CySecurity News - Latest Information Security and Hacking Incidents: Money Laundering

Cryptonator German law enforcement Laundering Money Laundering ransom payments seized stolen cryptocurrency Technology U.S. law enforcement

Cryptonator Seized for Laundering Ransom Payments and Stolen Cryptocurrency

U.S. and German law enforcement have taken down the domain of Cryptonator, a cryptocurrency wallet platform allegedly used by ransomware groups, darknet marketplaces, and other illegal services. The platform's operator, Roman Boss, has been indicted on charges of money laundering and running an unlicensed money service business.

Cryptonator, established in 2014, allows users to store and exchange various cryptocurrencies within their personal wallets. However, according to blockchain investigation firm TRM, Cryptonator did not implement necessary anti-money laundering controls, enabling anonymous or pseudonymous users to conduct illicit activities.

The primary domain "cryptonator.com" now displays a seizure notice. The operation involved the U.S. Department of Justice, the FBI, the IRS:CI, the National Cryptocurrency Enforcement Team, the German Federal Criminal Police Office (BKA), and the Attorney General's Office in Frankfurt am Main.

Between 2014 and 2023, Cryptonator wallet addresses reportedly engaged in significant transactions, including:

- $25 million with darknet markets and fraud shops

- $34.5 million with scam addresses

- $80 million with high-risk exchanges

- $8 million with ransomware-associated addresses

- $54 million with hacked and crypto theft operations

- $34 million with illegal cryptocurrency mixers

- $17 million with sanctioned addresses

TRM links Cryptonator's transactions to entities such as Hydra Market, Blender.io, Finiko, Bitzlato, Garantex, Nobitex, and an unidentified terrorist group. The U.S. government has previously sanctioned Hydra Market, Bitzlato, Garantex, and Blender.io.

The Department of Justice's complaint alleges that Cryptonator's account creation process, requiring only an email and password, failed to comply with know-your-customer (KYC) regulations. It also accuses Boss of facilitating illicit activities, including discussions about supporting cryptocurrencies popular in darknet markets, such as Monero, and offering API key integrations for illegal platforms.

The complaint seeks penalties for money laundering, operating an unlicensed money service business, injunctions against Boss, damage relief, and asset seizures. The DOJ revealed that Cryptonator processed over $235 million in illicit funds.

Lazarus Hacking Group is Using Asian Firms to Launder Stolen Crypto



 

North Korea Hackers

Asian Payment Firm Cryptoc Cyber Crime Money Laundering North Korea Hackers

Lazarus Hacking Group is Using Asian Firms to Launder Stolen Crypto

Cambodian payments company received crypto worth over US$150,000 from a digital wallet employed by North Korean hacking group Lazarus, blockchain data shows, a glimpse of how the criminal outfit has laundered funds in Southeast Asia.

Huione Pay, based in Phnom Penh and offers currency exchange, payments and remittance services, received the crypto between June 2023 and February this year, according to the previously unreported blockchain data reviewed by Reuters.

The crypto was transferred to Huione Pay from an anonymous digital wallet that, according to blockchain experts, was used by a hacking outfit to deposit funds stolen from three crypto firms in June and July 2023.

The United States' Federal Bureau of Investigation said in August last year that Lazarus stole US$160 million from the crypto firms: Estonia-based Atomic Wallet and CoinsPaid; and Alphapo, registered in Saint Vincent and the Grenadines.

They were the latest in a series of heists by Lazarus that the US said was funding Pyongyang's weapons programmes. Cryptocurrency allows North Korea to circumvent international sanctions, the United Nations has said.

The crypto might have assisted the regime pay for banned goods and services, according to the Royal United Services Institute, a London-based defence and security think tank.

Huione Pay's board said the company had not known it "received funds indirectly" from the hacks and cited the multiple transactions between its wallet and the source of the hack as the reason it was unaware.

Rhe wallet that sent the funds was not under its management, Huione added.

Huione Pay — whose three directors include Hun To, a cousin of Prime Minister Hun Manet — refused to elaborate why it had received funds from the wallet or provide details of its compliance policies. The firm stated Hun To's directorship does not include day-to-day oversight of its operations. The National Bank of Cambodia (NBC) said payments companies such as Huione weren't allowed to deal or trade in any cryptocurrencies and digital assets.

US blockchain analysis firm TRM Labs told Reuters that Huione Pay was one of a number of payment platforms and over-the-counter brokers that received a majority of the crypto stolen in the Atomic Wallet hack. Brokers connect buyers and sellers of crypto, offering traders a greater degree of privacy than crypto exchanges.

TRM also said the attackers conceal their tracks by converting the stolen crypto via a complex laundering operation into different cryptocurrencies, including tether (USDT) — a so-called "stablecoin" that retains a steady value in dollars.

Unveiling the Mule Accounts Menace in Modern Money Laundering



 

Mule Accounts Menace

Cyber Attacks CyberCrime Cyberhackers Cybersecurity CyberThreat Money Laundering Mule Accounts Menace

Unveiling the Mule Accounts Menace in Modern Money Laundering

In a recent statement, a member of the RBI's board of governors has urged banks to step up efforts against mule accounts. According to Piyush Shukla, money mules in India do much more than move money. A MULE ACCOUNT IS a bank account that receives funds from illegal activities and then transfers those funds to other accounts, thus serving as a bridge for money laundering and other illegal practices to take place.

It is not uncommon in India to come across people who are opening mule accounts based on their bank accounts that they are offering in place of money as payment. The account holder's onboarding process is not automated in this way, which makes it more difficult to detect such accounts. Even though there are ways to put a stop to these accounts, the right controls and monitoring of the user's behaviour throughout the lifecycle of the account can be employed to give the user the greatest protection.

Last November it was reported about the arrests of six people in Bengaluru about the alleged operation of 126 mule accounts. There has been raised concern by the Reserve Bank of India (RBI) earlier this week regarding certain banks having a huge number of fraudster accounts used for fraudulent transactions and loan evergreening by their customers. In a move to curb digital fraud, Shaktikanta Das, the governor of the Reserve Bank of India, has directed banks to crack down on the use of mule accounts as well as increase customer awareness and education initiatives.

Money mules can be generally categorized into five different kinds based on their level of complicity in a money laundering scheme and the way they are employed. A victim mule is a person who is unaware, for example, that his account has been compromised and that it is being abused by a fraudster who wants to launder money through his account. An incident of data breach most likely resulted in the victim's account details being leaked.

Money mules can also come in the shape of misled parties, who are misled into sending and receiving money on behalf of fraudsters, believing that the money they are sending and receiving is clean. It is not uncommon for mules to respond to job advertisements they find interesting, and they respond to one or more of them that involve them executing transactions on behalf of the employers. One of the most common types of money mules is the deceiver. He or she opens new accounts by using stolen or synthetic identities to send and receive stolen funds.

