Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Crime

Hackers Stole More Than $600 Million in Crypto. Laundering It Is the Tricky Part. (wsj.com) 60

Thieves netting massive sums in cybercrime have limited options for laundering the funds. From a report: Many eyes in the crypto world are on a 42-character address on the Ethereum blockchain, which has unclear ownership and is currently home to the equivalent of about $600 million. Hackers stole the funds from players of online game "Axie Infinity" in a March 23 heist uncovered last week. The criminals have moved millions of dollars of assets in recent days, according to blockchain-monitoring tools, but the majority of funds remain in place, leaving victims and outside observers awaiting next moves. Crypto's transparency has turned money laundering into a perverse spectator sport. Transaction records on public blockchains give authorities a bird's-eye view of stolen funds equivalent to tens or hundreds of millions of dollars, often pilfered by targeting poorly secured software bridges that transfer assets between blockchains. The openness leaves successful cyber thieves facing a key question: How do you launder a nine-figure score?

"When there's a hack like that, everyone is watching the wallets," said Kimberly Grauer, director of research at Chainalysis, a blockchain-analytics firm. "So you better damn well know what you're going to do." The fate of the money stolen from "Axie Infinity" users, one of the largest such thefts, has become a topic of speculation. On Etherscan, a monitoring platform where users can see transactions to and from the address in question, commenters claiming to be victims, broke college students or Ukrainian refugees have posted messages asking the hackers to spread their newfound wealth. [...] Last week, blockchain analysts and amateur digital sleuths watched as ether worth about $20 million moved to crypto exchanges based in the Bahamas and Seychelles. On Monday, an additional $12 million of assets flowed into a mixer, which blends different cryptocurrencies to help obscure their sources. Mixers can have their own security compromises and are dependent on having enough crypto on hand to exchange illicit deposits for cleaner funds, said Mitchell Amador, chief executive of Immunefi, a bug-bounty platform focused on decentralized systems.

This discussion has been archived. No new comments can be posted.

Hackers Stole More Than $600 Million in Crypto. Laundering It Is the Tricky Part.

Comments Filter:
  • Everyone is watching, while a theft and money laundering scheme is carried out and no one can or no one will do anything about it. Switzerland got away with being the money laundering capital of the world for a long time because they were European and had a strong army. Neither applies to the Bahamas or the Seychelles. Maybe it is about time that the world community expressed to them that supporting criminal activities could be bad for their health.
    • Re:In other words (Score:5, Informative)

      by geekmux ( 1040042 ) on Wednesday April 06, 2022 @09:48AM (#62422206)

      Switzerland got away with being the money laundering capital of the world for a long time because they were European and had a strong army.

      What in the actual FUCK are you talking about with this "strong army" bullshit? They're a neutral country. How the fuck is a homebrew militia supposed to defend against a planet accusing them of corrupt and illegal money laundering again? I'm flipping through the pages of history, and I don't recall any land wars being won by what is now known as the DMZ of the financial universe.

      Switzerland got away with money laundering 100 years ago the same way they do now; Greed N. Corruption warps laws to turn a blind eye.

      Stop bullshitting yourself.

      • Vat ist dis Switzerland zie sprechen? Vat you mean is der Helvetia Confederation, ja?
      • a planet accusing them of corrupt and illegal money laundering

        That's just lip service aimed at keeping the left wing money grabbers quiet. The banking privacy they offer is what most of the planet actually wants.

        If you want to go after someone, go after the British. In spite of all their hand-wringing over money laundering and lost tax revenue, check out how many offshore banking havens are part of the British Commonwealth.

      • They're a neutral country

        They *were* a neutral country. They threw that out the window in February with sanctions, and if you want to be technical, they threw it out the window in 2018 when they stopped upholding banking secrecy.

        It may take a while, but this will end up upending the swiss economy in the long term, as people will move their money elsewhere. Especially any people in countries country not aligned with the west...

        • They *were* a neutral country. They threw that out the window in February with sanctions ...

          The nation's definition of "neutral" is somewhat fluid. They took a few actions during the world wars, too, while still being open to both sides for most things. For example, in WW2 they shot down a few German airplanes, forced aircraft to land at Swiss airfields, and used anti-aircraft weaponry while still maintaining their definition of neutral.

