Between July 2020 and June 2021 alone, ransomware activity increased by as much as 1070%, according to a recent Fortinet report, while other researchers confirmed the prevalence of this type of ransomware. Imitating the dominant business model in the legitimate technology world, ransomware-as-a-service portals have emerged in the dark corners of the web, institutionalizing the shady industry and lowering the skill ceiling for experienced criminals. This trend should be a wake-up call for the cryptocurrency ecosystem, especially given that ransomware attackers are skilled at making payments in cryptocurrencies.
However, an industry that once was the Wild West now assumes a more regulated environment. Slowly but surely entering the mainstream, some of the largest centralized exchanges (CEXs) are now appointing high-profile financial crime investigators to monitor their efforts against money laundering.
The problem is that not all exchanges are the same. The central exchange works in much the same way as the traditional business structure, but that does not mean that they are all now in line to get the right AML. Things get even more complicated with decentralized exchanges (DEX), which, to put it bluntly, are not as decentralized as the name implies, but love to claim otherwise. In most cases, DEXs have little or no Know Your Customer (KYC) targets that help users navigate coins and blockchains when they fit, leaving little footprint. While some of them may use various analytics services to verify wallet data, hackers may try to bypass those who use mixers and other tools.
Related topics: DAOs should be completely independent and decentralized, but are they?
When it comes to ransomware cash flow, both DEX and CEX are in the spotlight, but criminals use them for different purposes. According to a recent report from the US Financial Crime Enforcement Network, criminals use DEX, along with shuffling services, to launder ransom money from one client, move it from address to address and from one currency to another. For their part, CEXs often serve as a starting point for criminals, allowing them to convert coins into fiat currencies.
Related topics: Cryptocurrency under crossfire: US regulators interested in the crypto industry
No one likes to move stolen money through your network, and sometimes it has consequences. Only in September did the US Treasury Department sanction OTC broker Suex for actively facilitating money laundering. The exchange was included in Binance, although the company said it left the Suex platform long before the Treasury Department appointed it based on its own “internal guarantees.”
The development should be a wake-up call for CEXs and DEXs worldwide as it applies the domino effect of US sanctions on the cryptocurrency ecosystem. A sanctioned entity may be conveniently located in its jurisdiction, but in today’s interconnected world, US sanctions discourage operations involving foreign agents who may want to do more. It does not just have to include Binance – it can include any legitimate business with presence and interests in the US, the same goes for hosting providers, payment processors or anyone who manages the target company’s daily business operations.
Hypothetically, sanctions can indirectly affect decentralized organizations in a number of ways. Decentralized projects usually have core development teams attached, which require the possibility of individual responsibility. In the future, with enough scrutiny from regulators, they may one day see their inbound and outbound traffic restricted or completely blocked by IPS, unless users use additional disguise tools such as VPNs.
Related: From NFTs to CBDCs, Crypto must ensure compliance before regulators
War of exhaustion against ransom goods
The Suex OTC incident and its far-reaching implications indicate that there may be a larger strategy for limiting ransomware groups. We know that they depend on a few nodes in the crypto ecosystem, but DEX and CEX have special value in their eyes, so they can hide their tracks and put money in their pockets. This is the end goal in most cases.
It is naive to expect all players on the field to be equally intrusive with their internal fuses. The introduction of KYC and AML standards on stock exchanges will make it more difficult for criminals to at least move cryptocurrencies and withdraw money from them. Such actions will increase their losses, and make the whole operation less profitable and therefore less profitable.