One way in which money is mulled is through the use of "peddlers", or people who sell their information to fraudsters, who then use that information to send and receive stolen funds. Mules can also be accomplices, who can open a new account in his name or use an existing one to send and receive funds at the direction of a fraudster, who instructs him to do so. In the study conducted by BioCatch, a digital fraud detection company, it was revealed that nine out of ten accounts were undetected as mule accounts by one of its Indian partners.

During the first month of documented mule account activity, 86% of the sessions that were posted from within India were documented, however after a month those numbers dropped to just 20%, and 16% of those sessions were using a VPN to access such accounts. Although most of the activity in mule accounts happens in Bhubaneswar—15% —Lucknow and Navi Mumbai are each responsible for 3.4% of the activity. Two cities in West Bengal, Bhagabatipur and Gobindapur, recorded 1.7% and 2.6% of mule account activity, respectively. In comparison, Mumbai and Bengaluru reported 2.2% and 1.8% of such activity, respectively.

To help customers prevent their bank accounts from becoming mule accounts, the following practices are recommended:

1. Treat all unexpected communications, especially those offering lucrative, effortless jobs, with scepticism.

2. Unrealistically high payments for straightforward tasks should raise alarms.

3. Be wary of job offers with ambiguous descriptions and responsibilities, particularly if money transfers are involved.

4. Scammers often pressure customers into making swift decisions, such as hurriedly confirming their identity or claiming a reward. Customers must pause and assess their demands carefully.

5. Be extremely cautious while using unconventional payment methods, such as gift cards or virtual currencies.

In October 2023, the Reserve Bank of India (RBI) tightened the customer due diligence (CDD) norms by instructing banks and regulated entities to adopt a risk-based approach for periodic updating of know-your-customer (KYC) data. According to the latest Master Directions, the risk-based approach for periodic updating of KYC has been amended to state: “Registered Entities (REs) shall adopt a risk-based approach for periodic updating of KYC, ensuring that the information or data collected under CDD is kept up-to-date and relevant, particularly where it is high-risk.”

Furthermore, the Master Directions emphasize that instructions on opening accounts and monitoring transactions should be strictly adhered to, to minimize the operations of money mules. These mules are used to launder the proceeds of fraud schemes, such as phishing and identity theft, by criminals who gain illegal access to deposit accounts.

Banks are required to undertake diligence measures and meticulous monitoring to identify accounts operated as money mules, take appropriate action, and report suspicious transactions to the Financial Intelligence Unit.

Digital Arrest Scam: Bengaluru Man Loses Rs 3.8 Crore to Scammers



 

Money Laundering

Bank Scam Bengaluru Cyber Crime Fraud Money Laundering

Digital Arrest Scam: Bengaluru Man Loses Rs 3.8 Crore to Scammers

A 73-year-old man recently lost Rs 3.8 crore due to the 'digital arrest' threat posed by fraudsters impersonating law enforcement officers. The fraudsters held him under 'digital arrest' from May 5 to 10, saying that he was under Mumbai police monitoring because a parcel shipped in his name to Taiwan contained drugs.

The Setup

It all started on May 5 at 10 a.m., when Rajkumar (name changed), an Indiranagar resident and retired MNC executive, got a call from 8861447031. The caller claimed as a 'FedEx' logistics executive and supplied Rajkumar's Aadhaar and mobile numbers.

He said that a package shipped to Taiwan under Shankar's name contained five passports, a laptop, 3kg of clothing, and 150 grams of MDMA. He forwarded the phone to a "police officer" after claiming a case against him had been filed at Mumbai's Andheri East cyber police station.

The Deception

A man claimed to be Rajesh Pradhan, DCP (Cybercrime), Andheri and informed Shankar that he was under digital arrest until the inquiry was completed. They warned to arrest him if he left his residence and instructed him to isolate himself in a room. Later, they made a video call to him, and Shankar noticed a police station in the backdrop and assumed he was speaking with actual cops.

Pradhan informed Rajkumar that this was a high-profile and sensitive matter involving VIPs. He was told not to mention their call with anybody and threatened with arrest if he did not obey their instructions.

The Money Transfer

The con artist added that they discovered a bank account opened in his name that was being used for money laundering. They allegedly examined the charges against him, which included money laundering, NDPS, and other criminal actions, before offering to assist him.

To protect the account, he was ordered to move the full balance in his bank accounts to Reserve Bank of India (RBI) accounts.

The Aftermath

After promising to repay him after his transactions were verified, they convinced Shankar to send money to their accounts in several transactions.

After transferring Rs 3.8 crore, Rajkumar was promised that the return would be in his account within 30 minutes of verification and the connection was discontinued. Rajkumar only realized he had been duped after the crooks went mute.

The digital arrest is fake: DCP

According to Kuldeep Kumar Jain, DCP (East), Shankar submitted a report on May 13, and they were able to freeze Rs 9 lakh within two days.

A case has been filed under the Information Technology Act and IPC section 420 (cheating and dishonestly inducing delivery of property).

According to Jain, such claims should not be taken seriously. The police force has no idea of digital arrests or online (virtual) investigations. If you receive such calls, simply disconnect and report them to your nearest police station or the 1930 cyber helpline. If you lose any money, you should contact the police right away. Delays in filing complaints will have an impact on recovery rates.

Mule Recruitment Scheme: Scammers Making Innocents Accomplices Into Money Laundering



 

Payment Scam

Banking scam Cyber Crime Money Laundering Mule Account Payment Scam

Mule Recruitment Scheme: Scammers Making Innocents Accomplices Into Money Laundering

If an online offer seems too good to be true and needs managing money, it is a possible mule recruitment scam.

RBI and NPCI warn users

The National Payments Corporation of India (NPCI) and RBI regulations advise not using Indian payment systems for banned or blacklisted website categories such as porn sites, gambling, Chinese laundering/loan apps, Forex trading sites, or other shadowy websites.

To escape this restriction, scammers use Mule accounts to receive money through Indian payment ways like bank accounts, credit cards, UPI, debit cards, and VPA.

What is a Mule account?

A Mule account is a famous term in cybercrime that looks for any account used for moving money illegally received through illegal activities. These accounts mostly belong to those who, intentionally or unintentionally, have been tricked into playing the illegal money laundering act.

Not aware of being part of a bigger scam, these individuals or “money Mules” are tricked into letting unknown scammers use their accounts to hide the source of laundered money. Scammers make these payments look legit through sly schemes and baits, hiding the money’s shadowy inheritance before it goes to the final destination.

“We detect 18 to 20 thousand cases every single day for a National Bank. These mule accounts are usually owned by regular people who are either tricked into opening them or knowingly use them at the behest of some monetary payments. We advise people not to share their account details or give access to anyone. Fraudsters can use your credentials for such illegal activity” said Amit Relan, Co-founder and CEO of mFilterit.

Tricking of customers

Money Mules fall into two categories: willing participants and duped participants. The scammers approach the Mule account customer online via emails, social media, websites, etc. Customers are fooled into believing they will get money in their bank account through commissions or incentives. After that, the scammer transfers laundered money into the Mule account.

