If there is one trait that a blockchain is known for, it is that its records are immutable. They cannot be modified. They are a permanent record, and if someone has the time, the inclination, and the know-how, they can analyze a series of transactions to reveal important facts that may lay hidden in the maze. Chainalysis, a blockchain analytics company, has performed such a research project and submitted its report to the Wall Street Journal. The report reveals that two professional hacking gangs are responsible for over $1 billion in crypto exchange compromises over the past few years.
The sad news is that the data also demonstrates that both of these organized crime outfits are still active in the crypto scene and liable to wreak more havoc in the future. The report describes two entirely different crime units, given the names “Alpha” and “Beta” because, even though addresses are public knowledge, the owners’ names are anonymous, another feature of blockchain that criminals prize above all others.
The beauty of blockchains is that they are decentralized ledgers. They do not require a single server to validate every transaction and prevent double payments. Another bit of background is:
A blockchain is typically managed by a peer-to-peer network collectively adhering to a protocol for inter-node communication and validating new blocks. Once recorded, the data in any given block cannot be altered retroactively without alteration of all subsequent blocks, which requires consensus of the network majority.” That last bit is a vulnerability that crooks have exploited known as a “51 Percent Attack”.
In early January, the Ethereum Classic network sustained such an attack.
The Chainalysis study, however, focused on the illicit outflows of funds from compromised exchanges, regardless of the type of attack that was employed. The “Alpha” team was described as “a giant, tightly controlled organization at least partly driven by non-monetary goals”, as opposed to “Beta”, “a smaller and less organized heavily sanctioned organization heavily focused on the money.”
In a typically money-laundering technique, each group would “layer” fund transfers multiple times, on average 5,000 times, before cashing in their stolen tokens. Alpha had a sense of urgency in its process. It processed transfers immediately, withdrawing 75% of its loot in the first month after the theft. Beta, on the other hand, waited until publicity died down, roughly 18 months, then began its transfer mechanism, quickly withdrawing 50% of its take. The funds flowed through several exchanges, including regulated money transfer agents with AML processes in place, but the crooks were clever enough to evade any detection regimens.
One can only speculate on the identities of the two hacking groups. Each has its own personality, and there is no indication if there are any ties between the two bodies. Security professionals have been warning all businesses for sometime that state supported national groups are on the rise. Well-funded engineering arms of national intelligence agencies are being called upon to raise money and create chaos.
According to one security expert:
Nation-states increasingly view cyberwarfare as a cost-effective component of geopolitical and economic competition. Many will enlist and fund the efforts of cybercriminal gangs to create chaos, steal intellectual property, and profit from fraud and extortion by breaching personal data.
One of the most infamous cybercrime hacking syndicates in the world is known to be the Lazarus Group. Also known as “Hidden Cobra”, it works at the behest of the North Korean government. A cybersecurity group named Group-IB released its findings in October of 2018 that the Lazarus Group had been behind $571 million in crypto exchange hacking losses since early January of the year. It had focused primarily on South Korean exchanges, but its software code signature is what has tagged the gang as responsible for such crimes as the Sony Hack and the Wannacry ransomware outbreak. Could the Lazarus Group be both Alpha and Beta?