While Bitcoin’s decentralization gives many the freedom to transfer assets without the risk of censorship, malicious actors are also taking advantage of the network’s inherent privacy to move stolen funds.
Before being sanctioned by the United States Treasury Department’s Office of Foreign Assets Control (OFAC) in 2022, Tornado Cash was the prominent choice for hackers to launder stolen crypto. According to OFAC, over $7 billion in crypto assets have been laundered using the mixer since 2019. However, new findings from blockchain security firm CertiK show that there’s been a shift in 2023.
Data analyzed by CertiK shows that more than $300 million in the stolen proceeds from 50 of the largest exploits of 2023 ended up in Bitcoin, as hackers try to find other places to move their ill-gotten gains after the increased regulatory scrutiny toward Tornado Cash.
Crypto mixers are protocols that are used to keep crypto transactions private. The tool mixes potentially identifiable funds with vast sums of other funds to anonymize transfers between wallet addresses.
Joe Green, CertiK’s quick response team head, told Cointelegraph that while decentralization and privacy in Bitcoin empower legitimate users, malicious actors can also exploit it for their gain. Green explained:
“The Bitcoin ecosystem hosts a variety of privacy mixers that serve both privacy-conscious users and those with nefarious intentions. [...] While this scenario presents a challenge, it’s important to recognize it as an intrinsic aspect of decentralized systems.”
The shift into Bitcoin (BTC) mixers means that malicious actors are trying to find a way to ditch Tornado Cash because of regulatory sanctions. CertiK’s analysis showed that Bitcoin mixers like Sinbad, which was sanctioned and shut down by U.S. authorities, have been the tool of choice for the infamous crypto hacker group Lazarus in 2023.
Related: KyberSwap hacker demands complete control over Kyber company
According to CertiK, Bitcoin mixers employ a different approach to anonymizing transactions. With mixers like Tornado Cash, the mixer obfuscates the link between the sender and the receiver. However, the user can only withdraw the same amount they inserted into a new wallet, minus a fee.
On the other hand, Bitcoin mixers allow users to deposit Bitcoin and distribute it across multiple wallets in different percentages, which further complicates tracking.
While Tornado Cash remains a “go-to” mixer for smaller-scale cybercrimes, CeriK highlighted that incidents involving $50 million and above have been pivoting toward Bitcoin-based laundering solutions. CertiK believes that this may be a trend and a preview of the challenges ahead for the crypto space.
As crypto laundering tactics evolve, there is an urgent need for more dynamic countermeasures in the battle against blockchain-based financial crime. Green explained:
“Perhaps the most effective countermeasure is comprehensive tracing of movements of ‘dirty’ funds. The sharing of information with relevant parties such as exchanges is an important step as well.”
Furthermore, the security professional also believes that it’s essential for stakeholders to be aware of the tactics that criminals employ so that they can combat them.
Magazine: HTX hacked again for $30M, 100K Koreans test CBDC, Binance 2.0: Asia Express