Ransomware attackers and cryptocurrency scammers have joined nation-state actors abusing cloud mining services to launder digital assets, new research reveals.
“Cryptocurrency mining is an important part of our industry, but it has a special appeal to bad actors as it provides a way to obtain funds from a completely clean on-chain original source,” says Blockchain Analysis. The company Chainalysis said Said In a report shared with The Hacker News.
Earlier this March, Google Mandiant reported that North Korea-based APT43 was using hash rental and cloud mining services to hide forensic tracks and launder stolen cryptocurrencies “clean.” clarified.
cloud mining service It allows users to rent computer systems and use their hashing power to mine cryptocurrencies without having to manage their own mining hardware.
However, state-state hacking groups aren’t the only real users of such services, according to Chainalysis.
In one instance the company highlighted, mining pools and wallets associated with ransomware attackers were used to transfer funds to “highly active deposit addresses” on anonymous mainstream cryptocurrency exchanges.
This includes $19.1 million from four ransomware wallet addresses and $14.1 million from three mining pools, with the majority of the funds channeled through a network of intermediary wallets and pools.
“In this scenario, mining pools work similarly to mixers in that they obfuscate the origin of the funds and create the illusion that the funds are mining revenue rather than ransomware,” Chainalysis said. It pointed out.
In a sign that this trend is gaining momentum, the cumulative value of assets transferred from ransomware wallets through mining pools to exchanges has increased from less than $10,000 in Q1 2018 to $10,000 in Q1 2023. It skyrocketed to almost $50 million.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join us for an insightful webinar!
That’s not all. Since January 2018, 372 exchange deposit addresses have been found to have received at least $1 million worth of cryptocurrency from mining pools and random amounts from ransomware his addresses.
“Overall, this data suggests that mining pools may play a key role in the money laundering strategies of many ransomware attackers,” Chainalysis said.
Mining pools have also been incorporated into scammer tactics such as: bit club networkBTC, a cryptocurrency exchange founded to facilitate the laundering of illegal Bitcoin earnings and money stolen in the Russian-based Bitcoin mining operation and the infamous Mt Gox hack. It turned out that I had mixed up the assets received from -e.
“Cryptocurrency scammers and money launderers acting on their behalf also use mining pools as part of the money laundering process,” the company said. “Deposit Address [with receipts of at least $1 million worth of crypto from mining pools] Since 2018, it has received just under $1.1 billion in cryptocurrency from scam-related addresses. ”