Among the findings of a new Chainalysis report, published Monday, is that just two groups of hackers could be responsible for the bulk of attacks seen on cryptocurrency exchanges, thus far. 

The blockchain analysis company’s Crypto Crime Report – which looks into “increasingly sophisticated hacks, Darknet Markets and Scams” posits the theory that just two “prominent, professional” gangs are the source of something around six of every 10 reported exchange hacks, a crime spree that could have netted them as much as a billion dollars. Chainalysis, however, has attempted to go some way beyond just charting the hacks and the amounts involved, in looking to establish a modus operandi for the perpetrators, and their methods for “cashing out” their ill-gotten gains. 

On average, the report asserts, the hacks it traced from the two key players were worth an eye-watering $90 million each, on average. After initially seizing the funds, Chainalysis says hackers begin to navigate the funds between “a complex array of wallets and exchanges” in order to obfuscate the source of the crypto-assets. 

This, on average, involves something in region of 5,000 different transactions in each case. Then, typically, the hackers wait for interest in their activities to die down a little before quickly moving to fiat conversion. 50% of funds are liquidated in 112 days, 75% by 168 days. 

Different Actors, Different Goals

While the ends seem similar, there appears to be very different philosophies at play behind the scenes. Chainalysis appears to be pinning its ‘two group’ theory somewhat on what it perceives as a difference in goals between the bad actors. For example, the report describes the group it names ‘Alpha’  as “a giant, tightly controlled organisation partly driven by non-monetary goals,” that appears “as eager to create havoc as to maximize profits.” 

Group two, ‘Beta’ is the “less organised” of the two, but more focused on maximising the monetary gain from their endeavours. It moves money less, but waits longer before cashing out. When the time comes, however, often well over six months after the initial heist, it moves quickly upon just one exchange. Chainalysis highlights one such instance, when Beta managed to funnel $32 million into cash during a very short window of operations. 

Organized Crypto Crime

The work undertaken to produce this new insight into Crypto-crime somewhat backs up the narrative offered by cybercrime analysts Group-IB in late 2018. Its October report, Hi-Tech Crime Trends, identified hacker group Lazarus – which it describes as a state sponsored concern – as being responsible for $571m worth of stolen crypto during the time of its study, including the massive $500m+ haul of NEM lifted from Japanese exchange Coincheck in January of last year. 

Whether the allegedly North Korean-funded Lazarus group equates to the Alpha or Beta side of the criminal coin flipped by Chainalysis is unclear; but talk of a highly organized group, equally as interested in creating problems as it is in the money, would certainly fit the bill. Especially in the wake of claims from Autumn of last year, made by sources speaking to the Asia Times in the wake of the charges against Park Jin Hyok, relating to some of the biggest cyber-attacks of recent years – including the WannaCry ransomeware attacks of 2017 and the hacking of Sony Pictures in 2014. 

Those sources asserted that North Korea was increasingly looking to cryptoassets as a method of circumventing US sanctions on the country, a theme that has emerged during the last year with Venezuela’s introduction of the Petro cryptocurrency. North Korea, however, seems to be pursuing dual goals of both raising capital and sowing some seeds of discord as it goes.