Scammers attack vulnerable and naive individuals, using lucrative job scams or fake online relationships to scam people. The victims are fooled through false promises of easy money for not-so-harmful activities like transferring goods or money. If an online job opening seems too good to be true or needs managing money or services, it is most likely a Mule recruitment scam.

“Fraudsters might pose as authentic organizations like banks or government agencies to deceive victims into divulging personal or financial details. Phishing emails frequently include hyperlinks or attachments that, once clicked or opened, can deploy malware or direct users to fake websites crafted to steal sensitive information” said Dhiren. V. Dhedia, Head- Enterprise Solutions, CrossFraud.

How to be safe?

Be cautious, if someone else controls your bank account, you are risking your savings and facing possible criminal charges. You should stay updated and informed to not fall for the mule scam.

Sharing your personal banking details with people you don’t trust is a big no, even if they have a believable story or offer.

North Korean Hackers' $12M Ethereum Laundering Via Tornado Cash Unveiled



 

Tornado Cash

Cyber Attacks CyberCrime Cyberhackers Cybersecurity Money Laundering Tornado Cash

North Korean Hackers' $12M Ethereum Laundering Via Tornado Cash Unveiled

It has been reported that North Korean hackers associated with the Lazarus Group have exploited Tornado Cash in a recent development to launder approximately $12 million worth of stolen Ethereum (ETH) in the last 24 hours, using the coin mix-up service Tornado Cash.

According to blockchain analytics firm Elliptic and experts from other organizations, the Lazarus Group was responsible for the theft of $100 million in cryptocurrency from HTX and its HECO Bridge in November of 2023, according to blockchain analytics firm Elliptic. HTX, a cryptocurrency exchange, and its cross-chain bridge, HTX Eco Chain, or HECO, have been flagged by the analytics firm Elliptic as being engaged in on-chain activity since March 13 indicating that Lazarus Group hackers have transferred cryptocurrency worth $12 million to Tornado's wallets.

A decentralized and non-custodial privacy tool, Tornado Cash was stolen in November from the cryptocurrency exchange HTX and its cross-chain bridge, HTX Eco Chain. Tornado Cash is a blockchain-based decentralized, non-custodial cryptocurrency. It is a smart contract-based system that allows users to deposit ETH and ERC-20 tokens at one address and then withdraw them at another address with the help of smart contracts.

This service and others that blend tokens from different sources to disguise funds are known as Tornado Cash and other mixers. The US Treasury blacklisted the service in August 2022 after it had been used to launder more than $7 billion in cryptocurrency since it was established in 2019.

The department has alleged that the mixer has been used to launder more than $7 billion over the past two years. Nevertheless, Sinbad.io itself was seized in November 2023 by US authorities, which eliminated another avenue by which hackers could commingle. Consequently, the group appears to have returned to Tornado Cash to launder funds at scale and obscure the transaction trail while using Tornado Cash's decentralized architecture and resistance to raids.

Finally, Elliptic suggests that it is possible to explain the resurgence of Tornado Cash reliance by the Lazarus Group due to law enforcement activities targeting services such as Sinbad.io and Blender.io, which has reduced the availability of large-scale mixers. The group has opted to take advantage of Tornado Cash's continued operation despite sanctions to take advantage of smart contracts' security and decentralized nature on blockchain networks, as they have few viable alternatives.

As part of this effort, the authorities are also targeting the developers of such mixers as well. In a recent U.S. investigation, Tornado Cash's developers, Roman Storm and Alexey Pertsev, were charged with numerous offences, including conspiracy to commit money laundering, conspiracy to violate sanctions, and conspiracy to operate an unlicensed money-transmitting business.

A similar development occurred on March 12 with the conviction of Bitcoin Fog's founder of money laundering. There have been several Lazarus Group operations going on for more than ten years now. As far as U.S. officials are concerned, they have stolen over $2 billion worth of cryptocurrency that was used to help fund North Korean programs for the development of weapons of mass destruction as well as ballistic missiles. In 2019, the United States government sanctioned the group by issuing sanctions against them.

Crypto In Trouble: A US Money Laundering Scandal Has Charged The Latest Exchange



 

Money Laundering

Crypto Cyber Crime Cyberattacks Federal Regulations Money Laundering

Crypto In Trouble: A US Money Laundering Scandal Has Charged The Latest Exchange

In the recent crackdown on crypto-associated cybercrime, the U.S. Department of Justice issued charges against Aliaksandr Klimenka.

Klimenka is accused of working with Alexander Vinnik and other individuals from July 2011 to July 2017 to operate BTC-e, an unregulated digital currency exchange, and to participate in a money laundering scheme, according to unsealed indictments.

The US Targets Another Cryptocurrency Exchange

The US Justice Department has accused BTC-e of being a hub for money laundering and cybercrime. The company is said to have provided high anonymity trading services that drew in customers who were heavily involved in illicit activities.

The news statement states that the site allegedly enabled financial transactions resulting from a variety of illegal activities, including computer hacking, fraud, identity theft, and drug trafficking.

Authorities emphasize BTC-e's involvement in cybercrimes and point out that it operated on American servers reportedly in violation of mandatory anti-money laundering procedures and "know your customer" (KYC) guidelines.

Furthermore, according to the government agency, BTC-e violated federal regulations mandating strict anti-money laundering protocols by failing to register as a money services organization, despite its substantial operations within the United States.

The arrest of Klimenka in Latvia last December, according to the US Department of Justice, was a significant milestone in their "efforts to combat cryptocurrency-facilitated crimes."

After making his first court appearance in San Francisco, Klimenka is being kept in detention and could receive a hefty 25-year maximum term if found guilty. The accusations highlight the U.S. government's increased emphasis on crimes involving digital assets, with the National Cryptocurrency Enforcement Team (NCET) leading inquiries into cryptocurrency misuse.

The press release stressed that the joint actions of the FBI, Homeland Security Investigations, IRS Criminal Investigation, and U.S. Secret Service underscore "the federal commitment to dismantling networks that leverage digital currencies for illegal activities."

Use of Cryptocurrency in Illegal Activity Falls to Record Lows

Despite the US government's claim, new research from the cryptocurrency analysis company Chainalysis suggests that just a tiny portion of blockchain transactions are utilized for illicit purposes.

$24 billion was received by "illicit addresses" in 2023, mostly from "sanctioned entities" according to US government records. This is a significant decrease from its 2022 value of approximately $40 billion, as shown in the following chart.

Canadian Financial Intelligence Agency Predicts Crypto Crime to Surge Rapidly



 

Money Laundering

Canadian Intelligence Crypto Crime Cyber Security Financial crime report Money Laundering

Canadian Financial Intelligence Agency Predicts Crypto Crime to Surge Rapidly

As the use of cryptocurrency grows, more criminals are likely to start using it to raise, move, and conceal money outside of the established banking system, according to Canada's financial intelligence agency.

In a report published on Monday, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) stated that ransomware attacks and the concealment and cleaning of fraudulent profits are the most frequent types of criminal activity involving cryptocurrencies.

Fintrac expanded its strategic intelligence programme to increase its knowledge and comprehension of the risks and vulnerabilities related to virtual currencies by building on the funding it had received in the previous two years' budgets.

