Two hacker groups are behind 60% of all publicly reported cryptocurrency exchange hacks and are believed to have stolen around $1 billion worth of cryptocurrency, according to a report published last week by blockchain analysis firm Chainalysis.
The company has been tracking these two groups for years. It's currently tracking the biggest group under the codename of Alpha, and the second, smaller group, as Beta.
Experts say Alpha "is a giant, tightly controlled organization at least partly driven by non-monetary goals."
Beta, on the other hand, is a "less organized and smaller organization absolutely focused on the money."
Chainalysis says that once the two groups breach exchange portals and steal funds, they move the stolen currency through a complex network of wallets and exchanges in an attempt to disguise their origin. On average, the company says the two hacker groups move funds at least 5,000 times.
The hackers then wait for a while until things quiet down, and then they proceed to cash the stolen funds by converting them to fiat (real-world) currency. The average cooldown period is around 40 or more days, Chainalysis said.
"Once they feel safe, they move quickly," experts said. "At least 50% of the hacked funds are cashed out through some conversion service within 112 days, and 75% of the hacked funds have been cashed out within 168 days."
Of the two, Alpha is the one who puts more effort into hiding the funds through a storm of blockchain transactions, and also the quickest of the groups to cash out funds.
According to Chainalysis, Alpha sometimes disguises hacks behind 15,000 transactions and usually cashes out up to 75% of the stolen funds within 30 days.
Beta does far less to obscure the source of its assets and usually sits on funds for 6 to 18 months before they cash out.
The full Chainalysis report is available here, along with information on a recent wave of Ethereum scams and an analysis of the resilience of some Dark Web marketplaces.
Chainalysis is a company famous for its blockchain investigations. Back in 2017, Chainalysis experts worked with Google to track down ransomware Bitcoin payments. The two companies discovered that 95% of all ransomware payments made since the start of 2014 were converted into fiat currency via the BTC-e exchange portal.