Hey CryptoBro!: How Are Criminals Laundering, Monetizing, and Targeting... - Sam Colaizzi

today we are here with Sam kalezi um if anyone else like myself is tired of running a car wash or a nail salon you're in the right room um so let's get a little excited learn how some of these criminals are laundering monetizing and running in this whole crazy crypto world so without further Ado same crazy all right everyone hear me all right good all right so my name is Sam clasy I Am a threat intelligence analyst with recorded future uh within recorded future I am part of our Advanced cyber crime and engagements team so we handle crypto quite often whether we're dealing with various threat actors purchasing things so I figured this would be an awesome topic to speak on because we deal with it on a day-to-day basis however before we get started uh one of the things I wanted to go over a little bit of an agenda here I know that within the crypto space there are varying levels of knowledge and understanding so I just wanted to go over some basic definitions before we kind of dove into things a little bit more like the laundering monetization methods then going into the attacks against crypto nfts as well as smart contracts and then we'll attempt to look a little bit into the future because this is such an ever-changing ecosystem it's a little hard to predict at times and a little hard to make an assessment on but we'll attempt to do that today I just wanted to bring up this quote uh from Satoshi Nakamoto it is the individual or group of individuals who possibly created bitcoin uh still up for debate if it was one person or a group of individuals so I think this quote I really like it because it embodies what Bitcoin was intended to be it was intended to be decentralized and kind of divorced from any state government or bank it was meant to be the coin of the people essentially so moving into some of the definitions that we have here I'm sure a lot of individuals have heard of the term altcoin before so what an altcoin is is essentially any cryptocurrency token that is not a Bitcoin and then we actually have Bitcoin itself so this is the original decentralized currency it was initially founded and distributed to the public in January of 2009 in the white paper demonstrating this was actually released a few months prior in October of 20 or 2008 by Satoshi again either individual or group of individuals are still not sure yet and then we have for sure many as you have heard a blockchain uh so I know the word gets thrown out quite a bit but in the basic sense the blockchain is an unchangeable digital Ledger that we use to track transactions and they're conducted in sequential blocks and they follow a various protocols for the various tokens that are out there so whether it's the ethereum blockchain the Bitcoin blockchain the Monero blockchain so again various blockchains for various coins then what we have is a cold wallet I actually have one here this is what we use reported future they are little digital ledgers looks like a USB drive almost so what these cold wallets are is they are Hardware wallets um and they are used to store private keys so I cannot access any of my crypto unless I actually have this specific wallet uh plugged into this computer or any other computer with the program um next I want to go over a little bit of what a cryptocurrency exchange is so it's essentially a digital Market where you can buy sell trade and cash out crypto so think things like binance FTX or smps um crypto.com okx buy bit things like that on that level then we also moving into crypto mining so who attempted to buy a graphics card in 2020 2021 uh crypto miners uh really kind of ruined that whole scene because they bought up them all because you need an immense amount of graphical processing power to be able to compile the blockchain and then solve transactions and these miners are actually rewarded for solving the problems or you know mathematical problems that are associated with mining to be able to put the blockchain together and then they actually get a little small fraction of that and if you multiply that if you have 10 mining Rigs and you're doing it 24 hours a day and heating your home as well as others around you you're going to be making quite a bit of money I think it was in New York actually they outlawed crypto mining because of how much of a drain it had on their power grid um and then moving into the final set of definitions the ethereum request for comments 20 ecr20 so what this is is essentially a basic set of guidelines that um guides the ethereum blockchain so any coins on that ethereum blockchain are governed by ecr20 rule sets so when you hear ecr20 coin it is again anything that is on the actual blockchain of the ethereum sorry of the ethereum blockchain um next we had fiat currency um when I first started researching crypto a few years ago I always thought well why is it called a fiat currency it's not a car fiat currency is a currency that is a legal tender that is you know State abide.government decree so the US dollar would be a fiat currency a euro is a fiat currency and then we have a hot wallet so hot wallet opposite of a cold wallet it's a software wallet that is usually stored on your computer or some type of software that you would have so think like Exodus wallet it would be a software wallet they're a little bit more susceptible to malicious attacks because of their ability to be hosted and connected to the internet and then we have everyone's favorite non-fungible tokens um so as you see my uh not stolen I just copy and paste it off the internet picture of various board ape Yacht Club nfts and if you are so inclined you can go and spend hundreds of thousands of dollars like Seth Green and numerous other individuals have done and get a picture of a board ape Yacht Club nft so what they are basically is a unique set of uh drawing pictures some type of commodity that has a set value to it uh that you own because it says it does on the ethereum blockchain you own a piece of that in the digital Ledger and then finally uh before smart contracts we have some private Keys these are essentially the keys to your house or the keys to your kingdom you wouldn't want anyone with your private key because then they'd be able to get access to your wallet so if someone found this on the ground unfortunately you wouldn't be able to get into it because it's pin coded but if you knew my pin you would essentially be able to validate my private key with this specific USB looking drive then same thing with software wallets if you need to recover I know with Exodus if you have to