According to a report by Chainalysis, there are 372 exchange deposit addresses that are involved in this form of money laundering. These addresses have received a total of $158.3 million worth of cryptocurrency from Ransomware-related wallets since 2018.
“Overall, the data suggests that mining pools may play a key role in many ransomware actors’ money laundering strategy”, Chainalsysis wrote.
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. The money laundering scenario of these hackers is as follows: Deposit addresses receive funds from both mining pools and wallets associated with ransomware. Hackers then transfer funds to mining pools of crypto-mining companies. Mined coins will be considered “clean” cryptocurrencies” and can be deposited on exchanges.
This form of money laundering is becoming more and more popular with Ransomware-related wallets depositing more and more funds into mining pools since 2018. Chainalsysis also gave an example concerning a highly active deposit address that has received substantial funds from both mining pools and wallets associated with ransomware. Of the $94.2 million in crypto sent to this deposit address, $19.1 million came from Ransomware addresses and $14.1 million came from mining pools. Specially, many of the wallet addresses related to Ransomware and mining pools belong to the same owner.
Cybersecurity firm Mandiant also said in a report this year that North Korean hacker group APT43, also known as Archipelago, also used stolen funds to mine coins. So, they can recycle their criminal coins to “clean” coins.