          • As should any country whose airspace is violated... That doesn't make them not neutral, its them saying don't fly your shit over our borders.
        • by gweihir ( 88907 )

          Banking secrecy is not baked into the Swiss constitution. Neutrality is. The only remaining country on the planet with banking secrecy bein in their constitution (or equivalent) is Austria, AFAIK. You pay something like 30% tax on gains from interes on those accounts though and they only offer the anonymous "Sparbuch", which you have to physically carry to the bank to access your money, no electronic transfers. Theoretically only open to Austrian citizens, but they are not allowed to check ID.

          As with the sa

      • by Tom ( 822 )

        I'm flipping through the pages of history, and I don't recall any land wars being won by what is now known as the DMZ of the financial universe.

        Switzerland doesn't go to war, but it DOES defend itself. And successfully so. Both the Axis and the Allies found out in WW2 that the Swiss will down your plane if you enter their airspace, for example.

        Switzerland does have a surprisingly large and well-trained army, and something like two thirds of the male population went to compulsory military service and have a gun at home. That plus the territory ensures that there's simply no sense in invading the country - it would cost you way too much for too littl

        • Army of drunkard (Score:5, Interesting)

          by DrYak ( 748999 ) on Wednesday April 06, 2022 @11:07AM (#62422418) Homepage

          As somebody who had to do said compulsory training (as the troop's doctor)...

          Switzerland does have a surprisingly large

          Large(ish), yes, indeed.

          and well-trained army,

          Rolling. On. The. Floor. Laughing. My. Ass. Out.

          Nope.

          There are maybe a few well-trained and competent in some specific functions (depending on the company: the cook, some pilots, some of the intelligence, etc.) but the vast bulk (the non-professional part) of the army are people who just went there because it's mandatory and they didn't manage to dodge it.
          They are only somewhat paying attention to the training and concentrating most on how to get drunk as much as possible as fast as possible, while finding new creative way to maim themselves in the process.

          Consider that nearly none of them has any combat experience (well obviously as we're speaking about compulsory service in a neutral country) only having some theoretical teaching from the few pro who were actually dispatched (and those worked mostly on peace-keeping missions).
          The easiest way for a potential attacker is to declare war to Switzerland, and then sit waiting while the population gets mobilized, gathers, gets bored, gets drunk as fuck and gets maimed.

          There are a few competent people who are actually interested in what they do (usually among the professionals), but there are few of them.

          At least, because after bootcamp there are still yearly periodic mandatory trainings, there isn't a complete loss of know how (the tank driver will still more or less remember how to drive a tank).

          and something like two thirds of the male population went to compulsory military service

          not even that many, nowadays.
          It's a couple of hundred thousands people max; definitely not a couple of million.
          All the other remaining one either managed to dodge service or aren't in the reserve anymore.

          and have a gun at home.

          But no bullets. And are strongly encouraged to actually keep their guns at the armoury and not at home to avoid the incidents (still sadly not that rare, hence the introduction of these procedures and recommendation).
          Because statistics tend to point that nearly all the time, the guns end up fired in accidents or suicides (or a very rare case of shooter), but almost never turned out useful.
          Tough: Switzerland is one of the many countries that are extremely safe (criminality is extremely low), there's just no need at all to have weapons at home to keep oneself safe.
          And if the risk of attack and invasion increases, procedure will be started to hand back bullet boxes and encourage the people to keep the guns handy at home, to be ready for mobilizing.

          So technically: yes, by the time an invaders is at the gate, by then they're likely to find a couple of hundreds males (and a few females who volunteered) with (recently retreived) guns and (recently distributed) bullets at home, ready to mobilize (or most likely, ready to refuse to follow mobilisation order and instead stay armed at home to defend their homes. Which is still somewhat useful in practice).
          And a few older non-reservists who opted to buy back their gun for private ownership (and managed to keep it in operating state).

          Also not all of them would have recent training in operating said weapons since they were young adults, because dodging the mandatory periodic shooting training (by sending the neighborhood's gun maniac to shoot for everybody else) is actually a thing.
          (And these training are only mandatory of riffle holders, not pistol holders - Reimbursing the pistol because by the time you finish it's become a pile of rust because you never took it out of your (locked) basement, is actually a recurring problem).

