Anatomy of a Crypto Hack: Digital Funds, Real-World Consequences

December 16, 2022 by Verafin

While cryptocurrency exists in a digital space, criminals leveraging crypto can have a significant impact on the traditional financial industry. Tracking the flow of funds across blockchain to fiat is essential for finding the perpetrator of these crimes – and ensuring laundered funds are not used for nefarious purposes.

The FTX Hack: Laundered Funds through Muddled Paths

A recent example that illustrates the real-world ramifications of crypto is FTX, which was one of the world’s largest cryptocurrency exchanges. In a historic event, FTX collapsed, risking millions of dollars in customer funds. Hackers, who stole around $477M worth of cryptocurrency from the collapsed exchange, have started to launder the funds.

To obfuscate the true origin of the funds, the hackers used a variety of methods including CoinJoins, Peel Chains, and Bridges. The hacker’s goal was to conceal the sender and receiver of laundered funds – ultimately increasing the anonymization.

At Verafin, we have been tracing the flow-of-funds of this hack using Verafin blockchain forensics, and charted the course the hackers followed:

  • On November 12, 2022, hackers gained access to FTX’s Ethereum (ETH).
  • Using DEX aggregators and DeFi protocols, a portion of the funds were swapped from ETH to renBTC token.
  • Using the Ren Bridge, hackers redeemed renBTC token on ETH to receive Bitcoin.
  • On Nov 25, 2022, the hackers began to use CoinJoins and Peel Chains to obfuscate the path on the bitcoin blockchain.

How Crypto Criminals Launder Funds: Traditional Methods and Modern Manipulation

While DeFi differs from TradFi, the money laundering playbook remains the same:

During placement, illicit funds are placed into the legitimate financial system. This can be through cryptocurrency or fiat.

The layering phase of money laundering is important for crypto criminals, to create separation between the laundered funds so they appear unconnected to the original crime. Crypto criminals create purpose-built anonymizing techniques when moving digital assets on a blockchain, increasing the anonymization of the laundered funds. Mixer tumblers like CoinJoin are then used to splinter funds through techniques like Peel Chains to add further anonymization.

Once layered, crypto criminals will attempt to convert the funds into a more useful form, generally fiat. Fraudsters will attempt to cash out, or off-ramp, their funds, either at crypto exchange, or through traditional methods like converting to gift cards. The integration phase where crypto meets fiat is one of the key opportunities to detect the illicit activity. Transaction monitoring that examines blockchain and fiat is essential to detect risk during the transition point.

Path Forward: The Need for Blockchain and Fiat Monitoring

Criminals operate in both the TradFi and DeFi space and it is vital that crypto companies implement AML programs that are designed to monitor both elements. Focusing primarily on blockchain monitoring and wallet risk leaves your company at risk of significant losses. Given that crypto has fewer KYC requirements, the point of conversion between crypto and fiat is essential to identifying the individuals behind criminal activity. Without the full picture of both crypto and fiat, criminals can easily conceal their corrupt activity.

In complex investigations such as crypto-related financial crime, data is key to understanding the full picture. With disparate systems and transactions occurring across multiple channels, crossing fiat and cryptocurrencies, bringing all this data together is challenging. Lack of a complete data set makes it difficult for investigators to see the full story behind the activity. Behavior-based analytics offer an effective approach to detecting crypto-related financial crime. Analytics that incorporate blockchain activity, including wallet addresses and on-chain activity, as well as off-chain and fiat transactions, counterparty analysis, KYC information, and geographic data are essential for a holistic approach to crypto-related crime detection.

The World’s Only All-in-One Platform for Crypto Companies

With 20 years of experience, Verafin has in-depth proficiency in assisting financial entities to adapt and evolve to meet new or changing compliance obligations. Our Anti-Financial Crime Platform for Crypto Companies includes:

  • Increased efficiency for complex investigations across fiat and cryptocurrency.
  • Behavioral analytics, which allow crypto companies to effectively identify crime, ensure compliance, and prevent losses.
  • Visual forensic tools and integrated case management system, to help streamline investigations by organizing vast amounts data, allowing you to complete investigations and file automated SARs/STRs with ease.

The FTX hack proved that disruptions in the cryptocurrency space can have significant consequences in both digital spaces and the traditional financial system. Crypto companies need to be prepared to protect their business and customers in both spaces. Monitoring risk on both blockchain and fiat is essential for crypto companies – ensuring your business and your customers are protected from potentially suspicious activity and helping prevent serious losses.

See How Verafin Can Help Your Crypto Company Fight More Crime

Fact Sheet: The World’s Only All-In-One Anti-Financial Crime Platform for Crypto Companies

Learn more about how Verafin streamlines AML compliance and fraud detection for crypto companies.

Crypto Site: The World’s Only All-In-One Anti-Financial Crime Platform for Crypto Companies

With the world’s only all-in-one Anti-Financial Crime platform for Crypto Companies, Verafin provides a full fiat-to-blockchain view of cryptocurrency activity to monitor and investigate both on-chain and off-chain risk. Verafin's holistic solution offers the investigation tools, case management and regulatory reporting capabilities critical to increasing the efficiency and effectiveness of crypto compliance programs.

Verafin, a Nasdaq company, is the industry leader in Financial Crime Management providing a cloud-based platform for AML, Fraud Detection and investigative Case Management. An all-in-one crypto compliance offering, Verafin supports complex investigations, enables robust transaction monitoring and improves efficiency of compliance processes. Its multi-chain visual investigation tools help streamline case investigations and trace the flow of funds across both cryptocurrency and fiat networks.

Share This...