Two hacker groups are behind 60% of all publicly reported cryptocurrency exchange hacks and are believed to have stolen around $1 billion worth of cryptocurrency, according to a report published last week by blockchain analysis firm Chainalysis.
"On average, the hacks we traced from the two prominent hacking groups stole $90 million per hack," said Chainalysis.
The company has been tracking these two groups for years. It's currently tracking the biggest group under the codename of Alpha, and the second, smaller group, as Beta.
Experts say Alpha "is a giant, tightly controlled organization at least partly driven by non-monetary goals."
Beta, on the other hand, is a "less organized and smaller organization absolutely focused on the money."
Chainalysis says that once the two groups breach exchange portals and steal funds, they move the stolen currency through a complex network of wallets and exchanges in an attempt to disguise their origin. On average, the company says the two hacker groups move funds at least 5,000 times.
The hackers then wait for a while until things quiet down, and then they proceed to cash the stolen funds by converting them to fiat (real-world) currency. The average cooldown period is around 40 or more days, Chainalysis said.
"Once they feel safe, they move quickly," experts said. "At least 50% of the hacked funds are cashed out through some conversion service within 112 days, and 75% of the hacked funds have been cashed out within 168 days."
- 5 ways to enforce company security (TechRepublic)
- Data breaches can sucker-punch you. Prepare to fight back (CNET)
Of the two, Alpha is the one who puts more effort into hiding the funds through a storm of blockchain transactions, and also the quickest of the groups to cash out funds.
According to Chainalysis, Alpha sometimes disguises hacks behind 15,000 transactions and usually cashes out up to 75% of the stolen funds within 30 days.
Beta does far less to obscure the source of its assets and usually sits on funds for 6 to 18 months before they cash out.
The full Chainalysis report is available here, along with information on a recent wave of Ethereum scams and an analysis of the resilience of some Dark Web marketplaces.
Chainalysis is a company famous for its blockchain investigations. Back in 2017, Chainalysis experts worked with Google to track down ransomware Bitcoin payments. The two companies discovered that 95% of all ransomware payments made since the start of 2014 were converted into fiat currency via the BTC-e exchange portal.
Another report released last week by rival blockchain analysis firm CipherTrace also revealed that hacker groups stole roughly $1.7 billion worth of cryptocurrency during 2018 alone.
- LocalBitcoins blames security breach on forum 'third-party software'
- Security flaws found in 26 low-end cryptocurrencies
- New ransomware strain is locking up Bitcoin mining rigs in China
- Europol arrests UK man for stealing €10 million worth of IOTA cryptocurrency
- $145 million funds frozen after death of cryptocurrency exchange admin
- Cryptopia cryptocurrency exchange pulled offline due to security breach
- No, blockchain isn't the answer to our voting system woes CNET
- Blockchain and biometrics: The patient ID of the future? TechRepublic