Crypto Giggle
U.S. After a Chainalysis study revealed a spike in cryptocurrency transactions related to CSAM, Senators Elizabeth Warren (left) and Bill Cassidy (right) launched an initiative aimed at tackling the issue of cryptocurrencies being used in child sexual abuse materials trade. The FBI issued warnings about unregistered crypto services and cryptocurrency mixers. Blockaid, a security company, has taken steps to combat crypto-related crimes. This includes shutting down drainer activities on Ethereum networks.
Contents
Senators target crypto in child abuse trade
U.S. Elizabeth Warren and Bill Cassidy launched a coordinated effort to combat the use of cryptocurrencies for the trading of child sexual abuse materials (CSAM). The January 2024 Chainalysis Report caused a great deal of concern, as it showed a significant increase in the number of crypto transactions related to CSAM. This was mainly due to “mixers” or “privacy currencies” such as Monero (XMR). The Department of Justice and Department of Homeland Security have been questioned by both senators about their capabilities to handle these crimes.
Warren and Cassidy, in a letter to Merrick Garland (Attorney General) and Alejandro Mayorkas (Secretary of Homeland Security), demanded details about the technical capabilities of these agencies for tracking and prosecuting the clandestine usage of digital currency to support these illegal activities. The letter also highlighted the difficulties that the existing Anti-Money Laundering rules and enforcement strategy face when it comes to curbing cryptocurrency misuse.
In their letter, the senators outlined 6 key questions aiming to understand the federal response on the cryptographic aspect of CSAM trading and determine the need for new investigation tools. The senators expect to receive answers by 10 May.
This year, crackdowns against crypto-crime have been on the rise. In March, the DOJ indicted KuCoin and its two founders for operating an unlicensed money-transfer business as well as violating the Bank Secrecy Act. On March 26, the DOJ filed an indictment against KuCoin, its founders and for running a money-transmitting business without obtaining a license and for violating the Bank Secrecy Act.
FBI Issues New Warning
Federal Bureau of Investigation has issued a recent public service announcement urging Americans to only use registered Cryptocurrency money services businesses (MSBs), which comply with Know Your Customer regulations and anti-money laundering (AML). This warning was released on April. The warning was issued on April 25. It highlighted some of the potential risks that could arise from using cryptocurrency services without a license, including financial instability, particularly if money is mixed with illegally obtained funds.
The announcement came after the arrests of Samourai Wallet’s co-founders, who run a Bitcoin wallet service and a crypto mixing service. Keonne Rodriguez, the CEO of Samourai Wallet and William Hill, its CTO were arrested and charged with money laundering as well as operating an illegal money-transmitting service. They now face up 25 years behind bars.
Crypto lawyer Michael Bacina from Piper Alderman believes the FBI’s warning is mainly targeting users of crypto mixing services and smart-contract-driven privacy tools, like Samourai or Tornado Cash. He did, however, criticize the broadness and lack of specificity in the warning, as well as the fact that it lacked the nuance necessary to address the complexity of decentralized system.
It is not clear what constitutes a MSB. The FBI announcement was described by Bankless’ co-founder Ryan Sean Adams as “eerie” and he questioned how the MSB criteria is determined.
What is a crypto mixer?
The use of crypto mixers (also known as tumblers) has become an issue for many government agencies that oversee financial security. The services are designed to increase the privacy of crypto transactions by hiding their origins. The users mix identifiable funds into large funds pools, which makes it hard to track individual transactions. While this feature is appealing from a privacy perspective, it also presents a number of risk factors for money laundering or the concealment illicit gains.
There are two main types of crypto mixers: decentralized and centralized. A centralized mixer is a service whereby a company will take Bitcoin from the user, and return different Bitcoin less a small fee. On the other hand decentralized mixers use protocols such as CoinJoin that allow users to pool Bitcoin and then redistribute them in a way where each user receives a bitcoin, while the source and destination are obscured.
Other mixers are more complex, such as those that use obfuscation or zero knowledge. The transaction graph is hidden by obfuscation mixing techniques. This can only be reconstructed with sufficient resources. Zero-knowledge mixing uses advanced cryptographic methods to erase the entire transaction graph. This offers higher security, but at the cost of potential scalability.
The mixers work by pooling the cryptocurrency of a particular user with that of others, in a pool. They then distribute it in smaller amounts to specific addresses, which makes it almost impossible to directly link inbound and outgoing money. The fee for this process is usually 1-3% of total mixed amount.
Coin mixing can enhance transaction security, but it’s also comparable to money-laundering and is illegal under some legal frameworks. Not all cryptocurrency mixers are illegal. These services are used by many users to increase the anonymity of their financial transactions. As the FBI warns, mixers’ inherent anonymity features can be abused to launder money or hide the proceeds of crimes.
Blockaid Fights Drainers
There are people still fighting against crime in crypto. Blockaid, which develops security software for Ethereum Virtual Machines (EVM), recently revealed that it had successfully closed down one cryptocurrency drainer.
Blockaid published a statement by a drainer service that stated they had ceased operation due to Blockaid’s defences. Drainers were advised to move their operations onto networks that are not protected by Blockaid. These include Bitcoin and Solana.
The announcement was made as discussions were underway about “false-positives”, whereby legitimate apps are incorrectly flagged by Blockaid as malicious. Blockaid acknowledges that false positives occur in only a tiny fraction of transactions (0.02%) and that eliminating them would undermine the effectiveness of their system by allowing more malicious applications to run unchecked.
Blockaid has also launched a web portal in response to user and developer concerns. This allows them to submit inaccurate information about its system of flagging.
Lazarus Group LinkedIn scams
On the other hand, the criminals are also learning more as the crypto-industry grows. LinkedIn is being used by the Lazarus Hacker Group, a North Korean-linked group, to conduct targeted malware attacks against crypto assets.
SlowMist, a blockchain security analysis firm, revealed the group was posing as blockchain developers seeking employment in cryptocurrency. They gain trust by convincing victims to allow access to code repositories that contain malware to steal sensitive data and assets.
Lazarus is not the first to use LinkedIn in a malicious way. In December 2023 they used the same strategy, pretending to be a Meta recruiter and distributing malware-loaded challenges. The victims who ran these challenges in their computers unwittingly enabled remote access via a Trojan.
Lazarus, a hacking collective that emerged in 2009, has amassed more than 3 billion dollars in crypto-assets. It continues to target crypto companies aggressively despite numerous sanctions. The group stole $37 million in August 2023 from CoinsPaid, a crypto-payment firm. They used phony job interviews.
The largest heist they have ever committed was in 2022, when the Ronin Bridge attack netted them $625 million. Lazarus uses cryptocurrency mixing services to hide their tracks. They then send the proceeds to North Korea for military purposes.
Comments
Loading…