US Treasury Says It Tied $5.2 Billion in BTC Transactions To Ransomware Payments

The financial crimes investigation unit of the US Treasury Department, also known as FinCEN, said last week it identified approximately $5.2 billion in outgoing Bitcoin transactions potentially tied to ransomware payments. From a report: FinCEN officials said the figure was compiled by analyzing 2,184 Suspicious Activity Reports (SARs) filed by US financial institutions over the last decade, between January 1, 2011, and June 30, 2021. While the initial SAR reports highlighted $1.56 billion in suspicious activity, a subsequent FinCEN investigation of the Top 10 most common ransomware variants exposed additional transactions, amounting to around $5.2 billion just from these groups alone.

Re:

[CohibaVancouver]

Yep. We really don't do enough blaming of victims.

Time for that to change.

Re:

[ASDFnz]

Yep. We really don't do enough blaming of victims.

Time for that to change.

Anything is better than blaming the responsible people so yeah, let's blame the victims, the currency... hell there is plenty of blame to go around, just as long as we don't solve the problem everything will be OK.

It's a stretch to call cryptocurrencies a victim

[rsilvergun]

If you think the exchanges the money people behind cryptocurrency aren't fully aware of what the majority of the currencies they mine and create or being used for then I don't really know what to say to you. That's a level of naivety that's hard to imagine for anyone on slashdot.

The beauty of cryptocurrency is that it lets the exchanges take part in money laundering while keeping their hands relatively clean. The problem is that the government is slowly cottoning to that, and it's fairly clear that they're going to regulate the exchanges soon with anti-money laundering laws. When that happens it'll be like turning on a light in a seedy motel. Everybody'll scatter, and you'll see the price of cryptocurrencies collapse as trading comes to a halt except for the speculators we will be desperately looking for a greater fool to unload onto

To be fair this assumes the exchanges don't just buy off politicians like they're trying to do with Ted Cruz. I don't think our politicians are moral and upstanding enough not to be bought off but I do think that the banks will step in and demand the exchanges follow the same anti-money laundering laws that they have to, and the handful of left wing senators and house members like Elizabeth Warren will want crypto regulated so that it doesn't eventually become an over-leveraged asset and crash our economy like what happened in 2008 with those fake home loans that everybody knew or going to default.

Re:

[Reiyuki]

Just wait until they find out how much money laundering happens in dollars.... https://www.theguardian.com/wo... [theguardian.com]

Re: It's a stretch to call cryptocurrencies a vict

[antigravity]

Or visa, master card, and other gift cards. Where is the outrage, gov oversight for these companies.

Re:

[Reiyuki]

And that's just small-time stuff. Imagine the number of dollars used to facilitate human trafficking and warfare.

Re: It's a stretch to call cryptocurrencies a vic

[NagrothAgain]

It exists at the bank level. You can't just wander into a store with a million dollars in cash and walk out with a giftcard.

Not sure what the logical fallacy is here

[rsilvergun]

Cuz it's been a long time since I've taken a course on logic, but the fact that illegal activity takes place using dollars doesn't mean we shouldn't regulate illegal activity taking place with cryptocurrencies. I mean, would murder be legal if you stabbed somebody instead of shooting them?

Nonetheless I keep seeing this argument made again and again on these cryptocurrency threads. It's possible to cryptocurrency fans don't quite understand the point I'm making because I'm just not making it well enough.

Re:

[ASDFnz]

If you think the exchanges the money people behind cryptocurrency aren't fully aware of what the majority of the currencies they mine and create or being used for then I don't really know what to say to you. That's a level of naivety that's hard to imagine for anyone on slashdot.

If you think you can make such sweeping statements about the majority of crypto holders without an ounce of evidence to back your story up it is not me who is nieve.

You cannot seriously believe that people get into crypto with the express purpose to ride the crypto ransomware do you? i.e. they sit down and think "how can I get my hands on some of that ransomware money". Anyways, lets see the data to backup your assumptions.

