Just two entities are behind most of the big cryptocurrency heists
Chainalysis says most of the money stolen in cryptocurrency hacks has been taken by just two groups.
- The Chainalysis report is due next week.
- The two groups both aim to cash out to fiat, but have very different methods.
- There are a lot of questions the full report might answer.
One of the great things about cryptocurrency is that it's all about creating a fairer economy, banking the unbanked and similar.
At least that's the party line. In practice, most cryptocurrency wealth has been as tightly concentrated as in the traditional finance world – if not even more so.
This trend has extended to the world of cryptocurrency hacks according to a new study by blockchain forensics firm Chainalysis. The full report is due next week, but in an interview with the Wall Street Journal, Chainalysis has revealed that its assessment suggests that just two hacking groups are behind about $1 billion in cryptocurrency thefts – more than half the amount stolen in the last two years.
Crime pays, but only if you're really, really good at it
Chainalysis claims to have found signs of two major groups being behind the majority of big cryptocurrency heists, although it notes that there's a chance its analysis is incorrect.
The first group, dubbed Alpha, is a "giant, tightly controlled organisation at least partly driven by nonmonetary goals," Chainalysis said in its report. It describes the second, dubbed Beta, as a smaller and less organised but much more mercenary group. Beta is "a heavily sanctioned organisation absolutely focused on the money," it says.
Following heists, both groups aimed to convert the spoils to cash and managed to do so with relatively little trouble. How they do so is quite different though.
Alpha's method is to scatter the funds and cover its tracks as soon as it can and then to cash out as soon as it can. On average, Chainalysis said, Alpha transfers stolen funds an average of 5,000 times before cashing out. It may depend on how much heat it's expecting though, and one hack involved 15,000 transfers before cashing out.
It's hard for even the most above-board exchanges to keep up with all the transactions and to flag the funds as stolen, Chainalysis chief economist Philip Gradwell said.
Remarkably, Alpha manages to convert three-quarters of its stolen funds into cash within an average of 30 days. By contrast, Beta tends to sit on the funds for months while waiting for publicity around a hack to fade, at which point it quickly dumps as much of it as it can.
"When they feel ready to cash out, they quickly hit one exchange, cashing out over 50% of funds within days," the report says.
May be worth noting
There are a lot of questions around methodology that might have to wait for the release of the report to be answered, not the least of which is what Chainalysis found on the blockchain that has it speculating on the collective personalities and motivations of Alpha and Beta, and how confident it is that these are two distinct groups.
That there's so much cashing out of funds, even through regulated exchanges, suggests that somewhere there may be AML/KYC documentation connected to high-profile crypto thefts.
The combined time frame (at least 18 months judging by Beta's tendency to sit on funds) and dollar amounts (enough to add up to $1 billion) might also suggest that Chainalysis could have a hint of who's behind some of the older new heists in crypto – heists at least 18 months ago but recently enough for crypto prices to be relatively high. The DAO hack and Bitfinex heist come to mind. Meanwhile, the alleged Mt Gox mastermind is already thought to be in custody. And so is Mark Karpeles, for that matter.
But all we can do at this point is speculate.
And for some perspective, it's also worth noting that one group of hackers managed to single-handedly pull down $1.2 billion in fiat from hacking banks over the course of about four years. Cybercrime is not a uniquely crypto problem.
Entertainingly enough, that group of bank hackers wanted to convert their fiat to crypto while these hackers are trying to go the other way.
Disclosure: At the time of writing, the author holds ETH.
- Phil Wilson: Satoshi Nakamoto was Craig Wright, Dave Kleiman and I
- Hybrid public-private blockchains in the real world – Part 2
- eToro launches 8 brand new stablecoins with eToroX exchange
- Bitcoin SV melts under the spotlight. Delistings, lawsuits and fraud accusations
- 23 highlights from the Ethereum core developer Q&A at EDCON 2019