Over $150 million in funds were compromised in a recent security breach of an Asian cryptocurrency exchange when one or more hackers obtained secret keys to the exchange’s hot wallets.
?ryptocurrency wallets remain vulnerable to hacking, even with measures taken to minimize the risk. Here are the measures typically employed:
- Cold and hot wallets – Most of the funds are kept in a cold wallet that is protected by increased security measures. For example, the wallet is not connected to the internet and is not used in frequent, routine transactions. The hot wallet is theoretically open to attack and stores only a small portion of the total funds, preventing the destruction of the company if lost in a hack.
- Multisignatures – Where technologically possible, wallets are set up to use multisignatures, and the keys for signing are dispersed. To withdraw funds from such wallets, you would need confirmation from several unrelated people or systems.
- Monitoring – If a hack has occurred, it needs to be noticed and responded to as fast as possible. A timely response can stop the hack and minimize losses.
- Anti-money-laundering measures – If the hack has already happened and the funds have been withdrawn, there is a chance of recapturing or freezing part of the money. This requires a coordinated response from the companies and participants in the community.
The money-laundering process is especially interesting and unusual in the crypto world compared to the traditional world of finance.
When the theft is from a bank account, the criminal will try to weave a complex web of transfers, through various countries and payment systems, to complicate efforts to freeze the funds. Any bank and payment system can block the account or even cancel transactions, and it’s important how quickly the transactions and accounts the criminal uses can be tracked and how well financial institutions cooperate with each other to fight money laundering. The most important factor is the ability to freeze funds, which is almost always an option in the world of traditional finance.
When the theft is in cryptocurrency, there is a common belief that it’s impossible to stop or even track the subsequent movement of cryptocurrency funds, but that’s not quite the case. Just like in traditional finance, the criminal will try to make complex transactions as fast as possible, to make tracking and freezing the funds harder.
What methods do criminals use to launder crypto assets after stealing them?
- Mixers – These are special services (often not entirely legal) that “mix” crypto from different users to make tracking more difficult. Exchange wallets are sometimes used as a simple and cheap mixer. For example, a criminal deposits funds to an exchange and immediately withdraws them, thereby mixing their cryptocurrency with that of other users on that exchange.
- Crypto asset conversion – Criminals rapidly convert one cryptocurrency to another to break the chain and cover their tracks. The recent hack is interesting in that the conversion of stolen funds was done through decentralized DeFi exchanges, specifically Uniswap. This is the first high-profile case of money-laundering via DeFi.
- Fictitious use of services – Criminals use real services (lotteries, cryptocurrency lending, etc.), imitating some kind of real activity, complicating tracking and receiving “clean” money from these services. This is, however, a lengthy and painstaking process.
- Distribution to frontmen – Once the laundering process is complete, criminals try to break the total into a lot of small amounts and use a group of frontmen to withdraw the funds.
What measures are put in place to fight money laundering in cryptocurrencies?
- If the crypto assets pass through cryptocurrencies that are not entirely decentralized, which have a single controlling body, the companies cooperate to block the crypto wallet or transaction, or even cancel the transaction. This is theoretically possible in a network like the XRP Ledger. This is even possible in decentralized blockchains that have an influential team, like what happened in the Ethereum network when a fork led to the creation of Ethereum Classic. In the Bitcoin network, this is only possible if you manage to convince a majority of the miners. In practice this is nearly impossible, and the likelihood that this could happen in the Bitcoin network is extremely low.
- Companies cooperate, marking individual transactions and wallet addresses as suspicious. If the funds pass through centralized, legal exchanges willing to partner in the fight against money laundering, such funds may be frozen until an investigation is complete.
- If the funds pass through stablecoins backed by centralized companies, those companies could block the funds or refuse to exchange the stablecoins for fiat. Another interesting measure is that the company can announce that specific addresses are illegal and so are all funds that have passed through them, and that it will refuse to give out fiat for any stablecoins that have passed through such addresses. This motivates all other exchanges to block funds that come from such addresses. This has happened before with USDT.
- Exchanges typically treat funds that come from mixer services as highly suspicious. The funds are frequently blocked, and the user is asked to provide confirmation of the funds’ provenance.
- Companies use services that analyze cryptocurrency transactions that can track through even very convoluted transaction chains and mixers. Among the services frequently used are Chainalysis and Crystal.
Dmytro Volkov
CTO at CEX.IO. Over 15 years’ work experience in IT, including over 10 years in financial markets. Author of trainings on financial and tech topics. Speaker at industry-wide conferences.
Check Latest Headlines on HodlX
Follow Us on Twitter Facebook Telegram
Check out the Latest Industry Announcements
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Featured Image: Shutterstock/Mehaniq