Dmitry Volkov, technical director of CEX.IO comments
Cryptocurrency wallets, includingbelonging to exchanges are subject to hacking risks,despite all measures to minimize them. The recent major hack of the KuCoin exchange, which led to losses of $150 million, once again reminded us of the security problems of cryptocurrency services and the industry as a whole. After hacks, hackers very often manage to launder and cash out stolen crypto assets.
The process of money laundering after theft is especially interesting in the world of cryptocurrencies compared to the classical world of finance.
If the theft occurred from a bank account, thenthe attacker tries to make confusing bank transfers using different countries, different payment systems, in order to complicate the freezing of funds. Any bank and payment system can block an account or even cancel a transaction. Therefore, it is important how quickly the transactions and accounts used by the criminal for laundering are tracked and how financial institutions cooperate with each other to combat money laundering. The main thing here is the very possibility of blocking accounts before withdrawing money from them. It almost always exists in the world of classical finance.
Stop and even track the movement of the stolencryptocurrencies are usually extremely difficult. Just like in classical finance, an attacker tries to complete intricate operations as quickly as possible in order to make it difficult to track and freeze cryptoassets. But in some cases, it is possible to identify and stop the transactions of criminals in time.
What techniques do hackers use to launder stolen cryptocurrencies?
Mixers
These are special services, usually not entirelylegal ones that “mix” the cryptocurrencies of different users to complicate tracking. Exchange wallets are sometimes used as the simplest and cheapest mixer. An attacker can place cryptocurrency on an exchange and immediately withdraw it. In the exchange wallets, the stolen tokens are mixed with the tokens of other users, and upon successful withdrawal, the criminal receives a “clean” crypto asset.
Conversion to other crypto assets
Attackers are actively converting onecryptocurrency to another to break the chain of transactions and make tracking more difficult. The recent KuCoin hack is interesting because the conversion of stolen tokens was carried out through decentralized exchanges (DEX), including Uniswap. This is the first high-profile case of money laundering through DeFi. Often there is a conversion into anonymous cryptocurrencies, which are much more difficult to track.
Fake use of services
An attacker can use realservices (lotteries, loans in cryptocurrency, etc.) imitating some real activity, complicating tracking and receiving already “laundered” money from these services. But this is a rather long and painstaking process.
Assignment to figureheads
At the last step, attackers try to break the total amount into many small ones and use a group of dummies to cash out money in different ways.
As you know, the best solution to the problem is herprevention. To protect against hacks and minimize losses, exchanges have to build a comprehensive security system and strictly monitor compliance with all the rules. The following methods are usually used:
Cold and hot wallets
The bulk of cryptocurrencies are stored coldwallet with enhanced security measures. Such a wallet is not connected to the Internet and is not used in normal transactions. Any hot wallet is theoretically susceptible to hacking, and it stores only a small portion of assets, the loss of which will not destroy the company.
Multi-signature wallets
If technically possible, wallets are usedis multi-signed and the signing keys are distributed. In order to withdraw funds from such a wallet, confirmation from several unrelated people or systems is required.
Monitoring
If a hack occurs, it needs to be noticed and responded to as quickly as possible. A timely response can stop hackers from working and minimize losses.
Service interaction
If a hack has already occurred and crypto assets are withdrawn from the exchange, there is a chance to return or freeze some of the money. This requires coordinated interaction between companies and community members.
Read the full material here.
Read this:
Tinkoff Investment Blog | Honestly about crypt
Blog of the company GC “FINAM” | Corporate blog "FINAMA"!
TradingView Blog | Surprisingly similar situation
TradeLog Blog | Ferrum Token Analysis (FRM).
CEX.IO company blog | RESULTS OF THE WEEK (August 3-9): Markets slightly corrected after a sharp rise
TVT Expert Blog | ? The cryptocurrency market is being dispersed