          Again not everybody is incompetent, but the few well-trained ones are lost in a bulk of people who didn't give that much interest and are just here because it's mandatory.

          • Rolling. On. The. Floor. Laughing. My. Ass. Out.

            I hope you mean off, not out. Prolapses aren't cool, no matter what pornhub says.

          • Yeah, but they are trusted to guard the vatican with their pointy sticks
          • by Tom ( 822 )

            They are only somewhat paying attention to the training and concentrating most on how to get drunk as much as possible as fast as possible, while finding new creative way to maim themselves in the process.

            As in pretty much every mandatory military service. Back in Germany when we had mandatory service there was a joke: "Don't laugh about the Bundeswehr (german army). If war starts, they need to delay the enemy until the soldiers arrive."

            We tend to think that, say, the US army is so different. But the truth is that most of what we see in movies is propaganda and most stories we hear are about the Marines or other professionals, while the bulk of the army isn't much better. Even though it's a "professional" ar

          • Please ignore all that DrYak just said, and remember: Switzerland doesn't have and army, it IS an army.

            (DrYak, hush! Don't give anyone any ideas!)

            • (DrYak, hush! Don't give anyone any ideas!)

              - Sorry, what did they say?
              They want to invade ?

              Said with an evil grin while casually playing with gold sack of the soon-to-be-very-sorry wanna-be-invader.

              - Such a nice sack.
              Would be a shame if something happened to it

              Evil maniacal laugher.

        • (IIRC) You are legally *required* to keep a firearm in your home there. I can see why they can afford to be neutral because soldiers don't want to enter houses where each one is occupied by someone ready to blow your brains out.

      • You clearly know nothing about Switzerland. Why do you think they were never invaded during either world war? They are nation in arms which is dug into some of the most rugged terrain in Europe. Yes, they are neutral. They learned that it is more profitable to let others do the fighting. I am reminded of a (probably apocryphal) story about Kaiser Wilhelm and the Swiss president. They were at some sort of international gathering and the Kaiser asked him how large an army he had. The president replied 1
      • Switzerland got away with it because it was the place the rich stashed their assets...all the rich. Nobody wanted to disrupt the status quo, and there was no real reason to invade it...so it was left alone.

        Rich people have needs too.

      • You clearly have never read any history books involving the Swiss. The Swiss don't fight aggressive wars, but they will mess up anyone trying to invade.
    • by DarkOx ( 621550 )

      Everyone is watching, while a theft and money laundering scheme is carried out and no one can or no one will do anything about it.

      And this is a big reasons why this crypto fantasy is bullshit. Either someone WILL DO something about it, which will mean regulations, know your client, tax reporting, either modifying the system to allow some kind of escrow / clearing scheme / float time arrangement so that LEAs/Courts etc can in fact size assets, enforce claw backs etc
      -or-
      Its going to be effectively banned.
      -or-
      Some mixture of the above; where Countries make different rules. Some coins/wallets will be tainted. Compliance will require you

      • Everyone is watching, while a theft and money laundering scheme is carried out and no one can or no one will do anything about it.

        And this is a big reasons why this crypto fantasy is bullshit. Either someone WILL DO something about it, which will mean regulations, know your client, tax reporting, either modifying the system to allow some kind of escrow / clearing scheme / float time arrangement so that LEAs/Courts etc can in fact size assets, enforce claw backs etc -or- Its going to be effectively banned.

        It always seemed to me that hacking and theft are one of the main reasons that crypto exists.

        If you can build something on the internet, it can be exploited. Simple azdat. So you build a currency system that is based on that, and take people's money until you aren't allowed to do it any more.

        It's a classic grift, profitable until it isn't any more, then move on to a new grift. What is impressive to me is that people seem to be lined up, as every new grift pushes a little harder against the stupidity l

        • You can see why "Bored Apes" exist. None of the people using it can see the huge in your face insult twards them that's baked into it's very foundation.

          • You can see why "Bored Apes" exist. None of the people using it can see the huge in your face insult twards them that's baked into it's very foundation.

            Greed. And for some irrational reason, believing people who trip that greed switch.

            There are some things that trip the stupidity on-off switch. Greed, and beautiful women. Both can turn people into idiots.

            • Greed usually involves getting something of real value.

              Bored Apes, you get a link to a picture of an ape which may very well turn out to be a picture of a rug instead.

