Money from bank hacks rarely gets laundered through cryptocurrencies

SWIFT: "Identified cases of laundering through cryptocurrencies remain relatively small compared to the volumes of cash laundered through traditional methods."
Written by Catalin Cimpanu, Contributor
Image: SWIFT

Despite being considered a cybercrime haven, cryptocurrencies play a very small role in laundering funds obtained from bank hacks; the SWIFT financial organization said in a report last week.

"Identified cases of laundering through cryptocurrencies remain relatively small compared to the volumes of cash laundered through traditional methods," said SWIFT, the organization that runs the SWIFT inter-bank messaging system used by almost all banks across the world to wire funds across borders.

These traditional methods include the use of money mules, front companies, cash businesses, and investments back into other forms of crime, such as drug trade or human trafficking.

Past cases of cryptocurrency use to launder stolen bank funds

SWIFT saud that incidents where hackers laundered money via cryptocurrencies have been rare and far between.

One example listed in the organization's report is the case of a criminal gang who performed an ATM cashout attack. SWIFT says the gang converted the stolen cash funds into cryptocurrency rather than use money mules to buy and re-sale expensive products with the stolen cash, as most other similar groups tend to operate.

Another example is an Eastern European gang who set up their own bitcoin farm in East Asia. The gang used funds stolen from banks to operate the farm, generate bitcoin, and then spent the minted bitcoin in Western Europe. When the gang was arrested, SWIFT said authorities found 15,000 bitcoins valued at USD$109 million, two sports cars and jewelry worth USD$557,000 at the house of the group leader.

Another case where cryptocurrency was used to launder stolen bank funds includes Lazarus Group, a group of hackers operating for the benefit of the North Korean government. SWIFT said the group stole money from banks, converted it into cryptocurrency, moved the cryptocurrency assets across different exchanges to hide its origin, and then converted the crypto-assets back into fiat currency and had it sent to North Korea.

But that's not all. SWIFT also said it seen "some cases" where hackers used stolen bank funds to buy and load prepaid cryptocurrency cards with funds. These are real debit cards that can store cryptocurrency instead of real (fiat) money, and these cards can be used with special ATMs to withdraw cryptocurrency back into fiat currency, or they can be used for real-world card transactions.

SWIFT said several financial platforms in Europe and the UK had been used to load prepaid cards with bitcoin, which were subsequently used to purchase jewelry, cars, and property with stolen funds.

Use of cryptocurrency expected to rise

But SWIFT says these are only edge cases when compared to the number of incidents and the volume of stolen funds that are being laundered through traditional methods.

Nevertheless, SWIFT believes that the use of cryptocurrency for laundering stolen bank funds will rise in the future.

Favorable factors include the growing number of altcoins (alternative cryptocurrencies) that have recently launched and which focus on providing full transaction anonymity.

In addition, criminals are also increasingly seen using services like mixers and tumblers that obscure the source of cryptocurrency transactions by blending stolen/laundered funds with large amounts of other legitimate transactions.

Further, SWIFT also warns about the emergence of online marketplaces where users can sign up with nothing but an email address — hiding their identities — and then purchase high-end products, land, and real-estate assets across the world, such as expensive watches, jewelry, gold bars, fine art, luxury penthouses, and tropical islands.

These three factors provide increased anonymity to criminal groups that traditional methods like money mule gangs and front companies can never provide, and the reason why SWIFT believes more groups will eventually adopt cryptocurrencies to launder stolen bank funds.

Traditional methods reign supreme

Nonetheless, SWIFT says that, for the time being, most stolen bank funds are being laundered through tried and tested techniques.

The stolen funds usually come from (1) attacks on a bank's money transferring system, or (2) attacks against a bank's ATM systems and related infrastructure.

These funds are usually laundered using an assortment of techniques, such as money mules, front companies, cash businesses, cryptocurrencies, and investments back into other forms of crime. Some groups might rely on one technique, while others may combine multiple.

Image: SWIFT

Over time, these techniques have advanced. In its "Follow The Money" report [PDF] last week, SWIFT highlighted the ingenuity of some money laundering tactics that have been recently observed in the wild. Some of these techniques include:

  • The broad use of various categories of money mules. This includes money mules that willingly receive funds into their accounts and then forward it to a criminal, money mules who use fake IDs to open accounts on behalf of hacker groups, money mules who collect money from cashed-out ATMs, and money mules that re-ship items bought with the stolen funds.
  • Increased focus on recruiting money mule from the ranks of young adults seeking to fund higher education and adults recently out of work.
  • The use of legitimate job ads to recruit money mules, sometimes in western countries, with many of these individuals unwittingly working for fake companies set up by criminal gangs.
  • Some criminal gangs sell access to hacked bank accounts, which are then used to launder money without the owner's knowledge.
  • In other cases, some gangs set up legitimate bank accounts to be used as recipients for stolen funds, sometimes months in advance of a hack to give the accounts more legitimacy.
  • In case banks employ a know-your-customer (KYC) policy and apply due diligence when setting up new accounts, some criminal groups recruited insiders at financial institutions to evade or undermine this process.
  • Some gangs also used front companies set up in foreign territories to avoid international sanctions.
  • Most front companies are often set up in jurisdictions that are known for strong banking secrecy laws or for poor enforcement of money laundering regulations (such as the East Asia region).
  • Gangs who handle cash funds stolen from ATMs usually prefer dealing with cash businesses, where they can buy expensive products to be resold later.
  • Casinos are also emerging as an excellent medium for money laundering, as crooks buy betting chips with the stolen funds, and then convert the chips back into fiat currency to obtain a cheque with the casino's name on it, standing for a legitimate transaction/source of the funds.

These and more are detailed in the SWIFT report.

"The aim of this report is to illuminate the techniques used by cyber criminals to 'cash out' so that SWIFT's global community of over 11,000 financial institutions, market infrastructures and corporates can better protect themselves," SWIFT said.

Editorial standards