Paolo Ardoino was on the front lines of one of the largest cryptocurrency heists of all time.
He was flooded with calls and messages in August, alerting him to a breach at Poly Network, a platform where users swap tokens between popular cryptocurrencies, such as ethereum, binance, and dogecoin. Hackers had made off with $610 million in crypto, belonging to tens of thousands of people. Roughly $33 million of the funds were swiftly converted into tether, a “stable coin” with a value that mirrors the U.S. dollar.
Ardoino, Tether’s chief technology officer, took note. Typically, when savvy cyber criminals make off with cryptocurrency, they transfer the assets between online wallets through difficult-to-trace transactions. And poof — the money is lost.
Ardoino sprang into action and minutes later froze the assets.
“We were really lucky,” he said. “Minutes after we issued the freezing transaction, we saw the hacker attempt to move out his tether. If we had waited five minutes more, all the tether would be gone.”
Two weeks later, tether released the money to its rightful owners. And after threats from Poly Network, the online bandit gave up the rest.
The seizure pokes a hole in the long-held belief that cryptocurrency is impossible to trace. Cryptocurrency is computer code that allows people to send and receive funds, recording the transactions on a public ledger known as a blockchain, rather than retaining account holder info.
Because of the lack of user data, cryptocurrencies such as bitcoin have been hailed as a safe haven for criminal activity. Fueled by anonymity, the shadowy industry allows hackers, tax evaders, and other bad actors to launder money secretively, outside of the traditional banking system.
Online scammers made off with $2.6 billion in 2020, according to a Chainalysis report. That year, ransomware attacks more than quadrupled.
But forensics investigators are getting savvier at scrupulously mapping activity on blockchains and figuring out who is behind specific accounts. This has sparked a “novel cottage industry of data providers” who are able to track cryptocurrency accounts flagged for illicit activity, said Zachary Goldman, a lawyer specializing in novel payment technologies at WilmerHale. “That’s never really been available before.”
Through tracking, agents have recouped stolen crypto funds in a handful of high-profile cases. In June, the FBI seized the $2.3 million in bitcoin ransom that Colonial Pipeline paid to hackers who infiltrated the company’s computer network. Investigators used the blockchain to follow the flow of the ransom payment to track the perpetrators. In 2020, the crypto exchange KuCoin recovered almost all of the $281 million stolen by suspected North Korean hackers and refunded the funds to customers.
“Following the money remains one of the most basic, yet powerful tools we have,” Deputy Attorney General Lisa Monaco said in a DOJ news release announcing that the Colonial Pipeline funds had been seized. Authorities accessed the account holder’s private key, according to an affidavit, but didn’t say how they accessed it, likely to keep hackers from understanding their methods, outside experts say.
The FBI and Pipeline Colonial declined to comment about how they accessed the account. Others in the industry have theories.
There are thousands of cryptocurrencies with thousands of blockchains, which contain a public record of every crypto transaction made. But blockchains provide limited public user data and the massive documents, supported by a network of servers, require specialized skills and terabytes of computer storage to download and parse through. This allows criminals to hide behind cryptic account numbers and conceal their assets by swiftly moving them or spreading them across a wide array of wallets.
Blockchain surveillance companies are finding success using software to scrape transactional data on the blockchain, analyze it for suspicious activity — such as accounts connected to illicit behavior on the dark web — and help law enforcement agencies track down where the funds end up.
Full Article: https://www.inquirer.com/wires/wp/tracking-stolen-crypto-is-booming-business-how-blockchain-sleuths-recover-digital-loot-20210926.html