Chainalysis: Two Professional Groups Behind Majority of Lucrative Cryptocurrency Exchange Hacks

In its latest “Crypto Crime Report,” blockchain forensics firm Chainalysis says that two groups are responsible for 60% of hacks on cryptocurrency exchanges, the most lucrative types of crypto hacks by far:

“Hacking dwarfs all other forms of crypto crime, and it is dominated by two prominent, professional hacking groups. Together, these two groups are responsible for stealing around $1 billion to date, at least 60% of all publicly reported hacks. And given the potential rewards, there’s no question hacking will continue; it is the most lucrative of all crypto crimes.” [emphasis added]

The two groups traced by Chainalysis stole close to $100 million USD per hack:

“The hacks we traced from the two prominent hacking groups stole an average of $90 million per hack.”

Chainalysis calls the two hacking groups “Alpha” and “Beta”:

“Alpha, is a giant, tightly controlled organization partly driven by nonmonetary goals. They appear as eager to create havoc as to maximize profits. Alpha seems much more sophisticated, expertly shuffling funds around in a way that suggests they want to avoid detection.”

“Beta, seems to be a less organized and smaller organization absolutely focused on the money. They don’t appear to care very much about evading detection, just about getting a clear route to convert illicit assets to clean cash.”

Both hackers “move fast, cashing out the majority of funds within three months of an attack…(with Alpha) creat(ing) complex patterns of transactions to hide their activity.”

Because Beta, “bides its time but does far less to obscure the source of its assets,” it seems that Chainalysis is referring to Alpha when it says that “…hackers typically move stolen funds through a complex array of wallets and exchanges in an attempt to disguise the funds’ criminal origins. On average, the hackers move funds at least 5,000 times.”

Hackers also, “often observe a quiet period of 40 or more days in which they don’t move funds, waiting until interest in the theft has died down. Once they feel safe, they move quickly. At least 50% of the hacked funds are cashed out through some conversion service within 112 days, and 75% of the hacked funds have been cashed out within 168 days.”

Alpha is relatively quick-stepping:

“Transaction analysis shows that Alpha typically steals funds and immediately begins to shuffle them around rapidly. Alpha is skilled at moving money around, with an extremely high average number of transfers (up to 15,000 movements in one of the traced hacks). Alpha also moves relatively quickly, converting up to 75% of stolen assets to cash within 30 days.”

Beta, on the other hand:

“…Bides its time but does far less to obscure the source of its assets. This group steals funds and then sits on those funds for 6 to 18 months before they cash out. And then, when they feel ready to cash out, they quickly hit one exchange, cashing out over 50% of funds within days, about $32 million in one instance.”

The chart here, courtesy of Chainalysis, shows different patterns of hack proceeds-shuffling used by Alpha and Beta

Because funds are typically stolen from one exchange and then sold on another, Chainalysis suggests that exchanges “work together to contain the damage”:

“As other exchanges tend to be the main cash-out point, the industry can chip away at the success of these sophisticated hackers through greater coordination… A working knowledge of how hackers move funds can equip legitimate participants to identify unusual spikes in transactions that may be tied to criminal activity. Cooperation between exchanges also goes a long way to help fight crime in this ecosystem. Neutral intermediaries between exchanges can play an important role in this effort.”

Sponsored Links by DQ Promote


Send this to a friend