The need to launder money is omnipresent in the criminal world, and lately, a new way of doing it has come to the fore: peer-to-peer cryptocurrency exchanges.
These exchanges offer one-to-one relationships and transactions; buyers and sellers of virtual currency sign-up with their location information, IP address and other data to verify their identity, link to their wallets, and from there can swap and cash out currencies with other people who decide to trust them. Parties sometimes take the relationship offline too, meeting face-to-face to close out deals. After striking a bargain, a buyer can exchange cash in person, transfer bank funds online or can exchange funds for prepaid cards, gift cards or other cryptocurrencies.
These platforms offer an alternative to the marketplace methods represented by big Bitcoin exchanges such as Coinbase, and many users feel they can get better deals and a better service experience by using them. There’s another difference though: Peer-to-peer exchanges are decentralized and often lack the accountability, security and transparency measures used by the larger players.
Coinbase for instance monitors for dark web activity and recently implemented the Know Your Customer identity verification service (not that it’s not in hot water in other ways), which in theory makes it harder for criminals to launder money or use the funds to buy items from the underground. So, peer-to-peer alternatives have started to be a go-to choice for criminals looking to take advantage of the anonymity of cryptocurrency.
“Although certain peer-to-peer cryptocurrency exchanges might willingly cooperate with law enforcement, there are readily available methods that threat actors utilize while laundering their illicitly gained funds to maintain anonymity,” said Flashpoint, which flagged the increasing criminal activity on the exchanges in a post Monday. Intelligence analyst Kathleen Weinberger told Threatpost that these include tried-and-true methods like using forged documents to sign-up for the services.
“A lot of what’s going on here is just a criminal rather than a technical story,” she said in an interview. “It’s easy to look for a technical solution to prevent this – there certainly is one (or rather a thousand of them). But there’s pressure on services to try and make their service usable – they don’t want their average user having to struggle for days to have their identity verified. At the same time, they have to make sure that this isn’t getting in the way of things being safe and accountable.”
Being a relatively new arena, that’s a work in progress. So for now, “it’s law enforcement having to crack down on those buying and selling identities and fake documents to combat this,” she said.
Law enforcement has seen some successes despite the hurdles that the exchanges present; for instance, OxyMonster, a notorious dark web purveyor of drugs and other illicit goods, was nabbed in May after detectives made a connection between a Facebook page and his dark web site on the Dream marketplace. Even though he was using a peer-to-peer Bitcoin “tip jar” for transactions, they managed to track him down by other means, arresting him as he entered the country from France, on his way to a beard contest in Miami.
Because of this Wild West element, Flashpoint analysts have observed a growing number of underground discussions around using these exchanges for criminal means, including recommendations around certain peer-to-peer services that threat actors consider valuable or the safest. Some discussions include listings of established—also known as “aged”—local exchange accounts for sale, which are less likely to be flagged for fraud because they have the appearance of long-term use.
“Discussions among threat actors in these forums primarily are concerned with recruiting others to cash-out schemes,” explained Flashpoint. “They also spell out the prerequisites for others to join and the terms necessary to convert stolen funds to Bitcoin or Monero, even in large amounts.”
Some discussions around peer-to-peer exchanges date back at least four years, but the interest is growing and likely to continue as larger exchanges stiffen their security controls.
“We’ve seen threat actors on a daily or weekly basis looking for ways to clean Bitcoin or Monero – it’s not a huge secret,” Flashpoint intelligence analyst Carles Lopez-Penalver said in an interview. “It’s somewhat easy to commit tax fraud and money laundering in general, or to purchase drugs with these methods, so the government needs to crack down. I appreciate blockchain technology – but I think that there has to be a better understanding of what’s happening out there, and that people doing very bad things with cryptocurrency.”