Chainalysis, a blockchain intelligence company based in the United States, has released details of research alleging that up to 64% of ransomware attackers go on to launder their loot via cryptocurrency exchanges.
The details surface at a time cryptocurrency mixing services, popular as tumbers, have hit the spotlight for being used to advance crypto money laundering. One such site was the BestMixer service that Dutch authorities and the Europol shut down last week. And this week, Bitcoin Blender, another mixing service, reportedly shut down voluntarily.
For ransomware attacks, malicious actors infect targeted devices with malware that threaten the victim. Attackers then demand affected parties pay a ransom, often asking that it be in cryptocurrencies. The ransom is so as the victim can access a decryptor tool for their devices.
These attacks have increased in recent years, with a recent statement by an FBI official alleging that North Korea was responsible for many of these attacks.
Now Chainalysis says up to 38 cryptocurrency exchanges have been used to launder ransomware funds. In particular, 64% of ransom payments, made in crypto, have ended to one or the other exchange.
Although the blockchain intelligence firm does not disclose names of the involved crypto exchanges, their assertion is that these platforms have been identified as having received funds from addresses linked to a given ransomware attack.
Chainalysis pointed out that 12% of funds ended up being laundered on mixing services, while 6% happened on peer-to-peer networks.
Some merchant service and darknet marketplaces also provided avenues for laundering ransomware proceeds. According to the report, 9% of ransomware payments remain unspent.
The research also reveals that ransomware attacks in most cases use cash-out networks that are mostly less complex. Unlike exchange hacks that involve huge sums of money, these attackers often get paid in small discrete sums. The money is sent to multiple addresses and is thus less conspicuous and less publicized.
Bitcoin (BTC) is the most used crypto for ransom payments made in crypto, with most of the demands averaging nearly $12,000.