Why hackers are now using mining pools as mixers; Chainalysis reveals

As the cryptocurrency industry keeps evolving, tactics that bad actors use to conceal their illicit gains are evolving. Cyber hackers increasingly use crypto mining pools to divert their criminal proceeds, according to a recent report by blockchain analytics firm Chainalysis.


Sophisticated money laundering


Regions like Iran that have been sanctioned have reportedly turned to crypto mining to make money outside the traditional financial system. Mandiant, a cybersecurity company, has also revealed that Lazarus Group, a North Korean cybercriminal syndicate, is money laundering using cryptos like Bitcoin to access newly-minted crypto through cloud mining and hashing rental services.

Cloud mining services work such that they allow users to rent a computer system to utilize its hash power to mine cryptos without necessarily owning the mining hardware. These cyber criminals take the stolen crypto, use it to mine coins, and then launder it. According to Chainalysis, an unnamed “mainstream exchange” got much money from mining pools and wallets associated with the ransomware.

One of the deposit addresses indicated that it had received $94.2 million. The ransomware addresses contributed $19.1 million, while mining pools contributed $14.1 million. However, Chainalysis discovered that the ransomware wallet funds came from a mining pool both indirectly and directly in some cases.

According to the report, the move was a complex attempt at money laundering. In this case, cybercriminals use the mining pool to route payments to their preferred exchange, preventing compliance alarms from being activated. Mining pools, on the other hand, acted as a crypto mixer to obscure the fund’s origin. Observers believe the funds came from mining but are instead from a ransomware attack.



Escaping scrutiny from authorities


According to Chainalyis, the use of mining pools for money laundering by bad actors has been on the rise. Since 2018, there has been a steady rise in the crypto sent to mining pools from crime-related wallets based on Chainalyis data. About $1 million has been transferred in crypto to mining pools from these ransomware addresses to 372 deposit addresses on exchanges.


Cumulative value sent from ransomware addresses to services | Source: Chainalysis


As the firm reports, the data suggests that the ransomware actors are looking to make their funds appear as if from crypto mining. Since 2018, exchange deposit addresses have received $158.3 million from the bad actors and stressed that the figure might be underestimated.

Chainalysis has identified BitClub, a crypto Ponzi scheme that promised investors enormous returns from Bitcoin mining and never delivered, as one of the cybercriminals. The platform sent millions of dollars in Bitcoin to wallets associated with money laundering. These wallets moved Bitcoin to addresses at two well-known exchanges over three years.

Meanwhile, an unidentified Bitcoin mining firm in Russia deposited millions of dollars in Bitcoin to similar deposit addresses between October 2021 and August 2022.

One of the wallets also received money from BTC-e, a digital asset exchange accused of aiding money laundering activities and being unlicensed to carry out money service businesses. The exchange was also involved in handling Mt Gox’s funds.

In July 2017, United States authorities seized BTC-e due to these allegations by the U.S. authorities and took down the website. Alexander Vinnik, the founder, was arrested a month later.

According to Chainalysis, the money launderers, in this case, mixed funds from BTC-e and BitClub, intending to make the source of the funds look like they were from mining. Meanwhile, deposit addresses that might be associated with the launderers received about $1 billion in crypto from scam-related wallets since 2018.


Employing stricter procedures


In response to this growing issue, Chainalysis stated that there is a solution to ensure mining safety. Mining pools and hashing services could establish wallet screening methods such as Know Your Customer (KYC) standards.

Chainalysis underlines the need to use blockchain analysis and the tools available to authenticate the source of payments. By employing these screening techniques, mining pools can effectively dissuade cyber criminals from using their platforms for money laundering. Hence, the crypto community can protect itself from the malicious activities of hackers and maintain a trusted environment for users.



Final thoughts


Using mining pools as mixers to launder ill-obtained money is becoming more common as the crypto industry evolves. The Chainalysis report is a wake-up call for the crypto community to implement screening processes and measures such as Know Your Customer. Knowledge of the source of funds and rejecting crypto from illicit addresses can help curb money laundering.

Meanwhile, as the crypto industry evolves, all players must remain vigilant and stay ahead of bad actors. Furthermore, the industry can foster a safe, transparent, legitimate environment for crypto trades and mining.