details. This method confirms the account holder’s name as registered with the bank, to the transferor.

Neeraj Khandelwal, co-founder of CoinDCX stated that “for corporate clients who are given higher trading limits, more documents like articles of association, board resolutions authorizing crypto investment, etc. are needed”.

Chainlink is one of the most familiar software among cryptocurrency exchanges which helps in identifying rogue addresses. Khandelwal further stated “we use a globally renowned crypto AML tool to check for blacklisted crypto addresses. If a legitimate user has got crypto from such an address, maybe through peer-to-peer and he or she wants to transact on our exchange, we ask for additional KYC such as source of funds and profession”.

Bitcoins and other cryptos are not held in bank or demat accounts contrary to other financial assets such as stocks, bonds, and FDs. The cold wallet is the method that can be used for holding on to the bitcoins and other cryptos, it is the hardware device or even paper that is not linked to the internet. Therefore, cold wallets cannot be easily seized by law enforcement authorities.

In 2020, cybercriminals started laundering four times more money

According to the Kaspersky Fraud Prevention report, in 2020, attackers most often tried to make unauthorized money transfers by using a compromised account (in 36% of cases) or by infecting the device with malware (31%).

In 2019, malware attacks were the absolute leader, 63% of the total number was recorded. The share of incidents related to money laundering increased fourfold this year and amounted to 12%.

Hackers use complex and multi-stage money laundering schemes: they change accounts, companies, presentation, currency, and jurisdiction many times. In this regard, financial organizations need to build a cybersecurity system in such a way as to minimize the possibility of hacking, as well as to promptly monitor any illegitimate actions.

In e-commerce, the most common form of fraud is the abuse of welcome bonuses in loyalty programs. The scheme is quite simple: attackers massively register accounts in the marketplace, receive welcome bonus points, and buy products with a discount under the bonus program. For example, in one case, a fraudster bought diapers and candy and then sold the purchased goods at a profit on popular trading platforms. In the future, the created accounts were not used, their average life was 1-2 days.

"As before, one of the most common methods of fraud is the use of applications with remote access tools. Also, the attackers have mastered the scheme of spoofing numbers for incoming calls. Bank customers, unfortunately, are often deceived, because they are used to the fact that a real call from a financial institution can be made from different numbers. The Kaspersky Fraud Prevention platform, aimed specifically at banks and other financial institutions, allows tracking the activity of hackers by analyzing a variety of parameters, including user behavior, device parameters, and the presence of malicious or dangerous programs," said Ekaterina Danilova, Business Development Manager at Kaspersky Fraud Prevention.