When the FBI successfully breached a Colonial Pipeline hacker’s crypto wallet by following the money trail on Bitcoin’s blockchain, it was a wake-up call for cybercriminals who thought cryptocurrency transactions would automatically protect them from scrutiny.
One of the key points about Bitcoin is that its public ledger, which stores all token transactions in its history, is visible to everyone. Because of this, more and more hackers are turning to coins like Dash, Zcash, and Monero, which contain additional anonymity.
Monero in particular is increasingly the cryptocurrency of choice for the world’s leading ransomware criminals.
“The more savvy criminals are using Monero,” said Rick Holland, chief information security officer at Digital Shadows, a cyber threat company.
Created in 2014
Monero was released in 2014 by a consortium of developers, many of whom chose to remain anonymous. As stated in his white paper, “privacy and anonymity” are the most important aspects of this digital currency.
The privacy token works on its own blockchain, which hides practically all transaction details. The identity of the sender and recipient as well as the transaction amount itself are concealed.
Because of these anonymity features, Monero allows cyber criminals greater freedom from some of the tracking tools and mechanisms that the Bitcoin blockchain offers.
“On the Bitcoin blockchain you can see which wallet address has been processed, how many Bitcoins, where they come from, where they are going,” said Fred Thiel, former chairman of Ultimaco, one of the largest cryptography companies in Europe Microsoft, Google and others worked on post-quantum encryption.
“With Monero, [the blockchain] obscures the wallet address, the amount of transactions, who the counterparty was, which is pretty much what the bad guys want, “he said.
With Monero, they disguise the wallet address, the amount of transactions, who the counterparty was, which is pretty much what the bad guys want.
CEO, Marathon Digital Holdings
While Bitcoin continues to dominate ransomware demand, threat actors are increasingly demanding Monero, according to Marc Grens, president of DigitalMint, a company that helps corporate victims pay ransom.
“We’ve seen REvil … just in the past few months give discounts or demand payments in Monero,” Holland continued.
Monero was also a popular choice at AlphaBay, a huge underground marketplace that was popular until it closed in 2017.
“It’s almost like we’re seeing a resurgence, at least from a cybercriminal perspective … at Monero because it inherently offers more privacy than some of the other coins out there,” Holland said of the recent surge in popularity from Monero to actors in the ransomware space.
However, there are some major roadblocks when it comes to mainstreaming Monero.
For one, it’s not as liquid as other cryptocurrencies – many regulated exchanges have chosen not to list it due to regulatory concerns, explained Mati Greenspan, portfolio manager and founder of Quantum Economics. “It certainly doesn’t enjoy that much of the recent wave of institutional investment,” he said.
In practice, this means that it is more difficult for cyber criminals to get paid directly in currency.
“If you’re a company and want to get a ton of Monero to pay someone, it’s very difficult,” Thiel told CNBC.
The digital currency could also be more susceptible to regulations on its entry and exit ramps that bridge the gap between fiat cash and crypto tokens.
“I would bet the US and other regulators will shut them down [monero] down pretty hard, “said Thiel.
One way to do this would be to tell an exchange that they risk losing their license if they list Monero.
But while the U.S. government can actually keep Monero in check by marginalizing points of liquidity, Nic Carter, founding partner of Castle Island Ventures, believes that markets that allow peer-to-peer transfers from Monero to Fiat are always difficult to regulate become.
There is also nothing that keeps hackers within the US jurisdiction. Criminals could easily choose to conduct all of their transactions overseas, in places beyond the controls that American regulators might conduct.
Bitcoin still rules ransomware
Cyber insurance is another reason why Bitcoin is still the currency of choice for most ransomware attacks.
“Insurance is so important in this area and insurers often refuse to reimburse a ransom when it is done in Monero,” said former CIA executive Peter Marta, who is now a partner at Hogan Lovell’s cyber risk management firm advises.
“One of the things insurers will always ask about is what kind of due diligence the aggrieved company did prior to paying … to try to minimize the likelihood of the payment going to a company on the sanctions list” explained Marta. .
Traceability is easier to achieve with Bitcoin, as its blockchain reveals the transaction amounts and the addresses of both the sender and the recipient participating in the exchange. There is also an established infrastructure for civil servants to oversee these transactions.
Authorities keep lists of Bitcoin wallets that are tied to various sanction regimes.
While Monero offers a higher level of privacy compared to Bitcoin, Holland points out that threat actors have mastered certain techniques to anonymize transactions in Bitcoin in order to obscure the custody chain.
He says cyber criminals often turn to a mixing or tumbling service where they can combine the illegal funds with clean crypto to essentially create a new type of bitcoin, and then turn to currency swaps.
“Just like you would convert dollars to pounds … you can get to Bitcoin, to Monero, then back to Bitcoin, and then get a Bitcoin ATM card that you can use to easily withdraw dollars,” said Holland.
Although Bitcoin’s blockchain is public, there are still ways to make it difficult for investigators to trace transactions back to their ultimate destination.