In its latest “Strategic Alliance Bulletin,” auditing firm PwC (formerly-known-as PricewaterhouseCoopers) has countered the sanguine narratives in crypto by stating unequivocally:
“Cryptocurrency has increasingly been associated with serving criminal and nefarious purposes, rather than supporting the decentralisation of ‘traditional’ currency.”
That said, the company does not provide any metrics regarding the size of purported crypto “social good” phenomena for the sake of comparison.
The report, rather, focusses entirely on illicit use of crypto, which, PwC says, is growing:
“The use of digital currencies to launder illicit money is a growing trend for threat actors, likely a result of their inherent decentralised and anonymous qualities.’
This conclusion is based on data from law enforcement, says PwC:
“Europol estimates that approximately EUR 3 – 4 billion of criminal proceeds is being laundered in Europe annually through cryptocurrencies. The FBI also reports that digital currencies, including those mentioned above, are widely used for money laundering.”
PwC’s “Strategic Alliance Bulletin” focusses particularly on money-laundering on the WEX (formerly BTC-e) crypto trading platform:
“We identified this Iranian money laundering operation as having links with currency exchange WEX (previously known as BTC-e). WEX is most notably known for its alleged involvement in the threat actor tracked by PwC as Blue Athena, and being made since 20i4…”
The software was deployed against numerous hospitals, businesses and institutional targets in the US, including the Port of San Diego.
The two Iranian suspects, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, allegedly collected over $6 million dollars during the course of their SamSam ransomware extortions.
In these attacks, malware (usually deployed through infected emails) was used to lock (encrypt) data on targeted systems. Hackers then demanded a ransom, usually paid in bitcoins, to unlock the data.
PwC says that WEX and was used to launder extorted funds:
“We have also identified threat actors are using lesser-known currency exchanges to facilitate operations, likely as a way to bypass compliance programmes of more prominent exchanges.”
Payment platforms like IranVisaCart -and even Paypal- have already proven interesting to criminals, says PwC, who may use them, in conjunction with crypto, to facilitate money laundering:
“A forum post from 2013 promotes IranVisacart services, which include the buying and selling of WebMoney, Perfect Money, Bitcoin, and offering other payment facilitating mediums like PayPal. Analysis of cyber criminal market places, specifically hackforums[.]com, identified that PayPal-bitcoin swaps are some of the most desired by cyber criminals.”
PwC says much of the $6 million collected by the SamSam hackers was processed on WEX, ” a cryptocurrency exchange that emerged after US and Greek authorities shut down the BTC-e cryptocurrency exchange in 2017 and arrested a Russian national, Alexander Vinnik, who was the exchange’s administrator.”
BTC-e has since been named as one of the exchanges that processed bitcoins for Russian intelligence, bitcoins used, among other things, to fund attacks on the American Democratic Party as part of Russia’s 2016 national election-interfere strategy:
“Another notable association with BTC-e is its apparent use by Russia’s Main Intelligence Directorate of the General Staff (GRU) to transfer bitcoin. According to a company that investigates illicit activities in cryptocurrencies, bitcoin was traced from BTC-e and another lesser-known currency exchange, believed to be based in Slovakia, to a central wallet controlled by GRU Unit 26165, which PwC tracks as Blue Athena…The investigators’ methodology is based on information found in a US DOJ indictment filed against members of GRU Units 26165 and 74455…This indictment lists the specific date and amount of a bitcoin transferred by the GRU, which allows the transaction on bitcoin’s public blockchain to be identified.”
Besides, assisting the GRU, says PwC:
“BTC-e is known for its involvement in laundering approximately USD 4 billion and is responsible for cashing out 95% of all ransomware payments made from 2014 to 2017 – of which USD 1.9 million came from SamSam ransomware.”
PwC advises that paying crypto ransoms is generally regarded as bad practice and should only be paid in cases where lives are at risk.
Paying crypto ransoms, says the firm, so can also put organizations at risk of running afoul of money transmission laws.