“Fintrac continues to operate in a challenging environment with new and evolving technologies and financial products, rapidly shifting global financial systems and geopolitical events constantly shaping our work,” agency director Sarah Paquet stated in the report.

Every year, the agency sifts through millions of pieces of data from insurance firms, banks, money services enterprises, securities dealers, real-estate brokers, casinos, and others to track down money linked to illegal activities. It then actively shares details on suspected cases with police and other law enforcement agencies.

Businesses that exchange foreign currencies, transfer money, cash, or buy or sell money orders or traveler's cheques, or deal in virtual currency must first register with Fintrac before offering these services to the general public.

According to the report, the continued use of unregistered money services businesses creates challenges for those attempting to discover money laundering and terrorist financing via traditional financial channels.

“Suspicious transactions reported to Fintrac have highlighted the significant role of third-party intermediaries, such as professional money launderers and money mules, in facilitating underground banking and the laundering of criminal proceeds,” the report further reads.

While the majority of illicit cryptocurrency transactions involve the laundering of criminal proceeds—a small proportion of total virtual transactions—Fintrac has observed that terrorist groups around the world are increasingly using virtual currencies to finance their operations.

This trend is especially visible among those associated with ideologically driven violent extremism, who distrust regulated and centralised financial systems. There has also been an increase in loosely connected entities within expansive movements that transcend national boundaries in recent years, as well as the persistence of cross-border funding networks and online fundraising efforts.

Additionally, the report discovered that there is a significant reliance on mixing services and high-risk exchanges for laundering cryptocurrency and converting ransoms back into cash.

Europol Warns of a Potent Criminal Economy Fostered by New Technological Tools



 

Ransomware Gangs

cryptocurrency scammers Cyber Crime Europol Financial crime report fintech advancements Money Laundering neo banks online banking fraud organized crime networks Ransomware Gangs

Europol Warns of a Potent Criminal Economy Fostered by New Technological Tools

Europol's inaugural report on financial and economic crime highlights the alarming extent to which money laundering techniques employed by ransomware groups and cryptocurrency scammers are now cleaning the cash of nearly 70% of the world's organized crime networks.

Despite concerted efforts by international law enforcement agencies to combat cybercrime, progress has been sluggish, resulting in European criminals reaping profits of up to €188 billion.

The report underscores how advancements in fintech are exacerbating financial malfeasance. The widespread adoption of online banking and digital-only 'neo banks' has led to disproportionately high rates of financial fraud and money laundering. Innovations like virtual international bank account numbers (IBAN) and 'buy now pay later' financing have further fueled online fraud.

Europol also points out that encrypted messaging apps, dark web marketplaces, cryptocurrencies, and other privacy-enhancing technologies shield criminals' identities, presenting significant challenges for law enforcement agencies. Criminals can now easily access illicit digital products and technical services, even without advanced technological skills, thanks to a burgeoning "crime-as-a-service" model.

The report highlights how money laundering has become increasingly streamlined with the emergence of new types of digital assets. Professional money launderers have established a parallel underground financial system that processes transactions away from the watchful eye of legal financial mechanisms.

High-level money brokers play a pivotal role in this criminal ecosystem, providing a range of unregulated global banking and escrow services to numerous criminal organizations. This facilitates the laundering of billions of euros worth of illicit profits annually through the EU, rendering money laundering a significant criminal threat.

Europol underscores that most countries lack the requisite experience and specialized expertise needed for tracing cash, analyzing blockchain data, establishing actual ownership, managing seized assets, and facilitating recovery. Digital assets held outside of financial institutions pose an even greater challenge in terms of tracing, seizure, and confiscation.

“Organised crime has built a parallel global criminal economy around money laundering, illicit financial transfers and corruption,” explained Europol’s executive director, Catherine De Bolle. “With modern technology, they have diversified their modi operandi to evade detection.”

Ransomware Actors are Using Crypto Mining Pools to Launder Money



 

Ransomware Actors

Crypto Fraud Crypto Mining Cyber Crime Illegal Funds Money Laundering Ransomware Actors

Ransomware Actors are Using Crypto Mining Pools to Launder Money

According to a recent analysis by the blockchain forensic company Chainalysis, the use of cryptocurrency mining as a technique to improve money laundering skills extends beyond nation state actors and has particular appeal to regular criminals.

As per reports, sanctioned nation-states like Iran have turned to cryptocurrency mining as a way to amass money away from the traditional banking system. In a recent development, cybersecurity firm Mandiant also disclosed how the Lazarus Group, a notorious North Korean hacker group, has been utilising stolen cryptocurrencies like Bitcoin to buy freshly-mined cryptocurrency through hashing rental and cloud mining services.

Simply explained, online criminals mine "clean" coins using stolen crypto and then utilise different businesses to launder them. One of these sites, according to Chainalysis, is an unnamed "mainstream exchange" that has been acknowledged as having received "substantial funds" from wallets and mining pools connected to ransomware activity.

In total, $94.2 million was sent to one of these recognised deposit addresses, of which $19.1 million came from ransomware addresses and the remaining $14.1 million from mining pools. However, Chainalysis found that the ransomware wallet in question was occasionally sending money to a mining pool "both directly and via intermediaries."

“This may represent a sophisticated attempt at money laundering, in which the ransomware actor funnels funds to its preferred exchange via the mining pool in order to avoid triggering compliance alarms at the exchange,” the report reads.

Chainalysis further asserts that "ransomware actors may be increasingly abusing mining pools"; citing its data, the company stated that "since the start of 2018, we've seen a large, steady increase in value sent from ransomware wallets to mining pools."

A total of 372 exchange deposit addresses have received cryptocurrency transfers totaling at least $1 million from mining pools and ransomware addresses. Instances like these, in the opinion of the company, point to ransomware criminals trying to pass off their stolen money as earnings from cryptocurrency mining.

Chainalysis said that "this sum is certainly an underestimate," adding that "these exchange deposit addresses have received a total of $158.3 million from ransomware addresses since the beginning of 2018.

Illegal money transfers

Chainalysis cites BitClub as an additional noteworthy instance of cybercriminals using mining pools. BitClub was a notorious cryptocurrency Ponzi scheme that deceived thousands of investors between 2014 and 2019 by making claims that its Bitcoin mining operations would generate significant returns.

The company claims that BitClub Network transmitted Bitcoin valued at millions of dollars to wallets connected to "underground money laundering services" allegedly based in Russia. These money laundering wallets then transferred Bitcoin to deposit addresses at two well-known exchanges over the course of three years.

The same period, between October 2021 and August 2022, saw the transfer of millions of dollars' worth of Bitcoin to the identical deposit addresses at both exchanges by an unidentified Russian Bitcoin mining company.

The cryptocurrency exchange BTC-e, which the U.S. authorities accuse of promoting money laundering and running an illegal money service business, sent money to one of the wallets allegedly linked to the alleged money launderers. Additionally, it has been claimed that BTC-e handled money that was stolen from Mt. Gox, the biggest Bitcoin exchange in the early 2010s.

