According to a recent analysis by the blockchain forensic company Chainalysis, the use of cryptocurrency mining as a technique to improve money laundering skills extends beyond nation state actors and has particular appeal to regular criminals.
As per reports, sanctioned nation-states like Iran have turned to cryptocurrency mining as a way to amass money away from the traditional banking system. In a recent development, cybersecurity firm Mandiant also disclosed how the Lazarus Group, a notorious North Korean hacker group, has been utilising stolen cryptocurrencies like Bitcoin to buy freshly-mined cryptocurrency through hashing rental and cloud mining services.
Simply explained, online criminals mine "clean" coins using stolen crypto and then utilise different businesses to launder them.
One of these sites, according to Chainalysis, is an unnamed "mainstream exchange" that has been acknowledged as having received "substantial funds" from wallets and mining pools connected to ransomware activity.
In total, $94.2 million was sent to one of these recognised deposit addresses, of which $19.1 million came from ransomware addresses and the remaining $14.1 million from mining pools.
However, Chainalysis found that the ransomware wallet in question was occasionally sending money to a mining pool "both directly and via intermediaries."
“This may represent a sophisticated attempt at money laundering, in which the ransomware actor funnels funds to its preferred exchange via the mining pool in order to avoid triggering compliance alarms at the exchange,” the report reads.
Chainalysis further asserts that "ransomware actors may be increasingly abusing mining pools"; citing its data, the company stated that "since the start of 2018, we've seen a large, steady increase in value sent from ransomware wallets to mining pools."
A total of 372 exchange deposit addresses have received cryptocurrency transfers totaling at least $1 million from mining pools and ransomware addresses.
Instances like these, in the opinion of the company, point to ransomware criminals trying to pass off their stolen money as earnings from cryptocurrency mining.
Chainalysis said that "this sum is certainly an underestimate," adding that "these exchange deposit addresses have received a total of $158.3 million from ransomware addresses since the beginning of 2018.
Illegal money transfers
Chainalysis cites BitClub as an additional noteworthy instance of cybercriminals using mining pools. BitClub was a notorious cryptocurrency Ponzi scheme that deceived thousands of investors between 2014 and 2019 by making claims that its Bitcoin mining operations would generate significant returns.
The company claims that BitClub Network transmitted Bitcoin valued at millions of dollars to wallets connected to "underground money laundering services" allegedly based in Russia. These money laundering wallets then transferred Bitcoin to deposit addresses at two well-known exchanges over the course of three years.
The same period, between October 2021 and August 2022, saw the transfer of millions of dollars' worth of Bitcoin to the identical deposit addresses at both exchanges by an unidentified Russian Bitcoin mining company.
The cryptocurrency exchange BTC-e, which the U.S. authorities accuse of promoting money laundering and running an illegal money service business, sent money to one of the wallets allegedly linked to the alleged money launderers.
Additionally, it has been claimed that BTC-e handled money that was stolen from Mt. Gox, the biggest Bitcoin exchange in the early 2010s.
These accusations led to the seizure of BTC-e by American authorities in July 2017, the removal of its website, and the arrest of its founder, Alexander Vinnik, in Greece the same month.
Prevention Tips
According to Chainalysis, mining pools and hashing providers should put strict wallet screening procedures in place, including Know Your Customer (KYC) protocols, in order to "ensure that mining, which is a core functionality of Bitcoin and many other blockchains, isn't compromised."
The company also believes that these verification processes can successfully stop criminals from using mining as a means of money laundering by using blockchain analysis and other tools to confirm the source of funds and rejecting cryptocurrency coming from shady addresses.