CipherTrace: Cryptocurrency exchange thefts triple in 2018

CipherTrace AML 2018 Q2 report

CipherTrace: Cryptocurrency exchange thefts triple in 2018

Set up your BitMEX trading account in 30-seconds


CipherTrace bitcoin forensicsThefts from cryptocurrency exchanges tripled in the first six months of 2018 compared with all of 2017 according to a new report from cybersecurity firm CipherTrace.

The report shows that more than $761 million was stolen from digital currency exchanges halfway through 2018 compared with $261 million stolen in 2017.

In the past two years, a total of $1.2 billion has been taken by cybercriminals and at the current pace, could reach $1.5 billion by the end of 2018 alone.

Key AML takeaways

The CipherTrace report provides valuable insight into how criminals are using cryptocurrency for crime:

  1. Bitcoin Fog anoymizer serviceIn Q1 and Q2 of 2018, nearly three times as much cryptocurrency was stolen as in all of 2017
  2. Cyber extortionists, dark markets and ransomware perpetrators prefer bitcoin
  3. Crypto money laundering is enabled by mixers, chain hopping and privacy coins
  4. US FinCEN will enforce Anti-Money Laundering (AML) regulations globally
  5. AML regulation and international cooperation is an FATF priority.

$1.5 billion lost in ransomware attacks

Future of cryptocurrency in the EU

CipherTrace says more than $1.5 billion was stolen by hackers from cryptocurrency exchanges and in ransomware attacks in the past two years according to the latest  US Treasury’s Financial Crimes Enforcement Network (FinCEN) research.

Bitcoin and other virtual currencies have attracted increased criminal attention because of their anonymity and the speed and ease of laundering money on the internet without using banks or other financial intermediaries.

Most popular criminal activities include crypto-jacking using malware, thefts of private keys, ransomware, and brute force attacks on blockchain networks.

How is money laundered on the internet?

The report describes how cybercriminals use technology to launder money.

CipherTrace money launderingThe first step is “Layering” where hackers gather proceeds of cryptocurrency crime by private key robbery, e-crime, ransomware payments, cryptocurrency exchange theft, identity theft and online drug sales.

The pool of “dirty” virtual currencies is then laundered by using technology with mixers, tumblers and chain hopping which blends together the proceeds making it nearly impossible for law enforcement officials to track.

The next step towards “clean” money is “Integration” where money laundering mixers, tumblers, foggers in cryptocurrency laundering services are used to cite the source of proceeds.

Some of the popular money laundering services include, Bitblender, Bitcloak, BitcoinFog, BitLaunder, BitMix.Biz, Bitmixer,, Coinmixer,, DarkLaunder, Helix, Helix2, Helixlight, HelixMixer, Outlawtumbler, Penguinmixer and

Secret Service staying ahead of cybercriminals


On June 20, 2018, the Secret Service announced it had “seized over $28 million in cryptocurrencies in the course of our criminal investigations, primarily in the form of Bitcoin FY 2015 to present.”

In testimony before Congress, US Secret Service Deputy Assistant Director Robert Novy said “It is critical that the United States continues to work internationally to improve controls related to digital currency through organizations like the Financial Action Task Force. We should also consider additional legislative or regulatory actions to address potential challenges related to anonymity-enhanced cryptocurrencies, services intended to obscure transactions on blockchains (i.e., cryptocurrency tumblers or mixers) and cryptocurrency mining pools.”

In his testimony, Novy pointed to the notorious BTC-e exchange which handled more than $4 billion worth of digital transactions between 2011 and 2017:

“BTC-e processed transactions involving the criminal proceeds of numerous computer intrusions and hacking incidents, ransomware scams, identity theft schemes, corrupt public officials and narcotics distribution rings. BTC-e also allegedly facilitated the exchange of roughly 95% of ransomware payments, according to a non-government report.”

Gambling sites launder money

DOJ busts money laundering criminalsCryptocurrency gambling sites are frequently used to launder money. With an estimated 200 sites and more popping up all the time, it’s easy for criminals to deposit funds, make a few bets and then withdraw the amount to deposit into a cryptocurrency exchange or hide funds elsewhere.

While many cryptocurrency exchanges are subject to know-your-customer and anti-money-laundering regulations, gambling sites are mostly unregulated.

Tighter KYC/AML rules coming

Internet anonymity makes KYC challengingThe Office of Foreign Assets Control (OFAC) publishes a list of individuals, companies, addresses, bank accounts and countries US companies are not permitted to do business. OFAC plans to add cryptocurrency addresses to this list in the near future.

All in all, there are big challenges ahead for controlling cryptocurrency crime. As new technologies evolve, hackers move quickly to take advantage, and regulators and law enforcement are constantly playing catch-up in order to combat cybercrime.

The CipherTrace 2018 Q2 Cryptocurrency Anti-Money Laundering Report makes interesting reading and is available at no charge here.