recover your said wallet you need a recovery key which is essentially your private key to be able to recover those funds or at least gain access to that software wallet again and then last but not least are smart contracts what they are is they're essentially digital contracts that facilitate a rules-based enforcement so one of the types of smart contracts that I will talk about in a little bit are flash loans and a flash loan essentially in agreement with an individual that you will pay them back you are borrowing money on a non-collateral basis that you promise to pay them back and if it doesn't then that smart contract will obviously be outstanding and that person can go after you so again just a digital agreement all right now we're going to get into some of the fun stuff so in terms of laundering methods of crypto I put this before monetization because in a lot of uh a lot of the research that we've done we've seen that this part comes before some of the monetization and cash out they're kind of blocks of Choose Your Own Adventure of how you want to attempt the clean or launder or even monetize some of your crypto whether you are a ransomware threat actor or just an individual selling credit card dumps so one of the top ways that we've seen threat actors and illicit users of crypto kind of talking and advertising and promoting again our Ledger and trezor this specific wallet is a ledger I actually just saw them at Best Buy like two weeks ago so I'm kind of surprised they're getting more and more popular now and then you have trezor so just an op the different version of with this specific little wallet is and then you have some of the other um digital wallets like Bitcoin core Wasabi wallet trust wallet electrum Exodus which I had mentioned before I do have an exodus software wallet Dragon era Unstoppable and then feather is actually a Monero only wallet so a lot of individuals who use that for that privacy Focus coin because it's one of kind of the only privacy focused ones for that specific token and then uh I like these cross chain swaps because I always thought this was funny I've always thought this was kind of the the wish.com of mixing this is if you wanted to go ahead and attempt to mix your coins yourself so cross chain swaps allow users and other individuals to swap tokens from Bitcoin to ethereum to Monero back to bitcoin so you're essentially creating obscure or anonymity through obscurity you're going through a bunch of Hoops and attempting to launder or mix your own funds by obscuring them of hey I'm going from Bitcoin to ethereum back to bitcoin to Monero back to ethereum then cashing out because again you're obscuring more than anything and then we're actually going to talk about one of my favorite mixers here so right here we have on the right hand side there is a naughty mixer if there's any law enforcement don't shut this one down this is my favorite I really enjoy using this one it's easy so uh anani mixer is only hosted on an onion service right now they did have a clear net domain at one point a Noni mixer is neat because as you can see the UI is very very simple and the user experience is actually great whoever designed this so you actually go in you will type in your address you'll put in the information that you want it'll actually give you a countdown of like hey you have this much time to deposit these tokens these are the wallets that are going to these are the fees that are going to be charged for it please send this exact amount no more no less and we'll take care of everything else on the back end so another version of that are yomix which yomix is okay it's advertised on a lot of kind of mid and top tier forums then you have com somebody cash out you're going to see This Again comedy cash out uh it was hard to fit in a category because it's not only a mixer but it's also a type of peer-to-peer exchange it's also a high risk exchange but it's also an over-the-counter exchange to a certain extent and then you have sinbad.io there is a lot of speculation that Sinbad is possibly a Reincarnation of blender.io which kind of brings me to my next Point here blender.io and tornado Fox mixer chip mixer in Blitz Lotto are actually very popular we're a very popular mixers and I wanted to bring these up because these are integral or these mixers were integral into a lot of the anonymization and tumbling of cryptocurrency for a lot of popular attacks um so blender.io was used to launder funds from Ronin network uh it was suspected that I think the FBI actually came out recently with a press release accusing them formally accusing apt-38 which is a North Korean apt group of stealing roughly 600 million dollars from the Ronin Network and they started to launder those funds through blender.io and is actually sanctioned by the U.S treasury's department of foreign asset control ofac and then tornado caps similar this was another attack by apt-38 they stole about 100 million dollars worth of crypto from the harmony bridge and they started to launder those funds through tornado cash then you have Fox mixer which was seized by law enforcement chip mixer was a very popular mixer that was used by various ransomware groups so I'm sure everyone one has heard or at least had to deal with ransomware this is how they were taking some of those funds and then laundering them and then Blitz Lotto was an interesting chaos it's a Russian firm that deals with crypto but also on the back end they were doing uh very in my mind Russian things and laundering funds and laundering funds from markets and then ransomware uh while the Russian government was kind of turning a blind eye to that and they were actually sanctioned very recently uh by ofak and next um so we have the peer-to-peer exchange so I like to kick this off or at least in my mind if you were a threat actor this would kind of not be the first place I would go if you were attempting to at least launder your crypto I would attempt to do some cross chain swaps first and then go to something like a peer-to-peer exchange so with this peer-to-peer exchange is is has anyone ever been on Craigslist I'm sure all of us have you post for sale buy or want ads that's essentially what we are doing here we are placing a for sale or want or hey I'm giving this away type deal um there's extremely limited know your customers so kyc for those that work in the financial uh industry and there's also very limited anti-money laundering uh policies as well that govern uh this specific type of exchange and then what you as I said various advertisements are posted to it and then some of the more popular ones that we've seen discuss are Agora