Bitcoin money laundering is hackers’ weapon against authorities
The public side of bitcoin
Gwin has been an expert in cryptocurrency forensics since 2014. He claims that about ten years ago, “everyone thought bitcoin was the strongest thing that ever existed on the deep web”. This was the time when Ross Ulbricht operated Silk Road , one of the most famous virtual drug markets. And for a long time, bitcoin was known as “the hacker ‘s currency ”, “the currency of crime”, “the currency that cannot be traced”.
Starting around 2019, this view of bitcoin began to change, according to the expert. The cryptocurrency has a blockchain – that is, a ledger of transactions – that has always been publicly accessible, and this turned out to be a disadvantage after several apprehensions by the authorities.
“In bitcoin, as in all other DLTs – decentralized technologies that have the public blockchain – the math has to close,” explains Gwin to Tecnoblog . That is, what leaves one part has to arrive at the other part; what doesn’t get there will be the miner’s fee. If you add it all up, the value needs to add up – money cannot disappear, nor can new money be created.
Because of this, it is possible to track these public cryptocurrencies : after all, all blockchain data is open, including the amounts on both sides of the transaction. “So if I’m pretty sure wallet A transferred 2 bitcoins to wallet B, and wallet B doesn’t have 2 bitcoins left, I’m pretty sure those 2 bitcoins went somewhere,” says Gwin.
Blockchain does not show who made a particular transaction, but it can help decipher it. “Today you don’t know if hacker X is called João; only you know that hacker X received BRL 2,429,914.26 from someone else, another entity”, exemplifies Gwin. “So you can perform these correlations, and since the blockchain has a date, you know exactly when the transaction took place.” In addition, it is easy to convert the value to dollars or reais: if you have the date and time, you know the price of bitcoin at that moment.
Why not use alternative to bitcoin?
There are already cryptocurrencies with a private blockchain, such as Verge and Monero , which make this type of tracking difficult. Still, you see hackers continuing to use bitcoin in million-dollar or billion-dollar transactions, which are sure to get the attention of the authorities. Worse: Deep web markets usually do n’t accept Monero, but they do accept bitcoin. It seems kind of pointless: if the person understands that he is probably being tracked, why doesn’t he change?
“Then we run into a liquidity problem ”, observes Gwin. Basically, bitcoin offers much more possibilities to be used, as it is accepted in more places – including exchange offices to exchange for reais, dollars or euros.
For example, if a hacker wants to make a currency conversion of a Verge or Monero, he would be very lucky if he could get $50,000 in one day – “this using all the liquidity in the market, which is absolutely surreal”, notes the expert. to Tecnoblog .
In turn, bitcoin offers absurdly greater liquidity, 100 or 150 times greater. In that case, he could even launder money with many other people; for the “evil hacker” (black hat), it is much more advantageous.
And we get to another point: you can launder money in bitcoin, in a process called mixing . This involves mixing up money – whether legal or illegal – to confuse experts who are tracking the movement of a wallet.
Gwin cites the following example: suppose two people have 2 bitcoins each. They don’t know each other, but they manage to put this money together in a single wallet – in total, there are 4 bitcoins. Then, the mixing process spreads that money across eight different wallets, with 0.5 bitcoin each.
In the end, each person will keep 2 bitcoins; the coins were only redistributed between wallets. But to an outside observer – someone who is tracking these transactions – it will look like the money is with eight different people, all doing some 0.5 bitcoin transaction.
This is called simple mixing , which uses a “pool” with several different monies. The trick here is to transfer the amount in equal amounts to several other wallets, in an amount so large that it confuses tracking.
In another example, we have Maria, who accepts bitcoin in her commerce, pays tax, declares the cryptocurrency to the Federal Revenue – in short, does everything right. On the other side, we have a person selling hacked government information, and for much more money than Miss Maria.
“If you take the money from these two people and put it in a pool, you don’t know which currency is whose,” says Gwin, “so you’re going to have criminal money and legal money.”