These accusations led to the seizure of BTC-e by American authorities in July 2017, the removal of its website, and the arrest of its founder, Alexander Vinnik, in Greece the same month.

Prevention Tips

According to Chainalysis, mining pools and hashing providers should put strict wallet screening procedures in place, including Know Your Customer (KYC) protocols, in order to "ensure that mining, which is a core functionality of Bitcoin and many other blockchains, isn't compromised."

The company also believes that these verification processes can successfully stop criminals from using mining as a means of money laundering by using blockchain analysis and other tools to confirm the source of funds and rejecting cryptocurrency coming from shady addresses.

Genesis Market: The Fall of a Cybercrime Website



 

Vulnerabilities and Exploits.

Advance Tools BBC Blockchain FBI Money Laundering Ukraine Vulnerabilities and Exploits.

Genesis Market: The Fall of a Cybercrime Website

Law enforcement agencies worldwide have dealt a blow to the criminal underworld with the takedown of Genesis Market, a notorious website used to buy and sell stolen data, hacking tools, and other illicit goods and services. The investigation involved coordinated efforts by the FBI, UK National Crime Agency, Dutch Police, Europol, and other partners.

According to BBC News, Genesis Market had over 500,000 users and 250 vendors, with estimated earnings of $1 billion. The site operated on the dark web, using sophisticated encryption and anonymity technologies to evade detection. However, its operators made a critical mistake by reusing passwords and allowing law enforcement to seize control of the domain.

The shutdown of Genesis Market is a significant victory for law enforcement agencies in the fight against cybercrime. A spokesperson for the FBI said, "This operation sends a clear message to cybercriminals that law enforcement will work tirelessly to identify, investigate and bring them to justice."

As reported by Radio Free Europe, the bust also resulted in the arrest of several individuals linked to the site, including its alleged administrator, who was apprehended in Ukraine. The suspects face charges of cybercrime, money laundering, and other offenses, and could face lengthy prison terms if convicted.

The investigation into Genesis Market highlights the ongoing threat of cybercrime, which has become a lucrative and increasingly sophisticated industry. The site was just one of many platforms used by criminals to exploit vulnerabilities in technology and networks and to profit from the theft and abuse of sensitive data.

However, the successful takedown of Genesis Market also demonstrates the power of collaboration and technology in fighting cybercrime. Europol praised the joint efforts of law enforcement agencies, which utilized advanced tools such as blockchain analysis, malware reverse engineering, and undercover operations to infiltrate and disrupt the site.

ChipMixer: Cryptocurrency Mixer Taken Down After ‘Laundering $3bn in Cryptocurrency’



 

Russian intelligence

APT28 ChipMixer cryptocurrency cryptomixer Cyber Fraud Europol FBI German Police Homeland Securities Investigation Identity Theft Money Laundering Russian intelligence

ChipMixer: Cryptocurrency Mixer Taken Down After ‘Laundering $3bn in Cryptocurrency’

Darknet cryptocurrency mixer, ChipMixer has been shut down as a result of a sting conducted by Europol, the FBI, and German police, which investigated servers, and internet domains and seized $46 million worth of cryptocurrency.

During the raid, it was discovered that wallets connected to North Korean cybercriminals and Russian intelligence services had evidence of digital currencies.

The US criminal prosecutors have booked a Vietnamese man they claim to have run the service since its August 2017 creation. Potentially contaminated funds are gathered by mixers and sent at random to destination wallets.

Minh Quoc Nguyen, 49, of Hanoi has been accused of money laundering, operating an unlicensed money-transmitting business, and identity theft. The FBI has included him on the wanted criminal list.

Criminals laundering more than $700 million in bitcoin from wallets identified as stolen funds, including money taken by North Korean hackers from Axie Infinity's Ronin Bridge and Harmony's Horizon Bridge, were among the service's customers.

It has also been reported that APT28, the Russian military intelligence, and Fancy Bear also utilized ChipMixer in order to buy infrastructure used from Kremlin Drovorub malware. Moreover, according to Europol, the Russian RaaS group LockBit was also a patron.

ChipMixer joins a relatively small group of crypto mixers that have been shut down or approved, enabling criminals to conceal the source of the cryptocurrency obtained illegally. The list presently includes Blender.io, which was probably renamed and relaunched as Sinbad, and Tornado Cash, a favorite of cybercriminals that helped hackers launder more than $7 billion between 2019 and 2022.

The Federal Criminal Police Office of Germany seized two ChipMixer back-end servers and more than $46 million in cryptocurrencies, while American investigators seized two web domains that pointed to the company.

According to court documents, ChipMixer has enabled customers to deposit Bitcoin, which would then be mixed with other users’ Bitcoin in order to anonymize the currency.

Court records state that ChipMixer allowed users to deposit Bitcoin, which was then combined with Bitcoin from other users to make the currency anonymous. But, this mixer took things a step further by converting the deposited money into tiny tokens with an equal value called "chips," which were then combined, further anonymizing the currencies and obscuring the blockchain trails of the funds. This feature of the platform is what attracted so many criminals.

The domain now displays a seizure notice, stating: “This domain has been seized by the FBI in accordance with a seizure warrant.”

“Together, with our international partners, we are firmly committed to identifying and investigating cybercriminals who pose a serious threat to our economic security by laundering billions of dollars’ worth of cryptocurrency under the misguided anonymity of the darknet,” adds Scott Brown, special agent in charge of Homeland Securities Investigations (HSI) Arizona.

How Threat Actors Are Changing Money Laundering Campaigns



 

Money Scam

Crypto Currency Cyber Crime Money Laundering Money Scam

How Threat Actors Are Changing Money Laundering Campaigns

Change in the money-laundering game

It is next to impossible to locate the exact amount of money that's been laundered globally, conservative estimates suggest anywhere between $800 million to $2 trillion. This is just the tip of the iceberg. It's a crime that fuels some of the world's most dangerous criminal operations.

It's also a tactic threat actors use to cover up their tracks and the profits they make from campaigns like large-scale ransomware attacks. The increase of cryptocurrency has also allowed cybercriminals to avoid getting caught.

Financial enterprises, cryptocurrency companies, and other institutions have to pay fines for not being able to root out money laundering as regulators and government agencies worldwide try to crack down on this major challenge.

The bad news is that as we move toward 2023, automation is going to make the situation only worse. We can expect a rise in money laundering as-a-service. The good news is that there are ways to fight this problem and collectively mitigate cyber criminals' ability to operationalize.

The Crypto money laundering case

A go-to tactic by threat actors looking to advance in ranks is using 'money mules.' Money mules are individuals that help launder money- sometimes, unknowingly. They're often baited under promises of legitimate jobs and false pretenses, only to find later that the job is to help launder profits from cybercrime.

Traditionally, money laundering was done through anonymous wire transfer services. These transfers can be tracked easily by law enforcement agencies and regulators. Nowadays, cybercriminals have shifted to using cryptocurrency.

