Cryptocurrency for several years has been pointed to as a key enabler of ransomware groups, allowing their ransoms to be paid in Bitcoin or Ethereum or some other virtual tokens that are difficult to trace, can be hidden and laundered through such means as crypo mixers, can move easily across borders, and allow bad actors to remain anonymous.
“Cryptocurrencies – which allow criminals to quickly extort huge sums of money, can be anonymized and do not have consistently enforced compliance with regulations, especially for foreign-based attackers – have further enable cybercriminals to commit disruptive ransomware attacks that threaten our national and economic security,” U.S. Senator Gary Peters (D-MI) said in a statement in 2022 after a Congressional report on the issue was released.
“You now have a possibility to move millions of dollars worth of cryptocurrency across national boundaries in seconds,” Yonatan Striem-Amit, a co-founder of cybersecurity vendor Cybereason and at the time its CTO, told NPR in 2021. “It really is a very powerful tool in the hands of criminals to perform money laundering, to shift currency from one state to another in a way that’s in a sense untraceable and definitely uncontrollable.”
Elliptic, a blockchain analysis company that counts law enforcement agencies, regulators, and financial analysts among its customers, said it is using a deep learning model, new AI techniques, and a massive dataset to better detect and track money laundering on a Bitcoin blockchain. The company is leveraging advances in graph neural networks (GNNs), which can be used to process data that can be represented as graphs and have been used in such cases as drug discovery, computer vision, and natural language processing.
In a study conducted with the MIT-IBM Watson AI Lab, Elliptic researchers focused on subgraph representations, a learning technique used to analyze local structures or shapes within a complex network, and applied it to the analyzing illicit activating and money laundering on a blockchain.
“Rather than identifying transactions made by illicit actors, a machine learning model is trained to identify ‘subgraphs,’ chains of transactions that represent bitcoin being laundered,” the company wrote in a blog post. “By identifying these subgraphs rather than illicit wallets, this approach allows us to focus on the ‘multi-hop’ laundering process more generally rather than the on-chain behavior of specific illicit actors.”
While the use of cryptocurrency allows bad actors to remain anonymous, blockchains transparent with their transactions and the types of entities that are conducting them, unlike traditional financial systems with siloed transaction data.
“Whereas the pseudonymity of Bitcoin is an advantage for criminals, the public availability of data is a key advantage for those within law enforcement agencies and financial institutions looking to identify and investigate financial crime,” the researchers wrote in the study.
The aim of the study was to show how anti-money laundering firms and investigators can use datasets that can identify subgraphs they’d being interested in, allowing them to separate the majority of subgraphs that show Bitcoin flows run by licit services and those that include anomalous markings of activity associated with money laundering.
To help do this, Elliptic created a massive, large-graph dataset of almost 200 million transactions. The dataset, dubbed Elliptic2, included 122,000 labeled subgraphs of Bitcoin clusters in a background graph of 49 million node clusters and 196 million edge transactions, the researchers wrote.
By contrast, five years ago, Elliptic – in a similar study that involved the MIT-IBM Watson AI Lab and using a machine learning model for detecting illicit Bitcoin transactions used by ransomware and other threat groups – used a dataset known as Elliptic1 of more than 200,000 transactions.
The researchers worked with a crypto exchange to test the new technique to see whether money laundering transactions could be identified. The technique found that 52 subgroups that were deemed to be laundering money, only 14 of which had been flagged by the exchange.
“Importantly, the exchanges insights were based on off-chain information, suggesting that the model can identify money laundering that would not be identifiable using traditional blockchain analytical techniques alone,” the company wrote.
In addition, the AI model not only picked up on a known laundering pattern known as “peeling chains,” where a crypto user sends – or “peels” – a small amount of digital assets to one address and the rest to another address under the user’s control, it also detected novel patterns, such as using intermediary “nested services.”
“Nested services are businesses that move funds through accounts at larger cryptocurrency exchanges, sometimes without the awareness or approval of the exchange,” the researchers wrote. “A nested service might receive a deposit from one of their customers into a cryptocurrency address, and then forward the funds to their deposit address at an exchange.”
The model also could detect previously unknown illicit crypto wallets based on the way funds from the wallets were being laundered, which they wrote could be used by law enforcement, financial regulators and blockchain analytics firms to more quickly identify such wallets.
Elliptic said is making its dataset publicly available to help others create techniques for detecting illicit crypto transactions.
This will be important as the threat of ransomware and other financially motivated cybercrimes grows. Blockchain analysis firm Chainalysis in a report this year called 2023 a “watershed year for ransomware,” noting that that amounted collected by bad actors through ransom payments reached $1.1 billion, surpassing the previous record in 2021 of $983 million.
The FBI and other law enforcement agencies have been successful tracking stolen digital assets through the blockchain world, including last year, when the agency said it had caught up with crypto stolen by threat groups connected to North Korea. Affiliates connected to the group TraderTraitor were responsible for stealing hundreds of millions of dollars in crypto from such victims as Alphapo, Atomic Wallet, CoinsPad, and Harmony’s Horizon bridge.
The FBI also has been able to shut down several crypto mixers, which are services that blend ill-gotten digital assets with other cryptocurrency to obscure its origins. For example, stolen Bitcoin can go into a mixer along with other tokens and come out as Ethereum, Monero, or combinations of crypto.
Recent Articles By Author