“It’s like whack-a-mole between law enforcement and the tools they use, and criminals.”
However, these types of coins are still nowhere near the level of popularity of Bitcoin. FinCEN said in October, it observed attackers providing both a Monero and Bitcoin wallet address for ransomware payments, and imposing an extra fee – a 10 to 20 percent surcharge – for victims paying in Bitcoin. Other times, attackers would exclusively request payment in Monero, but would ultimately accept a payment in Bitcoin after negotiation. Overall, FinCEN said in a report that it observed 17 ransomware incidents where the attackers requested payment in Monero.
“While Bitcoin is still used in the majority of payments, a few ransomware strains now have added Monero,” said Koven. “But the liquidity of Monero is not conducive to large payments, and it’s also challenging to provide guidance for victims [to pay with Monero]. That’s why we’re still seeing Bitcoin as predominant.”
Cybercriminals are also relying on cryptocurrency mixers, which are services that, for a fee, pool together streams of cryptocurrency deposits from several different users and then return them at random values. These mixer services (also known as tumblers) are legal and offer users more anonymity. CoinJoins, another technique, involve the mixing of coins from different parties in a Bitcoin transaction, with the output mixing up the addresses to make tracking more difficult. And a process known as chain hopping involves converting cryptocurrency and moving funds across blockchains, all in rapid succession, in a way that traditionally was difficult to follow.
“It’s like whack-a-mole between law enforcement and the tools they use, and criminals,” said Redbord. “You’re seeing money launderers use more and more sophisticated techniques to move money in crypto. There are so many of these types of techniques that bad actors are using today, and they’re also taking advantage of these non-compliant exchanges.”
However, he said, as the bad actors are getting more effective, so too are the tools used by law enforcement in protecting against these threats, which allow them to trace funds and link suspicious activity to real-world entities, as well as monitor transactions for crypto assets to weed out ones potentially linked to malicious actors.