Scammers and Hackers Use Cloud Mining to Launder Cryptocurrencies

According to new research, the use of cloud mining methods to conceal crypto funds has intensified amongst those who commit ransomware and cryptocurrency scams.

The use of cloud mining services by ransomware actors and scammers to launder digital assets and cryptocurrency has been increasing in recent years. “Cryptocurrency mining is a crucial part of our industry, but it also holds special appeal to bad actors, as it provides a means to acquire money from an immaculate on-chain original source,” stated Chainalysis. In March, Google Mandiant revealed how North Korean-based APT43 hid the stolen cryptocurrency’s forensic trail through cloud mining and hash rental services.

The cloud mining method enables users to rent a computer system for the purpose of mining cryptocurrencies using that computer’s computational power. Moreover, the mining hardware does not need to be managed by the user. However, Chainalysis reports that nation-states are using more than just such services. In this case, funds were sent to an unnamed mainstream crypto exchange using mining pools and wallets associated with ransomware actors.

A significant chunk of the funds was routed through an intermediary network of wallets and pools, totalling $19.1 million from accounts associated with four ransomware attacks and $14.1 million obtained from three cryptocurrency mining pools. “In this scenario, the mining pool acts similarly to a mixer in that it obfuscates the origin of funds and creates the illusion that the funds are proceeds from mining rather than ransomware,” Chainalysis noted.

There is a growing trend of ransomware wallet assets being sent to exchanges via mining pools, rising substantially from less than $10,000 in Q1 2018 to approximately $50 million in Q1 2023. Additionally, at least $1 million worth of cryptocurrency has been received by 372 exchange deposit addresses originating from mining pools and ransomware. “Overall, the data suggest that mining pools may play a key role in many ransomware actors’ money laundering strategy,” Chainalysis said.

It was recently discovered that the BitClub Network mixed its illicit Bitcoin proceeds with assets and BTC-e, a cryptocurrency exchange that was established as a means of laundering the proceeds of the Mt. Gox hack. Mining pools have also been included in scam operators’ playbooks.

Mt. Gox stated, “Crypto scammers and money launderers working on their behalf also use mining pools as part of their money laundering process. Deposit addresses [with receipts of at least $1 million worth of crypto from mining pools] have received just under $1.1 billion worth of cryptocurrency from scam-related addresses since 2018.”

Suggested Reads:

UPDATED AML REGULATION FOR AUSTRALIAN DIGITAL CURRENCY EXCHANGE

CRYPTOCURRENCIES NEED REGULATION TO PREVENT MONEY LAUNDERING, SAYS SINGAPORE MINISTER

CANADA’S FEDERAL AGENCIES TO CONSULT ON ANTI-MONEY LAUNDERING AND COUNTER-TERRORISM MEASURES