Crypto heists are becoming increasingly common, but forensic investigators are getting savvier at figuring out who is behind specific accounts. From a report: Paolo Ardoino was on the front lines of one of the largest cryptocurrency heists of all time. He was flooded with calls and messages in August alerting him to a breach at Poly Network, a platform where users swap tokens among popular cryptocurrencies like Ethereum, Binance and Dogecoin. Hackers had made off with $610 million in crypto, belonging to tens of thousands of people. Roughly $33 million of the funds were swiftly converted into Tether, a “stable coin” with a value that mirrors the U.S. dollar. Ardoino, Tether’s chief technology officer, took note. Typically, when savvy cybercriminals make off with cryptocurrency, they transfer the assets among online wallets through difficult-to-trace transactions. And poof — the money is lost. Ardoino sprang into action and minutes later froze the assets.
“We were really lucky,” he said. “Minutes after we issued the freezing transaction, we saw the hacker attempt to move out his Tether. If we had waited five minutes more, all the Tether would be gone.” Two weeks later, Tether released the money to its rightful owners. And after threats from Poly Network, the online bandit gave up the rest. The seizure pokes a hole in the long-held belief that cryptocurrency is impossible to trace. Cryptocurrency is computer code that allows people to send and receive funds, recording the transactions on a public ledger known as a blockchain, rather than retaining account holder info. Because of the lack of user data, cryptocurrencies like bitcoin have been hailed as a safe haven for criminal activity. Fueled by anonymity, the shadowy industry allows hackers, tax evaders and other bad actors to launder money secretively, outside of the traditional banking system.
Online scammers made off with $2.6 billion in 2020, according to a Chainalysis report. That year, ransomware attacks more than quadrupled.
But forensics investigators are getting savvier at scrupulously mapping activity on blockchains and figuring out who is behind specific accounts. This has sparked a “novel cottage industry of data providers” who are able to track cryptocurrency accounts flagged for illicit activity, said Zachary Goldman, a lawyer at WilmerHale specializing in novel payment technologies. “That’s never really been available before.” Through tracking, agents have recouped stolen crypto funds in a handful of high-profile cases. In June, the Federal Bureau of Investigation seized the $2.3 million in bitcoin ransom Colonial Pipeline paid to hackers who infiltrated the company’s computer network. Investigators used the blockchain to follow the flow of the ransom payment to track the perpetrators. In 2020, the crypto exchange KuCoin recovered almost all of the $281 million stolen by suspected North Korean hackers and refunded customers.
Read more of this story at Slashdot.