A lack of regulatory supervision along with anonymous transactions, make it the ideal platform for money laundering. A Chainalysis report discovered that cybercriminals laundered $8.6 billion in cryptocurrency in 2021. It's a 30% increase since that year.

Rise in money-laundering recruitment campaigns

Making recruitment campaigns for money mules takes a lot of time and resources. To hide their true purpose, threat actors will sometimes go to great extents and build genuine-looking websites for fake companies and also post fake job openings to make the business look authentic.

But machine learning (ML) and automation will make the process much easier and quicker. ML can effectively target potential recruits in less time. We can also expect a few manual campaigns replaced with automatic services that will allow cybercriminals to launder money through layers of crypto exchanges- it's going to make the process fast and difficult to track. It also means that it will be hard to recover stolen money.

Together, these tactics make 'money-laundering-as-a-service' (MLaaS), and it's going to be another weapon in the cybercrime inventory.

Combatting new money-laundering challenge

While threat actors will look for any means possible to launch an attack and launder money easily, it doesn't mean that we have to accept the situation as it is.

The biggest factor in fighting the MLaaS is going to include public-private collaboration on a massive scale. Companies across the globe can share threat intelligence with each other, helping to build a secure defense.

Dark Reading says, "it must be reiterated that cyber hygiene and education must be prioritized as well. No matter the type of organization you're in or the role you're in, this is essential for everyone. Everyone can play a key role in helping keep organizations safe from bad actors. This includes things like more digital literacy — and how to recognize a too-good-to-be-true job ad for the scam it really is. And of course, there's the concept of fighting fire with fire — as bad actors adopt more automation and ML-based approaches, so, too, must defenders."

Ex Uber Employee Made 388 Fake Driver Profiles, Duped Company of Rs 1.17 Crore



 

uber

Cyber Attacks Fraud Identity Theft Money Laundering Scam uber

Ex Uber Employee Made 388 Fake Driver Profiles, Duped Company of Rs 1.17 Crore

Ex Employee dupes Uber of Rs 1.17 Crore

A former Uber employee has been charged for duping the company of Rs. 1.17 crore by making 388 fake driver profiles and putting them on the company's server. The money was then transferred to only 18 bank accounts linked with these fake profiles. The accused was working with the company till December 2021 as a contractor. Uber's authorized signatory lodged the complaint in April last year. The accused's job was to look over driver payments and update the information of the authorized drivers in the company's spreadsheet so that the money could be transferred to the respective accounts.

FIR registered

Uber during its inquiry, discovered that out of the 388 fake driver profiles, 191 profiles were made using the same IP addresses associated with the accused man's system.

"To avoid inconveniencing driver partners, a spreadsheet is automatically uploaded regularly. A large number of transactions were processed by this automated spreadsheet and the accused was responsible for updating the details of the driver-partner accounts to be paid," Uber said in the complaint. The man created and made various fake driver partners’ accounts in the spreadsheet.

According to the police, the accused has been booked under sections 408 (criminal breach of trust by a servant), 420 (cheating), 477-A (falsification of accounts), and 120-B (criminal conspiracy) of the IPC.

The Uber complaint further read "191 cases out of 388 cases matched with the IP addresses used by Viney Gera to log into his work computer on the same day as the creation of the accounts. In the above manner, a total amount of Rs 1,17,03,033 has been fraudulently paid to these fake driver partners into only 18 bank accounts."

PTI quotes Inspector Deepak Kumar, SHO, Sushant Lok Police Station said "we are investigating the matter and the accused will be arrested as soon as possible," PTI reports.

Handling of driver partner payments

An Indian Express report explained how Uber handles driver payments when their accounts show a negative balance. A negative balance in an Uber driver's account means payment is overdue. This is removed when the driver pays the amount to the company. After this, a positive payment is credited to the partner's account, and the details of the transaction are updated in a spreadsheet.

The data (company spreadsheet) is then "uploaded to an Uber Payment Tool through an automated python script." The upload adds a positive balance to the driver partner's account to remove arrears that allow the driver to drive again.



 

User Privacy

Data Breach LockBit 2.0 ransomware Money Laundering Ransomware Attacks. User Privacy

Expansion of the LockBit Ransomware

To keep the masses notified about potential threats, the Cybereason Global Security Operations Center (GSOC) Team publishes Cybereason Threat Analysis Reports. The Threat Analysis Reports examine into such threats and offer suggestions for how to defend against them.

LockBit, which was first identified in September 2019, uses the ransomware-as-a-service (RaaS) attack method and targets businesses. The ransomware operators are improving their techniques to disable Endpoint detection and response (EDR) tools and other security solutions.

Variables of the Virus

Using the infrastructure and tools already in place for ransomware, Lockbit RaaS enables affiliates to conduct their own attacks while splitting a portion of the money received.

The affiliates associated with the LockBit gang utilized their own malware and tools to exploit the targets in the first attack that the researchers were able to document, which happened in Q4 2021. The majority of the infections that the researchers examined involved threat actors infiltrating the target networks by taking advantage of a misconfigured service, particularly an RDP port that was left accessible to the public.

The attacker started the reconnaissance work and credentials extraction after gaining the first foothold on the vulnerable network. In this instance, the attackers employed advanced network monitoring tools like Netscan and Mimikatz to find the network's structure and valuable assets.

The researchers describe a second infection that happened in Q2 of 2022. The researchers described the attack's many phases, including the initial compromise, lateral actions, creating durability, upgrading of privileges, and the generation of the ransomware in its final stages.

The attackers made use of net.exe to create domain accounts and grant themselves 'domain administrator' rights. They then exploited these accounts to propagate throughout the victim's network and maintain persistence. The researchers also discovered that the attackers were using Ngrok, a reliable reverse proxy tool that enables them to build a tunnel to servers protected by firewalls.

Additional PCs in the target network were also infected by the threat actors with the malware 'Neshta', a file infector that inserts malicious code into targeted executable files.

Exfiltration of Records

The data was collected and exfiltrated when the LockBit affiliate secured persistent remote access and the necessary credentials. For this, the actors employed three different tools:

Filezilla.exe is used to establish a connection to attacker-controlled remote FTP service.
Data exfiltration using Rclone.exe to a cloud hosting provider associated with 'Mega'.
Data exfiltration tool Megasync.exe to a "Mega"-related cloud hosting provider .

The LockBit affiliate has now fulfilled all the steps required to run the LockBit payload and start encryption:

Through several hacked devices, persistence in the system.
Access to accounts with high privilege.
Gathered and leaked victim info.
List of the most valuable assets discovered through network scans .

Along with Mitre mapping, the experts also discussed signs of vulnerability. LockBit 3.0, which includes significant innovations like a bug bounty program, Zcash payment, and new extortion techniques, was just launched by the Lockbit ransomware operation. The group is now one of the most active ransomware gangs and has been active at least since 2019.

