While bitcoin's decentralization gives many the freedom to transfer assets without risk of censorship, malicious actors also take advantage of the network's inherent privacy to move their stolen funds.
Prior to sanctions issued by the United States Department of the Treasury's Office of Foreign Assets Control (OFAC) in 2022, Tornado Cash was the prominent option for hackers to launder stolen cryptocurrency. According to OFAC, more than $7 billion worth of crypto assets have been laundered using the mixer since 2019. However, new findings from blockchain security firm CertiK show that there has been a shift in 2023.
Data analyzed by CertiK shows that more than $300 million of stolen profits from 50 of the biggest exploits of 2023 ended up in bitcoin, as hackers try to find other places to move their ill-gotten gains after increased regulatory scrutiny towards Tornado Cash.
crypto mixers are protocols used to keep crypto transactions private. The tool combines potentially identifiable funds with large sums of other funds to anonymize transfers between wallet addresses.
Joe Green, head of CertiK's rapid response team, told Cointelegraph that while the decentralization and privacy in bitcoin empower legitimate users, malicious actors can also exploit them for their benefit. Green explained:
“The bitcoin ecosystem is home to a variety of privacy mixers that serve both privacy-conscious users and those with nefarious intentions. (…) Although this scenario presents a challenge, it is important to recognize it as an intrinsic aspect of decentralized systems.”
The shift to bitcoin mixers means that malicious actors are trying to find a way to get rid of Tornado Cash due to regulatory sanctions. CertiK analysis showed that bitcoin mixers like Sinbad, also sanctioned by OFAC, have been the tool of choice for the infamous Lazarus crypto hacking group in 2023.
Related: KyberSwap hacker demands full control over Kyber company
According to CertiK, bitcoin mixers employ a different approach to anonymizing transactions. With mixers like Tornado Cash, the mixer obfuscates the link between the sender and receiver. However, the user can only withdraw the same amount they inserted into a new wallet, minus a fee.
On the other hand, bitcoin mixers allow users to deposit bitcoin and distribute it to multiple wallets at different percentages, making tracking even more complicated.
While Tornado Cash remains a go-to mixer for smaller-scale cybercrimes, CeriK highlighted that incidents involving $50 million or more have been heading toward bitcoin-based laundering solutions. CertiK believes that this may not just be a trend, but also a preview of the challenges ahead in the crypto space.
As cryptocurrency laundering tactics evolve, there is an urgent need for more dynamic countermeasures in the battle against blockchain-based financial crimes. Green explained:
“Perhaps the most effective countermeasure is comprehensive tracking of 'dirty' fund movements. Sharing information with relevant parties, such as exchanges, is also an important step.”
Furthermore, the security professional also believes that it is essential for stakeholders to be aware of the tactics criminals use in order to combat them.
Magazine: HTX hacked again for $30 million, 100,000 Koreans try CBDC and Binance 2.0: Asia Express
