Why Go Through the Trouble to Tumble?

Why Go Through the Trouble to Tumble?
Digital Shadows Analyst Team
More From Digital Shadows Analyst Team

3 Min Read

Today you can purchase a pizza in Berlin and pay for it from a digital wallet located on a computer in Prague. Times have changed, and so has our view on currency. Blockchain technology, born out of Bitcoin, is intended to influence the way governments assure the integrity of everything, from real estate to taxes. And, though there are many legitimate uses of digital currencies, there are many ways that it has been adopted and abused by criminals.

Getting paid in the underground is a priority for cybercriminals. Having mastered traditional payment systems, cyber criminals have adjusted and adapted to online digital currencies. Bitcoin seemed to answer the prayers of many digital currency users. It was relatively quick, easy to procure, easy to establish transactions and easy to cash out. However, Bitcoin did not address a matter that was near and dear to the hearts of its users – security. It made no real provision for anonymity or privacy and, as a result, its users were no more secure than they had been on other alternate digital currency platforms.

In order to address this issue a technique was developed that very closely mirrored money laundering in the physical world. That technique was called “tumbling.” Tumbling, also referred to as Bitcoin mixing or Bitcoin laundering, is the process of using a third party service to break the connection between a Bitcoin address sending coins and the address(es) they are sent to. Tumbling, it was discovered, could be as easy as confusing the trail of transactions between two wallets, making investigation and attribution almost impossible. Those steps resemble the following:

  1. Create a wallet through a Bitcoin brokerage or exchange site;
  2. Purchase Bitcoins and send them off to be tumbled in the wallet created in step 1;
  3. Create a second wallet using the Tor network;
  4. Send Bitcoins from the wallet created in step 1 to the wallet created in step 3.

However, for some people, the layering of transactions was not enough and they sought out alternative solutions. Many solutions began springing up and some, such as Bit Launderer, Helix by Grams and Bitmixer.io, have become popular among users due to their discretion, security and privacy. The first screenshot below is an example of a surface web site called Bit Launderer. The sites owners have made a point of stating that Bitcoin is not anonymous, that it can be traced and that their solution cleans Bitcoins thoroughly to leave them anonymous. The second screenshot is of Helix by Grams. Its owners state that they are the “…definitive DarkWeb Bitcoin cleaners…” and that they provide brand new Bitcoins that have never been to the dark net before. Some deal!

bitlaunder.com

helix

Regardless of the methodology chosen for laundering Bitcoins, the reality is that a failure to do so will weaken the security posture of criminals. Being able to increase one’s anonymity and privacy is of paramount importance to cyber criminals.

Being cognizant of the activity and techniques of adversaries within the cyber criminal underground is important for several reasons, not the least of which is doing business along side them in common environments such as digital currency brokerages and exchanges.

 

To learn more, subscribe to our threat intelligence emails here.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

connect with us

Tags:

Related Posts

Recon: Dark web reconnaissance made to look easy

Recon: Dark web reconnaissance made to look easy

April 3, 2020 | 4 Min Read

Just as the rest of us enjoy the ease of...
Coronavirus as a double-edged sword for cybercriminals: Desperation or opportunity?

Coronavirus as a double-edged sword for cybercriminals: Desperation or opportunity?

April 2, 2020 | 9 Min Read

The ongoing COVID-19 (aka coronavirus) pandemic...
COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals...