They have been using the technique to move the laundered BTC to Peer-to-Peer (P2P) and Gambling Platforms
More details have now emerged on the Cybersecurity incident that happened last week when social media giant Twitter saw Bitcoin (BTC) scammers hacking into their platform to get access to high-profile accounts of Apple, Amazon CEO Jeff Bezos, Microsoft founder Bill Gates, Tesla CEO Elon Musk, U.S Democratic presidential candidate Joe Biden, and former U.S President Barack Obama, among others.
Posting tweets about fake 5,000 BTC giveaway under the condition that if an individual sends 0.1 BTC to 20 BTC to the contribution address, they were looking to make a quick buck. Blockchain forensics firm Ciphertrace which originally reported the BTC laundering scheme has now detailed the process via which the hackers are trying to launder the BTC bounty.
According to the report, they are using something called a ‘peel chain’ to move the stolen BTC funds to peer-to-peer (P2P) exchanges and crypto gambling sites. Peel Chains are basically made up of chains of wallets that such funds pass through in order to hide their trail of illicitly obtained Crypto. This strategy is apparently favored by hackers from North Korea & Chinese nationals linked to North Korea — CipherTrace estimates that the latter may have laundered more than $100 million using peel chains.
A day earlier, CipherTrace had broken the news that Twitter hackers have established several peel chains to move the laundered crypto funds — where the final destination was P2P marketplaces and gambling platforms. An overview of how these transactions were conducted to obfuscate the movement of the stolen BTC is highlighted below.
Ten of the outbound transactions have consolidated into new addresses, as seen above, giving a full overview of the scammers' laundering pattern (as of 07/17/2020) — CipherTrace
Analysis from the firm noted that amounts ranging from roughly 0.1 BTC to 0.15 BTC being moved to exchanges located in India, the United States, and Turkey. It further revealed that 18 transactions were made by the hackers in total — of which 1 BTC ended up at a regulated crypto exchange in Singapore. Although earlier reports suggested that the hackers were directing stolen funds to crypto mixing services, the scammers seem to have shifted their focus to crypto trading avenues.
For those who are not familiar with crypto mixing services —it is the process of anonymizing a cryptocurrency transaction so that it cannot be linked to previous holders. Once a transaction has gone through a mixing service, the prior addresses associated with the coins are effectively erased. Ciphertrace also identified a transfer to an old Binance cold wallet which the firm believes was intended to troll investigators.
Some good old-fashioned due diligence can prevent bigger losses as we saw in the case of one of the biggest crypto exchanges, Coinbase, blocking $285k worth of Bitcoin from being sent to hackers. According to the report, the crypto exchange blocked 1,100 customers from sending 30.4 BTC to the address associated with the scam. Scammers, however, did end up getting away with a bounty of a total of $121,000 worth of Bitcoin — sent in just over 400 payments.
As hackers get smarter at stealing & laundering funds, tools like ‘Cryptocurrency Real-Time Predictive Risk Scoring’ released by CipherTrace would help crypto exchanges, payment processors & ATM operators to rapidly freeze and investigate suspicious transactions before they are finalized on the blockchain.
Originally Published on Medium