Image: Akio Kon/Bloomberg via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Advertisement
To counter these criminal groups, Binance said it has expanded its detection and analytics capabilities, which helped it to identify money launderers who "deposit and withdraw to each other to wash the money." The exchange said its approach is to implement its own detection mechanisms to identify suspicious activity and work directly with law enforcement to take down criminal groups.Neeraj Agrawal, the communications director at the cryptocurrency think tank Coin Center, told Motherboard that this operation is a reminder that "over the last decade law enforcement and cryptocurrency companies have become more skilled at tracking the movements of funds through cryptocurrency networks," and that "cryptocurrencies are not necessarily a black box for law enforcement."In the case of the Cl0p money launderers, Binance said its anti-money laundering (AML) detection and analytics program found suspicious activity on Binance.com and was able to follow the money to expand "the suspect cluster." Then, working with blockchain analytics companies, the company found that "this specific group was not only associated with laundering Cl0p attack funds, but also with Petya and other illegally-sourced funds. This led to the identification and eventual arrest of FANCYCAT."The Cyber-Police Department of the National Police of Ukraine, which led the operation against the Cl0p launderers, did not respond to a request for comment. Weaver told Motherboard in an email that the operation shows once again that laundering millions in Bitcoin is very hard, given that by design all transactions on the blockchain are public, "and 'Bitcoin Tumblers' can't and never have worked for large sums." So, he said, criminals attempt to hide inside large exchanges such as Coinbase. However, as this instance shows, some exchanges are getting wise to this and developing tools as well as working with law enforcement to crack down on illegal activity. For Weaver, this operation "will only matter if ALL the exchanges follow through and do this," because otherwise criminals can just move over to a more forgiving exchange, he said. Subscribe to our cybersecurity podcast, CYBER.Do you have knowledge of the inner workings of Cl0p or another ransomware gang? We’d love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, lorenzofb on Wickr and Wire, or email lorenzofb@vice.com