Comment
Author: Admin | 2025-04-28
Funds from mining pools. While this activity should be easier for exchanges to catch, it’s possible that in cases like these, ransomware actors are trying to pass off their own funds as mining proceeds, even though they’re not first moving the funds through a mining pool. In total, 372 exchange deposit addresses have received at least $1 million worth of cryptocurrency from mining pools and any amount from ransomware addresses. The chart below shows how much those deposit addresses have received from ransomware addresses since January 2018.These exchange deposit addresses have received $158.3 million from ransomware addresses since the start of 2018, which is a significant share of the total value sent to exchanges by all ransomware addresses during the time period studied — and keep in mind, this figure is likely an underestimate, and will grow as we identify more ransomware addresses involved in this activity. Overall, the data suggests that mining pools may play a key role in many ransomware actors’ money laundering strategy. Example 2: Money launderer mingles Bitcoin from scams with mining proceedsThe second example concerns two wallets associated with money launderers who have moved millions of dollars’ worth of Bitcoin associated with a notorious scam, BitClub Network, to mainstream exchanges. BitClub Network bilked investors out of hundreds of millions of dollars between 2014 and 2019 with false promises of Bitcoin mining operations that would pay out enormous returns, until its administrators were indicted by the U.S. Department of Justice. Earlier in 2019 and prior to that indictment, BitClub Network moved millions of dollars’ worth of Bitcoin to wallets associated with underground money laundering services we believe to be based in Russia. Over the next three years, those money laundering wallets moved Bitcoin to deposit addresses at two mainstream exchanges. Within that time period — specifically, between October 2021 and August 2022 — a Russia-based Bitcoin mining operation also moved millions of dollars’ worth of Bitcoin to the same sets of deposit addresses at both exchanges. We can see this activity on the Reactor graph below.Interestingly, one of the money laundering wallets also received funds from BTC-e, which were also funneled to the same deposit addresses used to launder BitClub Network funds between March 2017 and November 2018. BTC-e and BitClub also sent funds to one another back in 2017. BTC-e was a Russia-based exchange shut down in 2017 for facilitation of money laundering, including the laundering of funds stolen in the infamous Mt. Gox hack.We believe it’s possible that the money launderers in this case purposely mingled funds from BitClub and BTC-e with those gained from mining in order to make it look like all of the funds sent to the two exchanges came from
Add Comment