Cryptocurrency mining is an important element of the economy. Still, it also has a specific allure to criminal actors because it allows them to obtain money from an excellent on-chain original source according to .
Due to these qualities, highly sanctioned nation-states such as Iran have adopted cryptocurrency mining to generate wealth outside the established financial system.
Nation-state actors aren’t the only ones who use crypto mining to improve their money-laundering skills.
There have been reports of traditional crypto thieves doing the same technique.
The following are instances of ransomware perpetrators and crypto scammers who seem to be using mining pools for money laundering, as well as estimates of the scale of this activity.
The First Instance: The earnings of ransomware and mining are mixed together at a high-balance exchange deposit address.
The first is a particularly active deposit address at a prominent exchange that has obtained large amounts from mining pools and ransomware wallets.
$19.1 million of the $94.2 million in cryptocurrency delivered to this deposit address has come from ransomware addresses, while $14.1 million has come from mining pools.
Numerous ransomware actors are detected sending funds to the deposit address using intermediate wallets.
The interaction between Ransomware Wallet 4 and Mining Pool 3 is at the bottom of the graph. On the other hand, it is quite intriguing.
Both the ransomware wallet and the mining pool used intermediaries to send large sums to the exchange deposit address.
However, in certain situations, the ransomware wallet has delivered payments to the mining pool directly or through middlemen.
Also read, Crypto Thieves Stole $3.8 Billion in 2022 – Chainalysis Report
This could be a clever approach to money laundering in which the ransomware actor uses the mining pool to transfer payments to its favored exchange with the goal to prevent activating compliance warnings at the exchange.
In this situation, the mining pool functions similarly to a mixer in that it conceals the source of funds (remember, you are unable to track crypto through services, including mining pools) and provides the impression that the payments are the result of mining rather than ransomware.
Data reveals that ransomware perpetrators are increasingly abusing mining pools. Since the beginning of 2018, there has been significant and consistent growth in money transferred from ransomware wallets to mining pools.
This uptick could suggest that more ransomware attackers are directing payments to exchanges through mining pools.
Overall, money is being transferred from ransomware wallets to exchange deposit addresses that get considerable sums from mining pools.
Although this activity should be easy to detect, it’s likely that in the circumstances like these, ransomware attackers are attempting to pass off their own cash as mining revenue, despite the fact that the funds haven’t been passed through a mining pool.
372 exchange deposit addresses received at least $1 million in cryptocurrencies from mining pools and any amount from ransomware addresses.
Since the beginning of 2018, these exchange deposit addresses have received $158.3 million from ransomware addresses, representing an important proportion of the total value transferred to exchanges by all ransomware addresses throughout the time frame studied.
Bear in mind, however, that this number may be an underestimation and will continue to increase as more ransomware addresses associated with this activity are identified.
In general, the evidence implies that mining pools may play an important part in the money laundering strategy of many ransomware operators.
The Second Instance: A money launderer combines Bitcoin obtained through schemes with mining profits
The second case is two wallets affiliated with money launderers who transferred millions of dollars worth of Bitcoin connected with the infamous BitClub Network fraud to popular exchanges.
Between 2014 and 2019, BitClub Network defrauded investors out of hundreds of millions of dollars with misleading claims of Bitcoin mining operations that would pay out significant profits, until its administrators were charged by the US Department of Justice.
Before the indictment, BitClub Network sent millions of dollars in Bitcoin to accounts affiliated with hidden money laundering firms operating in Russia.
Those money laundering wallets transferred Bitcoin to deposit addresses at two major exchanges over the next three years.
From October 2021 and August 2022, a Russia-based Bitcoin mining business also transferred millions of dollars in Bitcoin to identical sets of deposit addresses at both exchanges.
From March 2017 and November 2018, one of the money laundering wallets also got monies from BTC-e, which were also routed to the identical deposit addresses utilized to launder BitClub Network payments. BTC-e and BitClub also transferred funds to one another in 2017.
BTC-e was a Russia-based cryptocurrency exchange that closed down in 2017 for facilitating money laundering, notably the transfer of cash looted in the notorious Mt. Gox hack.
It’s probable that the money launderers in this particular instance purposefully mixed monies from BitClub and BTC-e with those earned through mining to make it appear that all the funds supplied to the two exchanges were earned through mining.
The data reveals that similar to ransomware, other crypto fraudsters, and money launderers operating on their behalf are also utilizing mining pools as part of their money laundering operation.
Since 2018, payment addresses matching those characteristics have gotten just about $1.1 billion in cryptocurrencies from scam-related accounts.
Don’t miss important articles during the week. Subscribe to blockbuild weekly digest for updates.