The value needs to be redistributed to be used by Dona Maria and the hacker; it can be spread across dozens of different wallets to complicate tracking. All these transactions will be public, but outsiders will be confused.
“In other words, you cannot distinguish in the end which bitcoin belongs to Dona Maria and which bitcoin belongs to the criminal”, concludes Gwin; the only way to know would be, for example, by hacking the program that did the mixing.
What if the criminal doesn’t have a “clean” account of Dona Maria to use? An alternative is post-mixing : here, the money goes through a decentralized protocol that distributes bitcoins among thousands or millions of wallets, in order to make tracking difficult, and then merges it all into a destination wallet.
In post-mixing, several people use a wallet app – such as Wasabi – that promises greater privacy in transactions; this is done by exchanging currencies between accounts automatically. That is, the money goes through a series of very small operations – which are public, but are more difficult to follow.
If a criminal adopts this system, he will have his coins laundered little by little, with people he doesn’t know. Thus, the money is slowly being deposited in its destination, which is the post-mix wallet.
It’s worth noting that these are just a few types of mixing; Gwin claims that there are about 60 distinct methods . As you can imagine, this creates a huge difficulty in investigations, but there are tools that can help.
Clustering, the anti-money laundering tool
One of these tools uses a process called clustering : they are computer programs that can analyze patterns in transactions made with bitcoin in order to try to reverse the mix. “He seeks to create order in the midst of this chaos”, summarizes Gwin.
The expert goes into more detail:
The clustering program tries to understand how different bitcoin transactions are related. He looks ahead, that is, he follows up on how the money is distributed and how it is spent. From these relationships, the software tries to look back, that is, to understand where the money came from . “It will suggest possible paths that a criminal might have taken,” explains Gwin.
For example, imagine that a hacker broke into a US brokerage and stole customers’ money. We know the destination of this stolen money, which would be the hacker’s wallet. With this starting point of the investigation, the clustering program does its analysis and tries to go back to the past: has this wallet ever been used? Have you had any relationship with other wallets? Have you ever received or sent money to other wallets?
With that, you could find out that this same hacker broke into another brokerage in Egypt, was involved with Anonymous in Rio de Janeiro, is receiving money from criminal organizations, and so on.
From bitcoin to other cryptocurrencies
There are other ways the hacker can confuse tracking, such as when exchanging bitcoin for ether or another cryptocurrency. In this case, financial information becomes cross-chain, that is, it lives on multiple blockchains.
This exchange typically involves a brokerage firm, who could help with the investigation. “We pray for the hacker to be kind of dumb and send the bitcoins to some brokerage we know”, says Gwin to cryptosp. If the individual sends bitcoin to an exchange, it is certain that he has an account there (otherwise he would basically be leaving a donation, which would make no sense).
And it’s worth noting that not everyone on the deep web is a security and privacy expert . “It’s not just about hackers that the deep web is made”, recalls Gwin; “there are many other criminals who do not understand anything about computing, computing”. They are people more interested in having a place for illicit transactions, without worrying so much about hiding.
“The problem is that the hacker, when he is good, he is not stupid”, laments Gwin. And there are decentralized exchanges – like Bisq – with a huge level of privacy, which don’t require documents or keep your IP; “It’s as if it were just a protocol and not a company”, says the specialist.
That doesn’t put an end to this cat and mouse race. For example, if the hacker has bitcoin and buys ether on Bisq, bitcoin still exists – but in someone else’s hands. In this case, you can follow close values, at the same time or in the same minute, appearing in other cryptocurrencies in the broker’s wallets.
All these techniques show how bitcoin can help fight crime . “This is bizarre,” says Gwin, “if you remember that, a little while ago, bitcoin was the perfect murder weapon from a hacker’s point of view. It was the best thing on the deep web to make money, that is, to make the deep web continue to exist.”
A curiosity: the specialist identifies himself only as Gwin because “the job requires hiding the name due to possible reprisals from criminals”. He explains that he used that nickname to access online games and then kept the nickname to explore the deep web.