              I truly don't understand the motive here. Are people hoping to sell off their links to someone even stupider than they before the whole nonsense bubble collapses?

                This is a whole new level of insanity and nonsense.

              • Greed usually involves getting something of real value.

                Bored Apes, you get a link to a picture of an ape which may very well turn out to be a picture of a rug instead.

                I truly don't understand the motive here. Are people hoping to sell off their links to someone even stupider than they before the whole nonsense bubble collapses?

                Well, the grift also depends on people thinking it will all recover. There's an old Stock Market saying that "Americans buy high, and sell low". And it is true for many. For my own investments, I try to buy low to middling, then dump before I believe it's near the peak. Do I make as much as some? Nope. But I know my level of greed, and always try to check it.

                If I cold give an example. A friend I worked with was putting his retirement into high risk investments leading up to 2000. He was a multimilliona

                • "I'm guessing that pop star sperm will be the next big thing - I mean how low can we go"

                    You get something tangible and can be verified. So far DNA is just about impossible to fake but of course this may very well change in the future.

                    This would be the icky version of a rare baseball card.

    • by jmcwork ( 564008 )
      It is going to be used to payoff those hackers that keep hijacking webcams and recording people watching pr0n.
    • by gweihir ( 88907 )

      Switzerland is not known for money laundering. It used to be known for money hiding, often for tax evasion purposes. For example, for a Swiss numbered account, the _Swiss_ authorities know perfectly well who it belongs to both property taxes and income taxes (on interest) will be paid locally. But it used to be when another country wanted to know whether a specific person had an account with a Swiss bank they got no information on that.

  • by jacks smirking reven ( 909048 ) on Wednesday April 06, 2022 @09:29AM (#62422172)

    Because no one cares, everyone is only concerned with the amount of fiat "real" currency it is worth. All those dreams of breaking out of the corporate and state controlled banking system are so easily swept away in a light breeze when people can make some actual money from it. There are probably some true believers still out there who dream of the crypto currency future but its starting to feel like this whole thing is going to be in its death throws in the next couple years.

    Maybe Bitcoin sticks around on pure inertia that so many billions are tied into it but it's been like 10 years and are there any real useful blockchain applications besides coin after coin after coin and all the nonsense surrounding them?

    • are there any real useful blockchain applications? -> no
      • are there any real useful blockchain applications? -> no

        If there are actual useful applications of blockchain technology that can be applied, then we should consider them.

        This is a strange analogy, but imagine the cure for cancer, being inside of a cigarette. We're shitting on blockchain technology because of how people have abused it. That doesn't mean we should shit on the technology itself IF it still has value.

        A gun can take lives, sure. But far more often, a gun is used to save lives. Perhaps it's time to stop viewing blockchain, as purely a weapon of d

        • That's my question, for years now I have been hearing "the crypto currency stuff and groups around them are bad but blockchain is really useful tech with far reaching implications" and lots of companies were putting developer teams together for it and looking into future applications and I just have not heard anything coming out of that since that initial rush of interest.

          There was a suggestion I read that if its been so long and there are no real world blockchain applications developed at this point than t

        • I view blockchain as a solution looking for a problem. The technology is great - if we could just find something it's actually useful for. But every time I've seen someone propose blockchain as a solution, it's always been something that more conventional databases can solve better.

        • by Voyager529 ( 1363959 ) <voyager529@yahoo. c o m> on Wednesday April 06, 2022 @11:07AM (#62422420)

          are there any real useful blockchain applications? -> no

          If there are actual useful applications of blockchain technology that can be applied, then we should consider them.

          ...We're shitting on blockchain technology because of how people have abused it. That doesn't mean we should shit on the technology itself IF it still has value.

          I've thought about this, but I've had a lot of difficulty coming up with a use case. The distributed ledger is basically a database with lots and lots of copies and procedures to allow validation of entries between peers, right? It's entirely possible that my premise is wrong so please help me if I misunderstand it, but at its core, that is my understanding of what a blockchain is.

          If that's the correct understanding, then the problem that blockchains solve must:

          1. require decentralization. Relational databases are time tested technologies that have made the world go round for decades, with NoSQL also largely reaching maturity. If a blockchain isn't distributed, it's just another centralized database.

