Cybercrime and Dark Web Research / Bitcoin and Alternative Cryptos in the Cybercriminal Underground

Bitcoin and Alternative Cryptos in the Cybercriminal Underground

Bitcoin and Alternative Cryptos in the Cybercriminal Underground
Photon Research Team
Read More From Photon Research Team
May 11, 2021 | 10 Min Read

The popularity of Bitcoin and cryptocurrencies continue to progress in the modern-day, with drastically surging valuations. Notably, Bitcoin surpassed its all-time high of USD 20,000 (in 2017) to achieve an eye-watering USD 60,000 at the time of writing (April 2021). And while legislation and law enforcement continue to try to get a stranglehold on the growing cryptocurrency space, cybercriminality has been at the forefront of its use since the early days.. 

These days, Bitcoin and cybercrime go hand in hand. Still, recent question marks over their relationship have appeared, mainly owing to increased law-enforcement intervention and criminal organizations being uncovered through their ongoing use of the digital currency. However, with a host of alternative cryptocurrencies making more secure and privacy-orientated features available to the cybercriminal world, is it inevitable that we will increasingly see cybercriminals shift away from the Bitcoin crypto-powerhouse? The question was potentially answered by the “REvil” ransomware collective in 2020 when they declared they were switching payment operations away from Bitcoin and Ethereum in favor of Monero. Below, we take a look at the current relationship status of cybercrime-Bitcoin and see what other fish are in the sea.

When did cybercriminals begin using Bitcoin?

Cybercrime has long been synonymous with Bitcoin, ever since Satoshi Nakamoto published the original whitepaper and the Bitcoin network came to life in 2009. The cryptocurrency serves many purposes in the cybercriminal world, not limited to facilitating dark web transactions, extortion, money-laundering, and fraudulent payments. But with the modern world starting to catch up in terms of technology, regulations, law-enforcement tracking capabilities, and improved account identification processes, we noticed a shift in how cybercriminals are using Bitcoin. There’s also some uncertainty about how useful it will continue to be for the cybercriminal world, where anonymity is vital and lack of security hygiene can lead to incarceration.

Isn’t Bitcoin anonymous?

Bitcoin has often been mislabelled as an anonymous digital currency, but the reality is very much the opposite; anonymity has never been a characteristic of the currency or the blockchain it’s built on. The currency’s public ledger records every single transaction broadcasted across the network, resulting in the ability to trace all coins from their originating source to their final destination. For that reason, the digital currency is referred to as pseudonymous rather than anonymous. 

And even though Bitcoin has been a significant factor in how cybercrime has grown in the past 5 to 10 years―through its use of unnamed virtual wallets, lack of real-life identification processes and decentralized system affording easy cross-border payments―blockchain tracking technology has been steadily rising to bridge the gap. These days, dedicated platforms designed to trace Bitcoin throughout the blockchain have helped nullify the myths of Bitcoin’s anonymity and become an asset to law-enforcement bodies tackling cybercrime.

Forum users discuss Bitcoin anonymity rumours
Forum users discuss Bitcoin anonymity rumours

Why does Bitcoin continue in the cybercriminal world?

If Bitcoin isn’t anonymous, why do cybercriminals still use it, you might ask. Well, they’ve been fighting to make tracing difficult again for some time, with tools and methods designed to keep the transactions of Bitcoin users private. Also, there are still common mechanisms, largely popularized within the cybercriminal community, that keep Bitcoin viable for criminal use. 

These mechanisms include coin-mixing and tumbling—the process of mixing tainted currency in among transactions from other locations to obfuscate its true origin—, privacy-based wallets with inbuilt privacy and anonymity features, and the conversion of Bitcoin to alternative cryptocurrencies and back again. Each process serves to make any tracking mechanism arduous and keep law enforcement far enough away from uncovering a real-world identity. 

This leads us to another reason why Bitcoin remains popular. It’s the main reason it was created in the first place: decentralization! Conventional financial practices, like banking, often provide barriers to criminals in the form of formal identity documents to create accounts and validate monetary transactions. But in the world of Bitcoin, central authorities governing the use of the asset was never an issue, and criminals could create virtual wallets as they wished without being tied to a real-life identity. This not only helped criminals receive and transfer funds without a moment’s thought but also served as an efficient way to launder dirty money through a legitimate financial system. 

In recent times, regulatory bodies have introduced formal identification processes to purchase and withdraw cryptocurrency from established platforms. However, there are several services that solely serve as a gateway into the world of digital currencies for cybercriminals who need not go through an established platform. 

Lastly, the main reason why Bitcoin is still used lies in its large liquid market and the volatility in its valuation, which can rise and fall dramatically. In the past year alone, the value of Bitcoin rose from USD 7,000 (in April 2020) to USD 60,000 (in April 2021). So the financial benefit likely far outweighs the potential pitfalls of the currency in terms of privacy and security. But the last point begs the question of why Bitcoin’s purpose is, all of a sudden, being questioned by cybercriminals.

Cybercriminal forum users endorsing Bitcoin wallets with anonymity and privacy features

Why are cybercriminals leaving Bitcoin?

Even though there are mechanisms attempting to keep Bitcoin “anonymous” in one form or another, there’s a growing portion of the cybercriminal community that recognizes this is no longer enough. Recent law-enforcement action to seize or disrupt high-profile criminal marketplaces (Empire, Dark Market, and AlphaBay) show the advancement of blockchain analysis techniques. And they perhaps indicate, to more privacy-oriented users, that despite the mixing and tumbling processes that exist, there is an inherent danger that the owner of a wallet may be unmasked through historical transactions with arrested individuals, identifiers, and previous connections to criminal platforms. Cybercriminals are increasingly advocating a shift from Bitcoin to alternative, privacy-based digital currencies, such as Monero: a digital currency built with privacy and security features from the get-go. 