DeepDotWeb Operator Sentenced to Eight Years for Role in $8.4 million Kickback Scheme



 

Money Laundering

Cyber Crime Cyber Scam Dark Web Money Laundering

DeepDotWeb Operator Sentenced to Eight Years for Role in $8.4 million Kickback Scheme

An Israeli national was sentenced to 97 months in prison in connection with operating the DeepDotWeb (DDW), a website that connected internet users with darknet marketplaces.

From 2013, Prihar (37) and co-defendant Michael Phan (34), started operating DeepDotWeb and provided a platform for Dark Web news and links to marketplaces, redirecting visitors to their .onion addresses -- websites that are not available via standard search engines in the clear web.

The conviction of Tal Prihar, 37, was announced last week by the U.S. Department of Justice and U.S. Attorney Cindy K. Chung for the Western District of Pennsylvania for money laundering and was ordered to forfeit $8,414,173, ASUS laptop, iPhone, and accounts at various cryptocurrency exchanges such as Kraken, Binance and OKCoin.

Prihar had pleaded guilty to conspiracy to commit money laundering in March 2021, almost two years after his arrest and the site's seizure, while Phan remains in Israel and is currently undergoing extradition proceedings.

For linking users with the illegal darknet marketplaces, Prihar received a total of 8,155 bitcoins from his affiliate marketing deals with marketplace operators. To conceal the sources of these payments, Prihar converted them to fiat currency and laundered it through other Bitcoin and bank accounts he controlled in the name of shell companies.

"To conceal the nature and source of these illegal kickback payments, Prihar transferred the payments from his DDW bitcoin wallet to other bitcoin accounts and to bank accounts he controlled in the names of shell companies." explains the DoJ announcement.

The investigation into DDW involved the FBI's Pittsburgh Field Office, French authorities, Europol, the IRS, German law enforcement, the Israeli National Police, and the UK's National Crime Agency (NCA), among other organizations.

Additionally, the DoJ also announced the sentencing of an associate of the Dark Overlord hacking group for his role in possessing and selling more than 1,700 stolen identities, including social security numbers, on the dark web marketplace AlphaBay.

Slava Dmitriev, a 29-year-old Canadian citizen who was arrested in Greece in September 2020 and extradited to the U.S. in January 2021, was sentenced to a jail term of three years after he pleaded guilty in August 2021 to fraud charges.

French Authorities Have Detained a Suspect in Case of Money Laundering of €19 Million



 

Ransomware

Clop Ransomware Cyber Attacks Extortion Threat GandCrab money extortion Money Laundering Online extortion RaaS Ransomware

French Authorities Have Detained a Suspect in Case of Money Laundering of €19 Million

This week, French authorities apprehended a suspect under suspicion of laundering more than €19 million ($21.4 million) in ransomware extortion payouts.

Law enforcement agencies have not revealed the accused's name, which has only been recognized as a person from the Vaucluse area in southeast France, and neither the title of the ransomware organization with which he worked.

The detention this week follows as law enforcement agencies throughout the world have started to collaborate and crackdown on ransomware activities following years of recurrent attacks, most of which have disrupted government agencies and private sector organizations on many occasions.

This year has seen several crackdowns targeting ransomware gangs, including:

February – The arrest of Egregor/Maze members in Ukraine.

According to French radio station France Inter, participants of the Egregor ransomware cartel were apprehended in Ukraine. The existence of a law enforcement activity was already verified by sources in the threat intelligence community. The Egregor gang, reportedly began operations in September 2020, follows a Ransomware-as-a-Service (RaaS) strategy. They rent ransomware strain access, but they depend on some other cybercrime gangs to organize attacks into corporate networks and distribute the file-encrypting ransomware.

March – The arrest of a GandCrab affiliate in South Korea.

The arrest of a 20-year-old accused on allegations of spreading and infecting victims with the GandCrab ransomware was announced by South Korean national police. The accused, whose identity has not been revealed, was a client of the GandCrab Ransomware-as-a-Service (RaaS) cybercrime organization. Police described the suspect as an associate — or a distributor — who operated by obtaining copies of the GandCrab ransomware and spreading them via email to victims around South Korea.

June – The arrest of a group of Ukrainian money launderers who worked with the Clop gang.

Representatives of the Clop ransomware gang, who were apprehended in Ukraine as part of an international law enforcement operation, also provided money-laundering facilities to other cybercrime organizations. The group was involved in both cyber-attacks and "a high-risk exchanger" that laundered funds for the Clop ransomware gang and other criminal groups, according to cryptocurrency exchange portal Binance.

September – Sanctions against Suex, a Russian crypto-exchange used to process ransomware

Suex, a cryptocurrency exchange incorporated in the Czech Republic but managed by Russia, was sanctioned by the US Treasury. According to a blockchain analysis company, Suex has assisted ransomware and other cybercrime organizations in laundering more than $160 million in stolen assets. Suex has aided in the processing of ransom payments to gangs like Conti, Ryuk, and Maze.

October – The arrest of 12 suspects behind the LockerGoga ransomware.

According to Europol, twelve members of a ransomware cell were apprehended in Ukraine and Switzerland. The accused are suspected of orchestrating the ransomware attack that damaged Norsk Hydro in 2019, the organization was linked to 1,800 ransomware assaults in 71 countries.

November – The arrest of a REvil affiliate in Ukraine for the Kaseya attack.

The US Department of Justice charged a 22-year-old Ukrainian national with coordinating the ransomware assaults against Kaseya servers on July 4th of this year.

December – The arrest of a Canadian citizen for the attack against an Alaskan healthcare provider.

Since 2018, Canadian authorities had jailed an Ottawa resident on suspicion of organizing ransomware attacks on commercial companies and government agencies in Canada and the United States.

Interpol Collaborated International Operation- 'HAEICHI-II'



 

Money Laundering

Cyber Crime HAEICHI-II Interpol Operation Money Laundering

Interpol Collaborated International Operation- 'HAEICHI-II'

The International Criminal Police Organization commonly known as the Interpol has run a collaborated international operation, ‘HAECHI-II’ that led to the arrest of 1,003 criminals while intercepting a total of nearly USD 27 million of illicit funds, which were found to be linked to various cyber-crimes such as investment frauds, romance scams, online money laundering, and illegal online gambling. The organization has published more than 50 notices relating to Operation HAECHI-II and discovered 10 new fraudulent schemes.

The operation that ran for over four months from June to September 2021 — according to the sources — collaborated between specialized police forces coming from 20 countries including the Hong Kong police unit, Angola, Brunei, Cambodia, Colombia, China, India, Indonesia, Ireland, Japan, Korea (Rep. of), Laos, Malaysia, Maldives, Philippines, Romania, Singapore, Slovenia, Spain, Thailand, Vietnam, and Macao.

During the operation, Interpol researchers used a new global stop-payment mechanism named as Anti-Money Laundering Rapid Response Protocol (ARRP), which allows researchers to intercept and recover illicit funds.

The officers blocked 2,350 individuals’ bank accounts that were linked to the illicit proceeds of online financial crime and intercepted over 27 million dollars.

“The results of Operation HAECHI-II show that the surge in online financial crime generated by the COVID-19 pandemic shows no signs of waning,” said INTERPOL Secretary General Jürgen Stock.

