LIVE NOW

Just two entities are behind most of the big cryptocurrency heists

Andrew Munro 29 January 2019 NEWS

Chainalysis says most of the money stolen in cryptocurrency hacks has been taken by just two groups.

  • The Chainalysis report is due next week.
  • The two groups both aim to cash out to fiat, but have very different methods.
  • There are a lot of questions the full report might answer.

One of the great things about cryptocurrency is that it's all about creating a fairer economy, banking the unbanked and similar.

At least that's the party line. In practice, most cryptocurrency wealth has been as tightly concentrated as in the traditional finance world – if not even more so.

This trend has extended to the world of cryptocurrency hacks according to a new study by blockchain forensics firm Chainalysis. The full report is due next week, but in an interview with the Wall Street Journal, Chainalysis has revealed that its assessment suggests that just two hacking groups are behind about $1 billion in cryptocurrency thefts – more than half the amount stolen in the last two years.



Crime pays, but only if you're really, really good at it

Chainalysis claims to have found signs of two major groups being behind the majority of big cryptocurrency heists, although it notes that there's a chance its analysis is incorrect.

The first group, dubbed Alpha, is a "giant, tightly controlled organisation at least partly driven by nonmonetary goals," Chainalysis said in its report. It describes the second, dubbed Beta, as a smaller and less organised but much more mercenary group. Beta is "a heavily sanctioned organisation absolutely focused on the money," it says.

Following heists, both groups aimed to convert the spoils to cash and managed to do so with relatively little trouble. How they do so is quite different though.

Alpha's method is to scatter the funds and cover its tracks as soon as it can and then to cash out as soon as it can. On average, Chainalysis said, Alpha transfers stolen funds an average of 5,000 times before cashing out. It may depend on how much heat it's expecting though, and one hack involved 15,000 transfers before cashing out.

It's hard for even the most above-board exchanges to keep up with all the transactions and to flag the funds as stolen, Chainalysis chief economist Philip Gradwell said.

Remarkably, Alpha manages to convert three-quarters of its stolen funds into cash within an average of 30 days. By contrast, Beta tends to sit on the funds for months while waiting for publicity around a hack to fade, at which point it quickly dumps as much of it as it can.

"When they feel ready to cash out, they quickly hit one exchange, cashing out over 50% of funds within days," the report says.

May be worth noting

There are a lot of questions around methodology that might have to wait for the release of the report to be answered, not the least of which is what Chainalysis found on the blockchain that has it speculating on the collective personalities and motivations of Alpha and Beta, and how confident it is that these are two distinct groups.

That there's so much cashing out of funds, even through regulated exchanges, suggests that somewhere there may be AML/KYC documentation connected to high-profile crypto thefts.

The combined time frame (at least 18 months judging by Beta's tendency to sit on funds) and dollar amounts (enough to add up to $1 billion) might also suggest that Chainalysis could have a hint of who's behind some of the older new heists in crypto – heists at least 18 months ago but recently enough for crypto prices to be relatively high. The DAO hack and Bitfinex heist come to mind. Meanwhile, the alleged Mt Gox mastermind is already thought to be in custody. And so is Mark Karpeles, for that matter.

But all we can do at this point is speculate.

And for some perspective, it's also worth noting that one group of hackers managed to single-handedly pull down $1.2 billion in fiat from hacking banks over the course of about four years. Cybercrime is not a uniquely crypto problem.

Entertainingly enough, that group of bank hackers wanted to convert their fiat to crypto while these hackers are trying to go the other way.


Disclosure: At the time of writing, the author holds ETH.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Crypto explained


Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Ask a question
Go to site