Meet monero, the new crypto of choice for cybercriminals

Promises to help make dirty money disappear without a trace

Article content

For cybercriminals looking to launder illicit gains, bitcoin has long been the payment method of choice. But another cryptocurrency is coming to the fore, promising to help make dirty money disappear without a trace.

While bitcoin leaves a visible trail of transactions on its underlying blockchain, the niche “privacy coin” monero was designed to obscure the sender and receiver, as well as the amount exchanged.

As a result, it has become an increasingly sought-after tool for criminals such as ransomware gangs, posing new problems for law enforcement.

The rise of monero comes as authorities race to crack down on cyber crime in the wake of a series of audacious attacks, notably the hack on the Colonial Pipeline, a major petroleum artery supplying the U.S. East Coast.

“We’ve seen ransomware groups specifically shifting to monero,” said Bryce Webster-Jacobsen, director of intelligence at GroupSense, a cyber security group that has helped a growing number of victims pay out ransoms in monero. “(Cyber criminals) have recognized the ability for mistakes to be made using bitcoin that allow blockchain transactions to reveal their identity.”

Advertisement

Article content

Russia-linked REvil, the notorious ransomware group believed to be behind the attack this month on meatpacker JBS, has removed the option of paying in bitcoin this year, demanding monero only, according to Brett Callow, threat analyst at Emsisoft.

Meanwhile, both DarkSide, the group blamed for the Colonial Pipeline hack, and Babuk, which was behind the attack on Washington, D.C., police this year, allow payments in either cryptocurrency, but charge a 10 to 20 per cent premium to victims paying in riskier bitcoin, experts say.

Justin Ehrenhofer, a cryptocurrency compliance expert and member of the monero developer community, said that at the beginning of 2020, its use by ransomware gangs was “a rounding error.” Today he estimates that about 10 to 20 per cent of ransoms are paid in monero, and that the figure will probably rise to 50 per cent by the end of the year.

Advertisement

Article content

Fungible money

Monero was launched as an open-source project in 2014 by a user of a bitcoin forum with the pseudonym “thankful_for_today”. Its original white paper argued that bitcoin’s traceability was a “critical flaw,” adding that “privacy and anonymity are the most important aspects of electronic cash.”

Ehrenhofer is among those who argue that bitcoin’s visibility should be rejected in favour of a fully private financial system. “The main goal is transaction indistinguishability — to make private and fungible money,” he said. “We want to make monero as similar to cash as possible, where one $10 bill is the same as another and the merchant doesn’t know where they came from.”

While the currency has enjoyed a more than fivefold rise in price since the beginning of 2020, tracking the wider cryptocurrency rally, its overall market capitalization remains a sliver of that of bitcoin: nearly $5 billion compared with $727 billion, according to data from CoinMarketCap.

Advertisement

Article content

The exchange rates and logos of Bitcoin (BTH), Ether (ETH), Litecoin (LTC) and Monero (XMR) are seen on the display of a cryptocurrency ATM in Zurich, Switzerland.
The exchange rates and logos of Bitcoin (BTH), Ether (ETH), Litecoin (LTC) and Monero (XMR) are seen on the display of a cryptocurrency ATM in Zurich, Switzerland. Photo by Reuters/Arnd Wiegmann/File Photo

Still, it has inspired a loyal following among privacy idealists and anti-establishment cryptography hobbyists such as Ehrenhofer, who are dedicated to maintaining its code and using advanced mathematics to try to ensure its transactions remain untraceable. It now has the third-largest community of developers of any cryptocurrency, behind bitcoin and ethereum, data show.

But monero has also attracted controversy since its inception, thanks to its association with illicit payments and money laundering. Dr. Tom Robinson, chief scientist and co-founder of blockchain intelligence group Elliptic, said an increasing number of marketplaces on the dark web exclusively accepted monero for sales of everything from guns to drugs. “That’s been a big shift over the past year.”

Advertisement

Article content

Meanwhile, ransomware negotiators, who are typically hired by victims to help handle extortion payments, have also begun contacting monero developers in order to understand how the cryptocurrency works, according to Ehrenhofer. The negotiators aimed to “build out the liquidity relationships” needed to facilitate payment in the event of a monero ransom demand, he said.

Hidden trails

The absence of a digital trail for monero is proving increasingly problematic for law enforcement, which typically works with private sector cryptocurrency analytics groups to trace suspect transactions on bitcoin’s digital ledger.

Europol, in a 2020 report, placed privacy coins among the factors that had “rendered cryptocurrency investigations more challenging and (that) we can expect these to feature more prominently in future investigations.”

Advertisement

Article content

The IRS offered a bounty of US$625,000 for any contractors able to develop tools to help trace monero

In September last year, the U.S. Internal Revenue Service offered a bounty of US$625,000 for any contractors able to develop tools to help trace monero. It has since awarded the contract to cryptocurrency forensics group Chainalysis and data analysis group Integra FEC.

Other cryptocurrency forensics groups have also quietly been attempting to do the same. CipherTrace chief executive Dave Jevans said his company had started working on the currency more than two years ago under a contract with the U.S. homeland security department, and had filed patent applications as part of the work, but would not share further details.

Advertisement

Article content

Some experts say it is unlikely that ransomware gangs will switch to demanding monero exclusively, because difficulty in sourcing it could make victims less likely to pay up.

Many point to challenges around its liquidity and availability, meaning only smaller transactions may be possible. “If you pick a currency that’s too obscure, the very act of purchasing the currency can make (it) more expensive to purchase. That creates levels of unpredictability in a negotiation,” said Eric Friedberg, co-president of Aon-owned cyber security group Stroz Friedberg.

Others note that given its opaqueness, it is impossible to ascertain whether or not your transactions are with sanctioned entities — which could risk severe penalties.

Advertisement

Article content

Multiple experts say US legislators are so far steering away from singling out any particular cryptocurrency when drafting relevant legislation. Still, many big cryptocurrency exchanges have shied away from listing privacy coins for fear of attracting regulatory scrutiny, as authorities increasingly insist on higher know-your-customer and money-laundering standards.

As a result, some ransomware negotiators remain nervous of any involvement with monero.

“If a client wants to do anything in a privacy coin, we don’t support it,” said Bill Siegel, chief executive of Coveware, one of the most popular ransom negotiator companies. “We understand what the attitude is from a regulatory standpoint and we want to be helpful to law enforcement.”

© 2021 The Financial Times Ltd

_____________________________________________________________

 If you like this story sign up for FP Finance Newsletter.

_____________________________________________________________

Advertisement

In-depth reporting on the innovation economy from The Logic, brought to you in partnership with the Financial Post.

Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.