For cybercriminals looking to launder illicit earnings, bitcoin has long been the payment method of choice. But another cryptocurrency is coming to the fore, promising to help make dirty money disappear without a trace.
While bitcoin leaves a visible trail of transactions on its underlying blockchain, the niche “privacy coin” monero was designed to hide the sender and receiver, as well as the amount traded.
As a result, it has become an increasingly sought-after tool by criminals such as ransomware gangs, posing new challenges for law enforcement.
The rise of monero comes as authorities rush to crack down on cybercrime following a series of daring attacks, including the hack of the Colonial Pipeline, a major oil artery supplying the United States’ east coast.
“We have seen ransomware groups switch specifically to monero,” said Bryce Webster-Jacobsen, chief intelligence officer at GroupSense, a cybersecurity group that has helped a growing number of victims pay ransoms in monero. “[Cyber criminals] have recognized the possibility of making mistakes using bitcoin which allows blockchain transactions to reveal their identities.
According to Brett Callow, threat analyst at Emsisoft, REvil, the notorious ransomware group believed to be behind this month’s attack on Russia-linked meat packer JBS, has removed the possibility of pay in bitcoin this year, requiring only monero.
Meanwhile, DarkSide, the group blamed for the Colonial Pipeline hack, and Babuk, who was behind the attack on Washington DC police this year, are clearing payments in either crypto. -currency, but charge a 10-20% premium to victims paying in riskier bitcoin. , experts say.
Justin Ehrenhofer, a cryptocurrency compliance expert and member of the monero developer community, said that in early 2020 its gang use of ransomware was “a rounding error.” Today, he estimates that around 10 to 20 percent of ransoms are paid in monero, and that figure will likely rise to 50 percent by the end of the year.
Monero was started as an open source project in 2014 by a user in a bitcoin forum with the pseudonym “thankful_for_today”. Its original white paper argued that bitcoin’s traceability was a “critical flaw”, adding that “privacy and anonymity are the most important aspects of electronic money”.
Ehrenhofer is among those who argue that the visibility of bitcoin should be rejected in favor of a fully private financial system. “The main goal is the indistinguishability of transactions – to earn private and fungible money,” he said. “We want the monero to look as much like cash as possible, where one $ 10 bill is the same as another and the trader doesn’t know where it came from. “
While the price of the currency has more than quintupled since the start of 2020, following the broader rally in cryptocurrency, its overall market capitalization remains a fraction of that of bitcoin: nearly $ 5 billion compared to $ 727 billion. dollars, according to data from CoinMarketCap.
Yet he has inspired a loyal following among privacy idealists and anti-establishment crypto enthusiasts such as Ehrenhofer, who are dedicated to maintaining his code and using advanced math to try to ensure that its transactions remain untraceable. It now has the third largest developer community of all cryptocurrencies, behind Bitcoin and Ethereum, according to the data.
But monero has also sparked controversy since its inception, thanks to its association with bribes and money laundering. Dr Tom Robinson, chief scientist and co-founder of blockchain intelligence group Elliptic, said a growing number of dark web markets are exclusively accepting monero for the sale of everything from guns to drugs. “It’s been a big change over the past year. ”
Meanwhile, ransomware negotiators, who are typically hired by victims to help manage extortion payments, have also started contacting monero developers in order to understand how the cryptocurrency works, according to Ehrenhofer. The negotiators aimed to “build the liquidity relationships” necessary to facilitate payment in the event of a monetary ransom demand, he said.
The lack of a digital lead for monero is proving increasingly problematic for law enforcement, who typically work with private sector cryptocurrency analysis groups to trace suspicious transactions on the digital ledger. of Bitcoin.
Europol, in a 2020 report, placed privacy coins among the factors that “made cryptocurrency investigations more difficult and [that] we can expect these to feature more prominently in future surveys ”.
In September of last year, the US Internal Revenue Service offered a bonus of $ 625,000 to any entrepreneur able to develop tools to help trace monero. He has since awarded the contract to cryptocurrency forensics group Chainalysis and data analysis group Integra FEC.
Other cryptocurrency forensics groups have also quietly tried to do the same. CipherTrace chief executive Dave Jevans said his company started working on the currency more than two years ago under a contract with the US Department of Homeland Security and had filed for patent applications. as part of the work, but would not share more details.
Some experts say ransomware gangs are unlikely to turn to demanding monero exclusively, as the difficulty in finding it could make victims less likely to pay.
Many point to challenges regarding its liquidity and availability, which means that only smaller transactions may be possible. “If you choose a currency that is too obscure, simply buying the currency can make [it] more expensive to buy. This creates levels of unpredictability in a negotiation, ”said Eric Friedberg, co-chair of Aon-owned Stroz Friedberg cybersecurity group.
Others note that due to its opacity, it is impossible to determine whether or not your transactions are carried out with sanctioned entities, which could lead to severe penalties.
Many experts claim that U.S. lawmakers have so far moved away from identifying a particular cryptocurrency when drafting relevant legislation. Yet many major cryptocurrency exchanges have been reluctant to list privacy coins for fear of attracting regulatory scrutiny as authorities increasingly insist on higher KYC and money laundering standards. .
As a result, some ransomware negotiators remain nervous about any involvement with monero.
“If a client wants to do anything in a privacy room, we don’t support them,” said Bill Siegel, managing director of Coveware, one of the most popular ransomware trading companies. “We understand what the attitude is from a regulatory point of view and we want to be useful to law enforcement.”
For the latest fintech news and opinions from FT’s correspondent network around the world, sign up for our weekly newsletter #fintechFT
Register here in one click