Recent confirmations of this sentiment have been identified. Some highly regarded dark-web marketplaces are moving to a solely Monero-based payment model. An announcement by REvil requested that ransom payments be paid in Monero over Tor (The Onion Router) instead of Bitcoin. The cybercriminal community is beginning to see that Bitcoin serves the purpose of a big payday, but the underlying design leaves them open to exposure. 

This goes some way in explaining why Monero and alternatives have been thrown into the mix as of late. Built on the premise of privacy and security, these coins are a stark reminder of how cybercriminals can abuse a digital currency’s legitimate intent and bend it to their will. When combined with privacy applications, like Tor, I2P, and OpenBazaar, this will only put up another barrier between law enforcement and a cybercriminal.

Cybercriminal forum users discuss the Bitcoin cleaning methodologies
Cybercriminal forum users discuss the Bitcoin cleaning methodologies

Other than Monero, what else is there?

With a good deal of privacy-based coins available, why is Monero emerging as the new go-to criminal coin? Simply put, reputation and experience. Monero is regarded as one of the industry’s most privacy-focused coins, in existence for the past seven years. The currency builds on the strengths of Bitcoin but looks to maintain privacy of the user’s transaction activity. 

The Monero community recently attempted to get the currency included as a viable payment option, alongside Bitcoin, for Tesla. This showcases its popularity in the crypto world. But putting Monero to one side, what other alternatives serve a similar purpose?

ZCash

ZCash started in 2016 and stems from the same code as Bitcoin, but the currency operates on its blockchain with a PoW (Proof of Work) mining consensus separate from that associated with Bitcoin. The visual currency incorporates the use of private “shielded” and public transfers. This enables transactions to be verified without revealing the sender, receiver, or transaction amount. Interestingly, the asset enables a user to disclose select details of a transaction for compliance or audit purposes.

Dash

Created following a fork of the Bitcoin protocol in 2014, this currency was initially branded “XCoin,” later rebranded “Darkcoin,” and, subsequently, Dash. Although the creator of the coin states the currency is not an “AEC” (anonymity-enhanced cryptocurrency), a function called PrivateSend allows a user to opt to send transactions anonymously. The technology behind this feature relates to a mechanism called CoinJoin, which is also seen in the privacy-based wallet 

service Wasabi. The technology essentially complicates transactions by continuously pooling groups of transactions to the point that analytics cannot deter where coins are being sent or received.

Verge

This digital currency was created in 2014 and runs on its blockchain. Initially known as “DogeCoinDark,” Verge enables private transfers through the use of I2P or Tor, which helps conceal user locations.

Beam and Grin

These currencies emerged on the scene in 2019 with a newer blockchain technology called Mimblewimble. This technology introduces the concept of no identifiable or reusable addresses, meaning that all transactions look like random data to an outsider, with blocks looking like one large transaction, rather than a combination of several individual ones. 

Although the above alternatives are available to the criminal world, their use has been hampered by ease of access―one aspect Bitcoin has not struggled with. This point is made evident with the continued support for Bitcoin payments on several criminal marketplaces, despite high-profile law-enforcement seizures over the past couple of years. And certain cryptocurrency exchanges have gone to the extent of delisting some of these privacy-oriented currencies from their respective platforms, owing to their criminal links.

Forum users discuss the anonymity concerns over Bitcoin

Closing thoughts on Cybercriminals and Cryptocurrencies

So, when all is said and done, whether cybercriminals stick with Bitcoin or look to one of its younger siblings, the cryptocurrency space will continue to provide an ongoing headache for law enforcement authorities and businesses and consumers. Technological developments are slowly bridging the gap between law enforcement and cybercrime in the world of Bitcoin; innovations and tools available to the cybercriminal landscape continue to provide cybercriminals with the upper hand but also possibly force them to keep one eye over their shoulder. And while Bitcoin, once viewed as a criminal favorite, continues to fall under scrutiny for privacy concerns that call into question its position in the criminal world, its monetary value and ease of access simply cannot be ignored. 

Predictions indicate that Bitcoin isn’t going anywhere anytime soon. Rather than being abandoned altogether, it will sit alongside more privacy-based alternatives, meaning the benefits of both can be combined. What we can be sure of, though, is that as long as cryptocurrencies are a part of our world, cybercriminals will continue to manipulate them to suit their wants and needs.


Digital Shadows monitors threat-actor activity across the cybercriminal landscape, including their use of cryptocurrencies and emerging threats, providing unique insights to help organizations understand the nature of the threat actors looking to get access to their assets. If you’d like to search the dark web and cybercriminal underworld for crypto-related references to your organization or exposed data for sale, sign up for a demo of SearchLight here. Alternatively, you can access a constantly updated threat intelligence library providing insight on this and other cybercriminal-related trends that might impact your organization and allow security teams to stay ahead of the game. Get a free seven-day test drive of SearchLight here.

Building successful teams on the cybercriminal underground

Building successful teams on the cybercriminal underground

September 15, 2021 | 7 Min Read

We’ve all been socialized since childhood to...
AlphaBay’s Return: SWOT Findings

AlphaBay’s Return: SWOT Findings

September 9, 2021 | 14 Min Read

Hot on the heels of our recent blog titled...
Protecting Against Ransomware: What Role Does Threat Intelligence Play?

Protecting Against Ransomware: What Role Does Threat Intelligence Play?

September 7, 2021 | 4 Min Read

Ransomware actors are thriving at the moment:...
The Never-ending Ransomware Story

The Never-ending Ransomware Story

August 31, 2021 | 10 Min Read

In the Never Ending Story, Bastian is drawn away...