If they don't believe that they're complete idiots

[rsilvergun]

By all means point to me to who's buying crypto and for what purpose besides speculators and money launderers? Who is buying cryptocurrency to use it for purchases out in the open? Yeah Elon musk selling Tesla's with Bitcoin makes the headlines but besides a few cryptocurrency Miners and the owners of the exchanges who's actually going to buy a Tesla with cryptocurrency instead of playing old cash (or more likely loans). Speaking of loans is there a bank I can borrow Bitcoin from? There were three in New Yo

Re:

[Xenna]

You're a bit behind. Let Jack Mallers explain to you how lightning (a 2nd layer Bitcoin network) is going to revolutionize payments without the users even realizing they're using a cryptocurrency. The value varying wildly doesn't even matter.

https://www.youtube.com/watch?... [youtube.com]

I watched that

[rsilvergun]

and there was no content there. Just "we've solved the problems with Bitcoin using Lightning" but no indication of how. He also didn't address the elephant in the room (mining costs) or the other elephant in the room (volatility) or the other elephant in the room (currency manipulation) or the other elephant in the room (finite amount of Bitcoins)....

At no point did he explain how "lightning" solves anything. Googling it, it's basically "off chain transactions". e.g. the equivalent of finding something

Re:

[phantomfive]

I don't think government should have so much control over what people do with money.

You don't really have a choice

[rsilvergun]

And the absence of a government regulating currency you get large players stepping in to use a variety of common currency manipulation tricks to control how you use currency. It's a damned if you do damned if you don't scenario and your best bet is to create a system with as much democracy as possible so you have a say and how the system's going to work. But you can't just not have government sticking its nose in because if you try that very wealthy people will create power structures very similar to the go

Re:

[phantomfive]

a variety of common currency manipulation tricks to control how you use currency.

Which common currency manipulation tricks? I've heard of inflation, but what non-governmental tricks are there?

Re:

[ShanghaiBill]

Yep. We really don't do enough blaming of victims.

In a data breach, the victims are the customers and shareholders, not the IT people or their supervisors.

Re:

[gweihir]

Yep. We really don't do enough blaming of victims.

In a data breach, the victims are the customers and shareholders, not the IT people or their supervisors.

Indeed. In most cases, IT, and often even more so "management" (who selected, hired and funded the IT people) are at the very least guilty of gross negligence.

Re:

[Corbets]

Yep. We really don't do enough blaming of victims.

In a data breach, the victims are the customers and shareholders, not the IT people or their supervisors.

Indeed. In most cases, IT, and often even more so "management" (who selected, hired and funded the IT people) are at the very least guilty of gross negligence.

That’s an oversimplification, often (I won’t say usually, as I don’t know that) made by people who work either in small environments or have responsibility for a small corner of their environment.

When you’re talking 20k or 100k servers in your environment, with 3k or 10k developers, security starts to look a lot harder, regardless of budget. Management can decide to invest an awful lot of money and still miss big things, because well, look at your sig. Essentially, there’s a lo

Re:

[gweihir]

Indeed. In most cases, IT, and often even more so "management" (who selected, hired and funded the IT people) are at the very least guilty of gross negligence.

That’s an oversimplification, often (I won’t say usually, as I don’t know that) made by people who work either in small environments or have responsibility for a small corner of their environment.

I don't think so. Willfully ignoring specific problems or knowingly not finding out how to manage a critical area right is gross negligence. Your AdHominem is entirely misplaced. Security can be done right in large environments. I have seen it done well, not so well and pretty wrong in environments with up to 10k developers. If you hire only developers with no real security background that also have to be cheap, even developers that want to do it right will fail frequently even if you actually have good pol

Re:

[gweihir]

Yep. We really don't do enough blaming of victims.

Time for that to change.

People running IT with poor security are not victims. They are perpetrators because they willfully endanger their customers. It is time to recognize that and act accordingly.

