Bitcoin cryptocurrency is regularly criticized by regulators for its illegal uses, but the transparency of its network can work against criminals, as Darkside hackers have learned the hard way.
These hackers, who had received a giant ransom from the oil company Colonial Pipeline of 4.4 million dollars, paid in bitcoins, saw the equivalent of 2.3 million dollars seized by the authorities disappear. their financial transactions, Deputy Justice Minister Lisa Monaco said on Monday.
“Tracking money is one of our most basic methods, but also the most effective,” Monaco said at a press conference.
How did the US authorities track these transactions, when bitcoin is sometimes described as a decentralized and anonymous network?
For a classic bank payment, the police can turn to the bank that sent or received the money, but for bitcoin, the ledger that records these transactions, a blockchain or “blockchain”, does not ask users to reveal their identity.
On the other hand, this “blockchain” is also public: anyone can download it, observe their transactions and then try to guess who owns the anonymous addresses where the bitcoins arrive.
If some users put their bitcoins safe in an offline wallet, for example on a USB key or on a hard drive, those of Darkside were still linked to an online account, the key of which the American authorities claim to have recovered. , without specifying if they hacked the hackers’ account or if an informant sent them this sesame.
-350 million dollars in ransoms-
In 2019, the analysis of the “blockchain” had allowed the British and American authorities to dismantle a child pornography network and to arrest more than 300 people in 38 countries.
Complex transaction tracing has become a real industry. Firms specializing in crypto-asset blockchain analysis have developed, such as Chainalysis in the United States or Elliptic in the United Kingdom.
According to a Chainalysis report in February, cryptocurrency transactions for illegal purposes reached $ 10 billion in 2020, or 1% of total cryptocurrency activity last year and half as much as the year before. when these activities had reached a record high of $ 21.4 billion.
“Cryptocurrencies remain attractive to criminals, mainly because of their anonymity and the ease of sending funds around the world, despite their transparent and traceable nature,” explains the firm.
The number of ransoms paid in cryptocurrencies had already soared in 2020 to reach nearly 350 million dollars.
Elliptic analysts believe they have identified the bitcoin wallet that received the ransom paid by Colonial Pipeline to Darkside and ensure that at least another payment of $ 4.4 million had been made.
Importantly, transaction analysis can help identify bitcoin sales platforms to which the wallet returned ill-gotten bitcoins.
“This information will give law enforcement crucial leads in identifying perpetrators,” Elliptic researcher Tom Robinson wrote in a note.
Market regulators have put pressure on cryptocurrency trading platforms. Many of them, like Coinbase, now require their users to disclose their identity before making transactions.
But other platforms don’t follow the same rules.
Both Elliptic and Chainalysis point to the growing role of Hydra, a sales site for Russian-speaking customers, accessible via the darknet, a version of the web not referenced on search engines and where users can remain anonymous.
“Hydra offers to withdraw money as well as drugs, hacking tools or fake ID,” says Robinson.
Using both sites like Hydra and cryptocurrency, Darkside hackers have reportedly already resold some of the ransomed bitcoins.
As the price of bitcoin has soared in recent months (+ 240% to nearly $ 33,000 on Tuesday afternoon), regulators are adjusting their strategies.
The Bank of England said on Monday that payments in stablecoins, these fixed-price cryptocurrencies, should be regulated with the same rigor as bank payments.