Where there is data, there can be analysis, and where there can be analysis, there can be revelations that were not readily apparent when events created the data in the first place. Two topnotch crypto research facilities, CypherTrace and Chainalysis, have taken this general statement about data and applied it to the mystery of over $1.7 billion in losses that the cryptocurrency industry and its investors have had to absorb during 2018.
This $1.7 billion figure may pale in comparison to the nearly $640 billion in market capitalization that was lost while crypto valuations suffered a meltdown of monstrous proportions during 2018, but investors understand that market conditions can change. Lost market cap can be regained when positive investor sentiment takes over and values appreciate once more. Fraud losses, however, cannot be recovered. These funds are gone forever, and the nature of these losses can threaten the very integrity of the crypto ecosphere and drive investors to other asset classes overnight.
Each of these firms performed its respective analyses in very different ways. CypherTrace focused on developing a total figure for industry losses by investigating events that they could measure and validate. Chainalysis, on the other hand, leveraged the nature of blockchain technology, which maintains an immutable record of all transaction flows in a fashion that cannot be altered retroactively. Alterations can occur, but only with the consensus of a majority of nodes on the network, an extremely rare possibility. There have been a few “51 Percent Attacks” where hackers have gained control of a network briefly and tried to modify records to their benefit, but the level of resources necessary to take over a network acts as a deterrent.
CypherTrace’s investigation produced a $1.7 billion loss figure for 2018. A full $950 million were due to crypto exchange compromises and the disappearance of coins from investor accounts. The remaining $700 million and change were comprised of an assortment of social media crypto scams, phishing attacks, fraudulent ICOs, and Ponzi schemes.
In its report, the firm also readily admits that the total loss figure that they validated is extremely conservative: “The $1.7 billion number only represents stolen digital assets the firm was able to validate themselves, and they have little doubt that the true number of crypto asset losses is much larger.” Previous press reports have actually put hacking losses after the first three quarters of 2018 at $978 million and suggested that total the losses for the calendar year would easily be in excess of $1 billion.
Dave Jevans, CEO of CipherTrace, noted: “Cryptocurrency criminal activity continues to evolve and accelerate. Fortunately, pending global legislation will hamstring many criminals, global gangs, and terrorist groups by greatly reducing their opportunities to launder. These tough new laws will drive bad actors to not only innovate but also flock to jurisdictions with weak regulatory oversight.”
The analysis performed by Chainalysis came at the issue from an entirely different direction and attempted to determine the “who, what, where, and when related to the explosion of cryptocurrency thefts last year.” Each block in the blockchain leaves an indelible audit trail that can be followed to validate directions of capital flows and the addresses where aggregations may occur. Blockchain anonymity, however, prevents any details as to ownership, a fact that regulators and law enforcement authorities expect to be rectified if and when they board the crypto train, so to speak.
To the astonishment of all, Chainalysis was able to discover that at least $1 billion of total exchange hacking losses to date are the result of two separate hacking gangs, each with its own modus operandi and individual personality. One gang acts with haste and a sense of urgency, while the other waits until publicity has faded before cashing out. In both instances, each firm disguises their movement of funds by layering the activity among multiple exchanges and utilizing as many as 5,000 transfer transactions before converting to fiat currency for ready withdrawal.
The firm claimed that, “Two groups are responsible for stealing around $1 billion to date, at least 60% of all publicly reported hacks.” Each group moved its funds in s very calculated manner, one group within the first month, while the other waited as many as 18 months before employing a “complex array of wallets and exchanges in an attempt to disguise the funds’ criminal origins.”
Chainalysis explained: “A successful laundering scheme involves ‘placing’ criminal funds into the financial system, moving them around or ‘layering’ to avoid detection, and then ‘integrating’ those funds into the real economy, usually through business, to make them look like legitimate profit.” The crooks are clever enough when moving their illicit funds through exchanges to make sure the amounts fall beneath AML benchmarks and that each series of transactions are such that detection mechanisms are not triggered.
Security professionals suspect that major players at this level are not ordinary criminal gangs, but highly sophisticated syndicates working at the behest of nation-states with access to the expertise of engineering arms of national intelligence agencies. These groups are well funded, and experts warn that “Nation-states increasingly view cyber warfare as a cost-effective component of geopolitical and economic competition. Many will enlist and fund the efforts of cybercriminal gangs to create chaos, steal intellectual property, and profit from fraud and extortion by breaching personal data.”
Speculation is that one or both of these gangs belong to the infamous Lazarus Group, known for the Sony Hack and the Wannacry ransomware scare. In October of last year, another cyber research firm, Group-IB, reported that its investigation had revealed that the Lazarus Group had been responsible for $571 million of crypto exchange hacking losses recorded since January of 2018 to the date of their announcement. The group had primarily attacked exchanges in South Korea, which would make sense considering the benefactor of their ill-gotten gains.
Why have cybercriminals focused on cryptos? Per one commentary: “A lead security expert for Google says that “cryptocurrency is like catnip” for cybercriminals due “the instantaneous nature of it, the very, very low transaction fees, the frictionless nature of money moving around,” along with crypto’s pseudonymity.”
At the end of the day, the cryptocurrency industry must come to grips with these hacking gangs and with the fraud that they perpetrate. Whether through self-regulation, the establishment of common security standards, or by government mandate, this issue must be addressed soon or the industry will fail to gain the credibility it needs to attract large institutional investors and acceptance by regulators and government officials across the globe.