          2. require a means by which the blockchain can be written by anyone, but not 'anyone'. Right now, in practice, the blockchain can be written to people who have a bunch of GPUs and ASICs. Thus, the 'permission' to write to a blockchain isn't due to merit or position, but by the barrier to entry. If the blockchain is only able to have transactions logged by a specific set of people...it's just a centralized database. If it's democratic enough that truly anyone can write to it without either an explicit permissions model or a barrier to entry that serves as one, the data becomes both unwieldy and unreliable.

          3. not require a database somewhere else for the blockchain data to be useful. In researching this comment, I found an article [thecorrespondent.com] that referenced the early experiments with using a blockchain in Zuidhorn a few years back. The goal was to help a poverty aid package achieve distribution. By time the app development was actually finalized, there was a single miner...and that was a tiny scale example. Another example I've heard in the ether, more so involving NFTs, is concert tickets. This sounded like something approaching 'genuinely useful', but Ticketmaster basically uses QR codes now, and whether a QR code or an NFT, it's up to the event holder to decide whether they've gotten their money and if the NFT is valid for entry. These records are more than likely held on a relational database, and I'd imagine that the difference between an NFT and the primary key of a record in that relational database isn't exactly a paradigm shift.

          So, at least for me, the issue with blockchain tech is that I can't meaningfully point to a problem which can be solved by a blockchain in a way that isn't solved just as well by MariaDB.

          • That's what I don't understand about the blockchain hype. The idea of an inmutable database is nothing new. Each record has a hash of the preceding record (which includes the hash of the pre-previous record). That much is clear and fine.
            But anytime some company (like Walmart) announced some super duper blockchain implementation without the distritbuted trust part, I don't get it. If one entity is in charge of that block chain, then it's just a linked list. Which is fine, I guess. But not hype worthy?
          • by ras ( 84108 )

            So, at least for me, the issue with blockchain tech is that I can't meaningfully point to a problem which can be solved by a blockchain in a way that isn't solved just as well by MariaDB.

            Err, your missing the elephant in the room - or possibly the star as the centre of the solar system. Yes, both MariaDB and bitcoin both are datastores. But only one famously requires about the power output of Finland to add to add entries to that datastore.

            Clearly, that matters somehow. If you don't understand why it mat

            • So, I appreciate the response and some of the examples here, ras. However, I submit a few follow-ups for your consideration.

              Regarding cryptocurrency's power utilization, of course that's a known issue. My point wasn't that the power utilization should be ignored based on its damage to the ecosystem, but rather that, when you boil it all the way down, the GPUs that generate that need for power function as a barrier that prevent 'just anyone' from writing to the blockchain, as you describe.

              In terms of 'trusti

              • by ras ( 84108 )

                The trust in the information I get from the bank or the Titles Office isn't in the document itself, or even necessarily its source. I trust it because the bank, titles office, and court system trusts it.

                No, you do in fact trust the source. If you didn't you would be checking all data the source issues with the bank, titles office or court system (ie, things you do trust) - because you can't trust the source to issue it correctly. But you don't do that, and the fact that you don't implies you trust the so

    • by King_TJ ( 85913 )

      Yes, but this doesn't invalidate the concept of value in a non state-controlled currency. It just shows how generally, people still find it more practical and useful to hold one of those state controlled traditional currencies.

      I'm of the opinion that crypto will NEVER achieve a goal of serving as a "daily use" payment method until the whole process gets much faster and easier for people. That's the REAL reason it's relegated to working more like a stock investment.

      I don't think there's anything magic about

    • by gweihir ( 88907 )

      Indeed. Pretty telling, the whole thing.

  • Like countless others, all the victims have to do is call customer service. Their wealth will be restored pronto. Haaa!

    • When it switches to proof of stake I suppose there might one day be a big player that could perhaps reverse the fraudulent transactions - but with so many stolen eth in their account the "big player" might well be the perpetrators.

      I wonder if that will be the eventual fate of any proof of stake system, steal enough and you can steal as much more as you like, but owning all of the eth is no use either.

  • The old Pablo Escobar problem.

    Also, how do you prevent 25 tons of cash from becoming moldy?

    Things to do, people to kill ...

  • he could make that disapper in no time.

Avoid strange women and temporary variables.

Working...