U.S. Senators Elizabeth Warren and Bill Cassidy launched an initiative to tackle the use of cryptocurrencies in the trade of child sexual abuse material (CSAM) after a Chainalysis report revealed a rise in crypto transactions linked to CSAM. Meanwhile, the FBI has issued warnings against unregistered cryptocurrency services and crypto mixers. Amidst these regulatory concerns, security firm Blockaid has made strides in fighting crypto-based crimes, including shutting down drainer operations on Ethereum networks.
Senators Target Crypto in Child Abuse Trade
U.S. Senators Elizabeth Warren and Bill Cassidy started a focused effort to tackle the use of cryptocurrencies in the trade of child sexual abuse material (CSAM). A January 2024 Chainalysis report caused a lot of concern as it revealed a rise in crypto transactions linked to CSAM, particularly through the use of "mixers" and "privacy coins" like Monero (XMR). Both senators have questioned the capabilities of the Department of Justice (DOJ) and Department of Homeland Security (DHS) in handling these crimes.
In a letter addressed to Attorney General Merrick Garland and Secretary of Homeland Security Alejandro Mayorkas, Warren and Cassidy pushed for details on the current technical abilities of these agencies to track and prosecute the clandestine use of digital currencies in these illegal activities. They also pointed out the challenges that existing Anti-Money Laundering (AML) rules and enforcement strategies face in curbing the misuse of cryptocurrencies.
The senators outlined six key questions in their letter, aimed at understanding the federal response to the cryptographic aspects of CSAM trade and determining the need for new investigative tools. They expect answers by May 10.
Crackdowns on crypto crime have certainly been a trend this year so far. On Mar. 26, the DOJ indicted KuCoin and its two founders for operating an unlicensed money transmitting business and violating the Bank Secrecy Act.
FBI's Latest Warning
The Federal Bureau of Investigation (FBI) recently issued a public service announcement that urged Americans to use only registered Cryptocurrency Money Services Businesses (MSBs) that comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. The warning was issued on Apr. 25, and pointed out some of the risks associated with using unlicensed cryptocurrency services, which could include financial disruptions, especially if funds are mixed with money obtained illegally.
This announcement was made after the arrest of the co-founders of Samourai Wallet, a Bitcoin wallet and crypto mixing service. CEO Keonne Rodriguez and CTO William Hill were charged with money laundering and operating an unlicensed money-transmitting business, and now face up to 25 years in prison.
Crypto lawyer Michael Bacina from Piper Alderman believes the FBI's warning is mainly targeting users of crypto mixing services and smart-contract-driven privacy tools, like Samourai or Tornado Cash. However, he did criticize how broad and unspecific the warning was, and believes it lacks the nuance needed to fully address the complexities of decentralized systems.
The definition of what constitutes an MSB is still pretty unclear. Bankless co-founder Ryan Sean Adams called the FBI's announcement "eerie," and also questioned the criteria for determining MSB status.
What is a Crypto Mixer?
Crypto mixers, also known as tumblers, have certainly become a focal point of concern for government agencies overseeing financial security. These services increase privacy by obscuring the origins of cryptocurrency transactions. Users mix their identifiable funds with large pools of other funds, making it difficult to trace individual transactions. This feature, while very appealing for privacy reasons, also poses a lot of risks for money laundering and the concealment of illicit gains.
Crypto mixers come in two primary forms: centralized and decentralized. Centralized mixers are services where a company takes Bitcoin from a user and returns different Bitcoin, less a fee. Decentralized mixers, on the other hand, employ protocols like CoinJoin, which allow multiple users to pool their Bitcoin together and redistribute it in such a way that each gets a Bitcoin back, but the origins and destinations are obfuscated.
There are also more sophisticated types of mixers, like obfuscation-based and zero-knowledge-based mixers. Obfuscation mixers use techniques to hide the transaction graph, which can be pieced back together by someone with enough resources. Zero-knowledge mixers use advanced cryptographic techniques to completely erase the transaction graph, offering higher security at the potential cost of scalability.
Mixers work by pooling a user's cryptocurrency with others in a private pool, then redistributing it to designated addresses in smaller units, making it nearly impossible to link incoming and outgoing funds directly. This process involves a fee, usually between 1-3% of the total amount mixed.
While coin mixing boosts transaction privacy, it is comparable to money laundering and can be seen as illicit under certain legal frameworks. However, not all use of cryptocurrency mixers is illegal. Many users use these services to enhance the privacy of their financial activities. Nonetheless, as seen from the FBI’s warning, the inherent features of mixers that facilitate anonymity also make them susceptible to misuse for laundering money and hiding the proceeds of crime.
Blockaid's Fight Against Drainers
On the bright side, there are still people fighting crime in the crypto space. Blockaid, a developer of security software for Ethereum Virtual Machine (EVM) networks, recently announced that its platform has successfully shut down at least one cryptocurrency drainer operation.
Blockaid shared a statement from a crypto drainer service indicating that they ceased operations due to the low success rate of their attacks thanks to Blockaid's defenses. The drainers advised moving their activities to networks not covered by Blockaid, like Bitcoin or Solana.
This announcement came as there has been talks about the issue of "false positives" in Blockaid's system, where legitimate applications are mistakenly flagged as malicious. Blockaid acknowledged that this happens in a minuscule fraction of transactions (0.0002%) and argued that completely eliminating false positives would compromise the effectiveness of the system, allowing even more malicious apps to operate unchecked.
In response to concerns, Blockaid is also launching a new web portal to allow users and developers to report inaccuracies in its flagging system.
Lazarus Group's LinkedIn Scams
Unfortunately, as the crypto industry learns more about security, so do the people on the wrong side of the law. The Lazarus hacker group, linked to North Korea, is currently using LinkedIn to orchestrate targeted malware attacks to crypto assets.
Blockchain security analytics firm SlowMist revealed that the group masquerades as blockchain developers looking for employment in the cryptocurrency sector. By gaining trust, they persuade victims to grant access to code repositories which contain malware designed to extract sensitive information and assets.
Using LinkedIn for malicious purposes isn't new for Lazarus. They used a similar strategy in December of 2023, posing as a Meta recruiter to distribute malware-loaded coding challenges. Victims who executed these challenges on their workstations inadvertently facilitated remote access through a Trojan.
Over the years, Lazarus has accumulated more than $3 billion in stolen crypto assets, making it one of the most formidable hacking collectives since it emerged in 2009. Despite facing numerous sanctions, it continues to aggressively target crypto firms. In August of 2023, the group swindled $37 million from the crypto payment firm CoinsPaid using bogus job interviews.
Their largest recorded heist was the 2022 Ronin Bridge attack, where they netted $625 million. To obscure their financial trails, Lazarus very often uses crypto mixing services, funneling the laundered proceeds back to North Korea to support military operations.
