Despite being considered a cybercrime haven, cryptocurrencies play a very small role in laundering funds obtained from bank hacks; the SWIFT financial organization said in a report last week.
"Identified cases of laundering through cryptocurrencies remain relatively small compared to the volumes of cash laundered through traditional methods," said SWIFT, the organization that runs the SWIFT inter-bank messaging system used by almost all banks across the world to wire funds across borders.
These traditional methods include the use of money mules, front companies, cash businesses, and investments back into other forms of crime, such as drug trade or human trafficking.
SWIFT saud that incidents where hackers laundered money via cryptocurrencies have been rare and far between.
One example listed in the organization's report is the case of a criminal gang who performed an ATM cashout attack. SWIFT says the gang converted the stolen cash funds into cryptocurrency rather than use money mules to buy and re-sale expensive products with the stolen cash, as most other similar groups tend to operate.
Another example is an Eastern European gang who set up their own bitcoin farm in East Asia. The gang used funds stolen from banks to operate the farm, generate bitcoin, and then spent the minted bitcoin in Western Europe. When the gang was arrested, SWIFT said authorities found 15,000 bitcoins valued at USD$109 million, two sports cars and jewelry worth USD$557,000 at the house of the group leader.
Another case where cryptocurrency was used to launder stolen bank funds includes Lazarus Group, a group of hackers operating for the benefit of the North Korean government. SWIFT said the group stole money from banks, converted it into cryptocurrency, moved the cryptocurrency assets across different exchanges to hide its origin, and then converted the crypto-assets back into fiat currency and had it sent to North Korea.
But that's not all. SWIFT also said it seen "some cases" where hackers used stolen bank funds to buy and load prepaid cryptocurrency cards with funds. These are real debit cards that can store cryptocurrency instead of real (fiat) money, and these cards can be used with special ATMs to withdraw cryptocurrency back into fiat currency, or they can be used for real-world card transactions.
SWIFT said several financial platforms in Europe and the UK had been used to load prepaid cards with bitcoin, which were subsequently used to purchase jewelry, cars, and property with stolen funds.
But SWIFT says these are only edge cases when compared to the number of incidents and the volume of stolen funds that are being laundered through traditional methods.
Nevertheless, SWIFT believes that the use of cryptocurrency for laundering stolen bank funds will rise in the future.
Favorable factors include the growing number of altcoins (alternative cryptocurrencies) that have recently launched and which focus on providing full transaction anonymity.
In addition, criminals are also increasingly seen using services like mixers and tumblers that obscure the source of cryptocurrency transactions by blending stolen/laundered funds with large amounts of other legitimate transactions.
Further, SWIFT also warns about the emergence of online marketplaces where users can sign up with nothing but an email address — hiding their identities — and then purchase high-end products, land, and real-estate assets across the world, such as expensive watches, jewelry, gold bars, fine art, luxury penthouses, and tropical islands.
These three factors provide increased anonymity to criminal groups that traditional methods like money mule gangs and front companies can never provide, and the reason why SWIFT believes more groups will eventually adopt cryptocurrencies to launder stolen bank funds.
Nonetheless, SWIFT says that, for the time being, most stolen bank funds are being laundered through tried and tested techniques.
The stolen funds usually come from (1) attacks on a bank's money transferring system, or (2) attacks against a bank's ATM systems and related infrastructure.
These funds are usually laundered using an assortment of techniques, such as money mules, front companies, cash businesses, cryptocurrencies, and investments back into other forms of crime. Some groups might rely on one technique, while others may combine multiple.
Over time, these techniques have advanced. In its "Follow The Money" report [PDF] last week, SWIFT highlighted the ingenuity of some money laundering tactics that have been recently observed in the wild. Some of these techniques include:
These and more are detailed in the SWIFT report.
"The aim of this report is to illuminate the techniques used by cyber criminals to 'cash out' so that SWIFT's global community of over 11,000 financial institutions, market infrastructures and corporates can better protect themselves," SWIFT said.