Photo: Gillian Flaccus (AP)

Just two groups of “highly sophisticated cyber criminals” may be behind an estimated $1 billion in cryptocurrency thefts, the Wall Street Journal reported on Monday.

That’s according to a report from crypto transaction tracking software manufacturer Chainalysis, which concluded that the two groups (dubbed “Alpha” and “Beta”) are likely “responsible for stealing around $1 billion to date, at least 60% of all publicly reported hacks,” and are probably still active. Chainalysis spent around three months tracking a web of transactions to reach their conclusions, the Journal wrote, and they admit that they could be wrong.

Advertisement

But their report suggests that Alpha “is a giant, tightly controlled organization at least partly driven by non-monetary goals,” while Beta “seems to be a less organized and smaller organization absolutely focused on the money” and which is less concerned about hiding its digital tracks. Chainalysis wrote that both suspected organizations work on a large scale—averaging roughly $90 million per hack—and move stolen cryptocurrency through a maze of wallets to evade anyone trying to track it down.

According to the Journal, Chainalysis reported that the “stolen funds were transferred an average of 5,000 times before they were converted into cash,” though Alpha appears to be hastier than Beta when it comes to cashing out:

Alpha tends to immediately begin shuffling the funds around, according to the report. One hack involved 15,000 transfers. The entity converted about three-quarters of its stolen funds into cash within an average of 30 days.

Beta, on the other hand, may sit on the stolen funds for up to 18 months, waiting for any publicity surrounding the hack to fade. “When they feel ready to cash out, they quickly hit one exchange, cashing out over 50% of funds within days,” the report said.

Advertisement

If these organizations are real, then their success may say more about the state of crypto than their own skill. As the Journal separately reported last year, cryptocurrency exchanges differ from stock exchanges in that the latter only facilitate trading while the former actually maintain digital wallets for customers. That makes them attractive targets for hackers, who can run off with customers’ holdings if they breach security at a crypto exchange.

Cryptocurrency exchanges are “easy to breach, with minimum effort and expense from attackers and with maximum return on investment,” Robert Statica, president of New York-based cybersecurity firm BLAKFX, told the paper.

Advertisement

In September 2018, the New York Attorney General’s office released a report on the “shadowy inner workings of 10 popular cryptocurrency exchanges,” the MIT Technology Review wrote. In addition to an overall lack of transparency around questions like why certain coins are listed on exchanges and whether employees of the firms own any of the traded coins, the report found that some platforms did not have processes in place to ensure customers do not open multiple accounts.

The New York AG report also found that some exchanges “lack robust real-time and historical market surveillance capabilities, like those found in traditional trading venues, to identify suspicious trading patterns,” and that few seriously “restrict or even monitor the operation of ‘bots’ or automated algorithmic trading on their venue.”

Advertisement

It also concluded that “trading platforms lack a consistent and transparent approach to independently auditing the virtual currency purportedly in their possession,” and “several do not claim to do any independent auditing of their virtual currency holdings at all.” That makes it “difficult or impossible” to confirm whether exchanges are responsibly handling customers’ coins, the authors wrote, and leaves them “highly exposed in the event of a hack or unauthorized withdrawal.”

However, according to the Journal, Chainalysis chief economist Philip Gradwell said that even those exchanges that have implemented anti-money laundering controls are often unable to detect stolen funds after so many transfers.

Advertisement

[Wall Street Journal]