“It also underlines the essential and unique role played by INTERPOL in assisting member countries combat a crime which is borderless by nature. “Only through this level of global cooperation and coordination can national law enforcement effectively tackles what is a parallel cybercrime pandemic,” added Secretary General Stock.

HAECHI-II is the second operation in a three-year effort to take down certain types of financially motivated cybercrimes, such as illegal online gambling and romance scams.

Headquartered in Lyon, France — Interpol is popularly known for its work and operations relating to the prevention and suppression of crimes. The organization provides worldwide police cooperation and crime control, it is the world's largest international police organization, with seven regional bureaus worldwide and a National Central Bureau in all 195 member states.

Cyber Criminals Using a New Darknet Tool to Escape Detection



 

Technology

Bitcoin Crypto Currency Darknet Digital Money Money Laundering Technology

Cyber Criminals Using a New Darknet Tool to Escape Detection

There has been an ongoing war between criminals and authorities in cyberspace for years. Although cryptocurrencies are anonymous in nature, new techniques for tracking funds around the cryptocurrency blockchain have led to the arrest of dozens of cyber-criminals in the previous two years.

But recently a new website has surfaced on the darknet that allows criminals to assess how "clean" their digital currencies are.

Dr. Tom Robinson, chief scientist and founder at analysis provider Elliptic, who discovered the website explained, "We're seeing criminals start to fight back against blockchain analytics and this service is a first."

"It's called Antinalysis and criminals are now able to check their own Bitcoin wallets and see whether any association with criminal activity could be flagged by authorities."

According to Elliptic, the finding demonstrates how complex cybercrime networks are becoming and how concerned criminals are about being detected.

"It's a very valuable technique. If your funds are tainted, you can then do more laundering and try to remove that association with a criminal activity until you have clean coins," he said.

According to Dr. Robinson, this new trend is concerning that could make their work and law enforcement difficult. However, as per the researchers who examined it, the service isn't functioning very well right now.

"It actually wasn't very good at identifying links to criminal sites. However, it will inevitably improve over time. So I think this is going to be a significant capability for criminals and money launderers in the future."

Authorities all across the world, including China, the United Arab Emirates, and the United Kingdom, are attempting to address the rising problem of money laundering using cryptocurrencies. Cryptocurrency monitoring has resulted in several high-profile arrests, such as US teenager Graham Ivan Clark, who is presently in prison for plotting one of the largest-ever social media hacks.

Last year, on July 15, Clark hacked into the accounts of dozens of celebrities, including Kim Kardashian, Elon Musk, Bill Gates, and Joe Biden, on Twitter.

"Everyone is asking me to give back," Mr. Gates stated in a tweet purportedly sent from his account. "You send $1,000, and I send you $2,000 back." After that, Clark and his hacking team tweeted an ad for a cryptocurrency fraud, which resulted in hundreds of transfers from people wanting to profit from the fraudulent giveaway.

Clark gained more than $100,000 (£72,000) in only a few hours and began the process of transferring the money around to cover his tracks. He is now 18 years old, pleaded guilty, and is currently serving a three-year sentence in a Florida jail.

The growing usage of so-called privacy coins is another trend that authorities are concerned about. Cryptocurrencies like Monero, for example, provide more secrecy than popular coins like Bitcoin.

Hackers are now urging victims to pay with these currencies in return for a discount in some extortion incidents. This is a trend that is yet to completely take off, and Kim Grauer, director of research at bitcoin monitoring firm Chainalysis, believes that this technique offers disadvantages for criminals.

"Privacy coins haven't been adopted to the extent that one may expect. The primary reason is they aren't as liquid as Bitcoin and other cryptocurrencies. Cryptocurrency is only useful if you can buy and sell goods and services or cash out into mainstream money, and that is much more difficult with privacy coins."

Uttarakhand, India Special Task Force Exposed a China Based Money Laundering Racket



 

Money Laundering

China Cyber Fraud India Money Laundering

Uttarakhand, India Special Task Force Exposed a China Based Money Laundering Racket

The Police of Uttarakhand, India claimed that the web racket has duped naïve investors with at least 250cr Rs by guaranteeing to almost double their money in just 15 days but rather by turning it out in the cryptocurrency.

Pawan Kumar Pandey was detained on a Monday night from Gautam Buddh Nagar, Noida a district in Uttar Pradesh, who is accused of running a ghost corporation to transfer his defrauded money to his alleged "handler in China." He has been caught with his 19 laptops, 592 SIM, 5 mobile phones, 4 ATM cards, and a passport.

Uttarakhand police chief (DGP) Ashok Kumar said that after two Haridwar locals, Rohit Kumar and Rahul Kumar Goyal had complained about this scam the racket was scrutinized.

“A week ago, they claimed that one of their friends told them about a mobile app on Google Play Store named Power Bank, which doubled returns on investment within 15 days. Believing him, they downloaded the app and deposited ₹91,200 and ₹73000,” said Kumar.

However, after one month of making the deposit, when they didn't receive any returns, they realized that they were tricked, he added.

The special task force launched a test to find out that the relevant mobile app was available on the Google Play Store from February 2021 to May 12, 2021, during which a minimum of 50 lakh individuals installed the application. Police also established that the money deposited through the app was moved to the detained person's bank accounts via payment gates.

He said the money was subsequently converted into cryptocurrencies. The application was connected to China during the cyber forensic examination, where Pandey's operators reside. They used to cash the cryptocurrencies into their local currencies to complete the money laundering chain, that began with the Indians being duped by the app.

“In this case too, they partnered with Pandey and used his identity documents to register a shadow company with the Registrar of Companies (RoC) and to open two bank accounts, where the money siphoned off from the victims was deposited. They opened a shadow company in Noida named Purple Hui Zing Zihao. Pandey was registered as the company’s owner and the firm was shown as the developer of the fraudulent app,” said Bharne, Uttarakhand’s deputy inspector general (law & order).

Pandey added that though he earned commissions from the Chinese accused, the bank accounts and the business was handled remotely. He had received a salary payment of 1.50 lakh from the Chinese. He also told cops that his operators are using the same modus operandi, as there are many other identical apps. Initially, however, the accused doubled certain investments to win the confidence of future investors.

“We have taken at least 20 such shadow companies under our radar for suspected fraudulent activities like the above-mentioned one. We have received 20 other similar complaints from people in the state and they [the complaints] are under probe,” the senior police officer said.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Showing result(s) for

Popular Posts

Pages

Menu Item

The Setup

The Deception

The Money Transfer

The Aftermath

The digital arrest is fake: DCP

RBI and NPCI warn users

What is a Mule account?

Tricking of customers

How to be safe?

The US Targets Another Cryptocurrency Exchange

Use of Cryptocurrency in Illegal Activity Falls to Record Lows

Change in the money-laundering game

The Crypto money laundering case

Rise in money-laundering recruitment campaigns

Combatting new money-laundering challenge

Ex Employee dupes Uber of Rs 1.17 Crore

FIR registered

Handling of driver partner payments