Re:

[Fly Swatter]

By your name you are a coder, well sorry to say, the real takeaway is that software writers are the real criminals. If you sell doors fulls of holes; it's no wonder people come in and take your client's things.

Maybe it's time for mandatory licensing for software sales, both coders and publishers.

Re: The real culprit

[cfalcon]

The ransomware systems are often not the result of an external facing exploit. The bigger ones handle providing you, the ransomware installer, with a product and a payment system. You, the ransomware installer will be keeping well over half of the loot in these cases.

So, the better analogy isn't a door full of holes, it is "the mall deserves to be robbed because it lets criminals inside the mall", a very different take. Sure you can argue that every IT system should be fully proof against an insider thre

Re:

[Corbets]

The ransomware systems are often not the result of an external facing exploit. The bigger ones handle providing you, the ransomware installer, with a product and a payment system. You, the ransomware installer will be keeping well over half of the loot in these cases.

Except in case where they pull the ol’ double cross. Been allegedly seeing that happening lately - sell the SaaS ransomware solution to your clients, wait till the victim is infected, then approach the victim on the sly and offer to decrypt for less. Best of both worlds for the ransomware seller, anyway.

Re:

[gweihir]

In case of Microsoft and some others that created and promoted fundamentally insecure products and functionalities while claiming they are secure, that is certainly true.

Re: The real culprit

[EirikFinlay]

Some users are idiots and will never learn, but bugs in software, even serious ones, are unavoidable, so you will always have this kind of issue where someone finds a zero day and uses it to steal, lock or destroy your data. This can happen to everyone.

What users (and system administrators) need to learn is to make offline backups as frequently as possible. Yes, perhaps you will lose some data, but not enough to justify paying a ransom to have it back, because most of it is safe in your offline backup anywa

Re:

[ShanghaiBill]

Maybe it's time for mandatory licensing for online computers.

That is going too far. Many servers collect no data. Many more collect nothing important.

But perhaps it is time for certification of those responsible for systems that collect CC#s, SSNs, and other private data.

An even better solution is to eliminate the need for sharing that information in the first place. Some countries have online transactions that require sharing of no private information. America's reliance on SSNs to be widely known and secret is especially stupid,

but..but...but...

[devkrev]

Bitcoin Is Anonymous!!

Bitcoin only has value for crime

[dmay34]

There is literally absolutely no value to bitcoin what-so-ever, other than easy and difficult to track ways for criminals to transfer money.
Bitcoin is only useful for crime. That's it.

Re:

[kot-begemot-uk]

Oh it has other uses.

Illegal financing of "loyal" opposition abroad.

Illegal campaign financing

Illegal political party financing.

All of these are presently in use and they are used mostly with USA being the source and various "brave opposition leaders" being the destination. That, by the way is one of the main reasons why it is not banned and why it is not going to be banned any time soon.

You don't need Bitcoin to give unlimited money

[rsilvergun]

To a corrupt political campaign or politician in the United States. Our Supreme Court has repeatedly ruled that money is speech despite decades if not hundreds of years of precedence to the contrary. The last couple of rulings basically opened up the floodgates to unlimited dark money by striking down any attempts to identify who made a donation to a political campaign.

Cryptocurrency is used primarily to buy drugs, pay for prostitutes (and facilitate human trafficking), as a general money laundering tac

Re:

[ShanghaiBill]

You can give unlimited money to a campaign, but there are restrictions on how the campaign can use that money.

For real corruption, you want to give the money directly to the politician. That is illegal, so bitcoin can help cover the tracks.

Might not be true...

[Petersko]

... it's also useful as a tool to attempt to prop up your economically failed dictatorship. Won't work, but it will buy a little bit of time.

Re:

[gweihir]

Morally, that is certainly true. Legally, running a complexly disguised advanced Ponzi-scheme variant like Bitcoin is currently legal as is running a money laundering operation for it. But the law will catch up and quite a few people involved may go to jail.

I wonder what else they are tracking

[Goatbot]

Sex, drugs, money laundering and piracy being some of the larger items they could watch easily.