Andrew Brookes | Cultura | Getty Images
Cryptocurrency has a security problem it hasn’t been able to shake.
A separate report out this week from Chainalysis echoes those findings. But it also shows that the majority of these crimes were carried out by just two organized groups.
Philip Gradwell, chief economist at Chainalysis, said the $1.7 billion number was in line with their own findings and that criminal activity has “grown significantly” in the past 18 months. The firm tracks cryptocurrency transactions, and provides insights to governments, law enforcement, and some hedge funds to help them comply with anti-money-laundering laws.
“When we look at these patterns it’s clear these are large, sophisticated hacking groups,” Gradwell told CNBC.
The two groups accounted for $1 billion of the total cryptocurrency hacks and averaged $90 million per hack, according to the report. In order to get away with it, hackers typically move the stolen crypto through a complex web of exchanges and personal wallets. The hackers often observe a quiet period over 40 days or so, and wait until interest has died down before cashing out.
The two strategies diverge though. One group, which the report labels as “Alpha” is more sophisticated and complex. It makes a bigger effort in hiding its tracks, “expertly shuffling funds around in a way that suggests they want to avoid detection.” To do that, the group moves the stolen cryptocurrency 15,000 times before they sell it on exchange. On average, both hacking groups move funds at least 5,000 times.
The Alpha appears “as eager to create havoc as to maximize profits,” according to the report.
The other “Beta” group as they’re called, is smaller and less sophisticated. They seem to be more focused on the money, and “don’t appear to care very much about evading detection, just about getting a clear route to convert illicit assets to clean cash.”
While crypto crimes increased in 2018, it made up a smaller slice of a much larger market. The amount taken from exchanges, for example, was 1 percent of bitcoin’s value, Gradwell said.
“The level of criminal activity is still relatively low and the main use of crypto is still as a financial asset,” Gradwell said.
Regulators are acutely aware of the issue.
Securities and Exchange Commission Chairman Jay Clayton has repeatedly voiced concerns over security and investor protection. He cited the lack of market surveillance and questions about how to safely store these assets as major roadblocks before he would feel “comfortable” green-lighting a bitcoin ETF.
“We’ve seen some thefts around digital assets that make you scratch your head,” Clayton said at CoinDesk’s Consensus Invest conference in November. “We care that the assets underlying that ETF have good custody and that they’re not going to disappear.”
Advocates have long-awaited a bitcoin-ETF, which they hope would help usher in institutional buyers and lift prices. While firms like Gemini, Coinbase and Fidelity have stepped in to be the trusted custodian.
But security is still an uphill battle as long as hacking remains profitable.
“It’s definitely not going to slow down,” CipherTrace’s Jevans said. “It’s still a massive multi-billion-dollar business and has gotten more sophisticated and bigger — what we’re seeing in 2018, we’ll see through 2019.”