desk bisque local Monero Peach Bitcoin I've only attempted to use Agora desk and I tried to use Peach Bitcoin had limited Success With It but I actually want to show you what agoridesk actually looks like and I want to step too far away from the mic so uh right there you have your seller column so these are individuals that are actually posting for sale ads of their cryptocurrency of hey I want to I can't see it I want to uh you can um buy my Bitcoin that I have you can send me cash by mail and that's the rate of the Bitcoin that second to the right column that I'm going or second to the left column that I'm going to charge you for it and then that's the um the I can't see that last column I apologize but yeah you have your seller your payment method and then your actual price that they're charging for the Bitcoin so again you can see the tab all the way up in the top corner there of the buy and sell so you can buy sell post an ad and then this specific peer-to-peer exchange deals in both Bitcoin and Monero so next we're going to move on to high risk exchanges so I mentioned this topic a little bit ago of a high risk exchange so what you have here again similar to peer-to-peer little to no implementation of kyc or AML policies to be able to at least govern a lot of these specific exchanges and I also wanted to highlight here the importance of these high-risk exchanges similar to those mixers that I talked about for before ofac actually between September of 21 and April of 2022 sanctioned suex Chad X and guarantee X which were three large high-risk cryptocurrency exchanges that were laundering and handling funds from ryok May's conti and rival so those exchanges I don't have bonus up there again we're handling funds from those various ransomware groups so what we have here is a an exchange that functions similar to what you would do with a trusted exchange such as crypto.com binance okx so you're essentially going through this Marketplace creating an account not having to submit any identity verification or anything like that and being able to convert Fiat to crypto crypto to Fiat being able to store it there some of these actually have mixers which I want to dive into a little bit now so what we actually have here of that screenshot is a screenshot of xss which is the top tier Russian Forum that we deal with a lot and this is translated via Google translate so I just right clicked I don't speak Russians I do not know how accurate the transition is or translation is but what we have here is Audi A6 mixer and what this mixer is is essentially individuals who are helping you buy and sell crypto so you can go from cash to bitcoin as that top option you can also exchange cryptocurrency for QR codes which you can redeem at I think some of the banks are listed there serbank Tink off which are banks based in Eastern Europe so I'm sure a lot of you can imagine how that can be abused or at least how it possibly was abused especially with all the sanctions that the U.S had imposed and what is neat about specifically comedy cash out in Audi A6 exchanger both of these exchanges are pinned and have advertisements on two of the top tier Russian forums where a lot of initial access Brokers advertise where a lot of ransomware actors uh frequent and just where a lot of those individuals kind of hang out talk chat so again these are in places that are well seen and well known and then you have Infinity exchanger exchange and wizard swap these are more again more like the traditional crypto.com binance type exchanges they're not exactly one for one I'm not saying that they are but they are similar to it it's kind of the closest thing that you would have and then one thing I forgot some of them also have mixing functions though it's all the way down at the bottom there so some of these high risk exchanges will also have mixing in them so it's kind of a One-Stop shop of hey I also want to convert my crypto but first I need you to clean it they offer that service of course they do and then the next is virtual credit cards um so the monetization methods uh used with virtual credit cards you don't want to go directly to a virtual credit card at least in my experience or the individuals that we've talked to what you're first going to do is attempt to mix it or try to do cross chain swaps things like that to be able to at least get to this point to where you can start to load onto a crypto cart or load onto a virtual credit card so we've now moved from laundering to monetization and cash out of crypto most of the service providers that we have seen associated with virtual credit cards are visa and MasterCard if there's anyone that works for Visa or Mastercard I'm sorry I would love to speak to you and kind of understand how these cards are issued a little bit on the back side of it and what fraud detection methods you have in place especially for cards like this because I was able to this is an actual screenshot of a card that I had loaded 25 onto I was able to do it not create an account I was able to verify this card I was able to use it at one point I did get denied the first time when I tried to use it somewhere for a fraud anti-fraud measure so again good on the website that I actually attempted to use it on first but this is pay with moon and then you also have ezocard VCC Pro waiver card so again just kind of a bunch of different options uh to actually get into the virtual credit card game or world of attempting to load funds onto them um and then once you load the funds on to a certain extent you can use these such as traditional debit or credit cards you can kind of enter any information that you want on uh the the payment website or checkout website again I did get denied once but I was able to use it the second e-commerce retailer that I had tried to use it at and then what we also have uh lastly and I'm going to use this term again over the counter what we have here uh is an over-the-counter virtual Credit Card Exchange so think of in a movie a sense of like a guy with a jacket Hood comes out hey man I can get you what you need this is essentially what these virtual credit card services are are these individuals that are advertising on low tier forums like nulled and cracked of hey if you send me Bitcoin or any type of illicit crypto I will throw it onto a virtual credit card and I'll give you that number sure you will so again a lot of these are scams from what we have seen but it's still out there it's still being advertised someone might fall for it that doesn't necessarily know a lot about crypto I wouldn't consider super top tier actors going and seeking out this type of uh acti