Chainalysis Report: Two Groups Responsible for Most Publicly Reported Hacks
Two “prominent professional hacking groups” are responsible for the majority of publicly reported hacks of cryptocurrency exchanges and other cryptocurrency organizations, concludes a report published by blockchain data analytics firm Chainalysis this week. According to the report, simply called the Crypto Crime Report, the groups generated around $1 billion of hacking revenues for themselves so far.
“Hacking dwarfs all other forms of crypto crime, and it is dominated by two prominent, professional hacking groups,” the report states. “Together, these two groups are responsible for stealing around $1 billion to date, at least 60% of all publicly reported hacks.”
Exchanges, wallet providers and other custodial services have been prime targets for cybercriminals for years. From the MyBicoin theft and Bitcoinica hacks in Bitcoin’s early days, to the infamous Mt. Gox collapse due to stolen funds and the Bitstamp and Bitfinex hacks more recently, to the Cryptopia theft just several weeks ago, hacks and thefts are a recurring theme in the cryptocurrency space.
Now, Chainalysis’ report suggests that many of the same people may be responsible for most of these kinds of hacks. By tracing the movement of funds on from hack to exit point (the exchange where funds were ultimately converted into fiat currency), Chainalysis believes it has been able to pinpoint two prominent hacking groups. Dubbed “Alpha” and “Beta” by the blockchain analytics firm, these two groups, together, would have been responsible for about 60 percent of publicly reported hacks, worth a total of $1 billion, with an average of $90 million per hack.
Furthermore, the Chainalysis report notes that both Alpha and Beta went through lengths to shuffle the coins they stole, seemingly in an attempt to obfuscate the source of the funds. This mostly involved a huge amount of transactions moving the stolen funds from address to address, the report notes: “The hackers typically move stolen funds through a complex array of wallets and exchanges in an attempt to disguise the funds’ criminal origins. On average, the hackers move funds at least 5,000 times.”
This shuffling was combined with periods of inactivity, presumably to wait until interest in the hacks would die down before converting the cryptocurrency proceeds into fiat currency.
Interestingly, Chainalysis did find that Alpha and Beta are shuffling their loot around using different, independently distinguishable strategies. The blockchain data analytics firm even believes this reveals something about the nature and intent of the two groups.
“[W]e suspect that […] Alpha, is a giant, tightly controlled organization partly driven by nonmonetary goals,” writes Chainalysis. “They appear as eager to create havoc as to maximize profits. Alpha seems much more sophisticated, expertly shuffling funds around in a way that suggests they want to avoid detection.”
Meanwhile, Beta — the smaller of the two — appears less organized, less skilled at moving the funds around, and more focused on the money itself, according to the report: “They don’t appear to care very much about evading detection, just about getting a clear route to convert illicit assets to clean cash.” In one case, Beta is said to have cashed out more than $32 million in one go.
Both groups have been successful in funneling much of their proceeds to exchange it for fiat currency, Chainalysis writes, as more than half of all the hacked funds were converted in less than four months, and about three quarters of the hacked funds were cashed out within six months. This was largely done by using regular exchanges, according to the report, which Chainalysis believes was possible because “exchanges and law enforcement have had limited ability to track hacked funds.”
The report does not detail which hacks were analyzed, where the proceeds were cashed out, or any more identifying information about the Alpha or Beta groups. Chainalysis did not respond to inquiries by Bitcoin Magazine before time of publication.
You can download the Chainalysis report here.