Bitcoin Mining Operations Increasingly Used to Launder Ill-Gotten Crypto, Chainalysis Says

Criminal operations throughout the years have always faced the problem of how to make stolen money seem clean, hence the term money laundering. This is no different when cryptocurrency is involved, but the public nature of blockchain transactions has made it a bit more difficult for crypto criminals to make their ill-gotten gains appear legitimate.

Now into this mix comes blockchain mining operations, which are a foundational part of how Bitcoin and other cryptocurrencies are created. Miners use brute-strength computing to solve trial-and-error problems necessary to validate and publish the latest batch of Bitcoin transactions; for their trouble, the winning miner is awarded free Bitcoin. Previous studies have shown how sanctioned governments like Iran and North Korea have used Bitcoin mining to generate funds outside the sanctions.

Now, new research from blockchain forensics firm Chainalysis shows that crooks who receive Bitcoin through ransomware attacks are sometimes using miners to launder their crypto in a sophisticated attempt to avoid detection.

In one instance, it works like this. A ransomware outfit will send its Bitcoin to the mining operation prior to the miner sending their Bitcoin to an exchange. Remember, a miner usually sells the Bitcoin it earns to pay its bills and turn a profit, hence it’s sending a lot of crypto to exchanges for sale. To launder their funds, some ransomware crooks are now sending their crypto to the miners so that an exchange won’t detect that some of the Bitcoin coming its way was obtained through illegal means. In this example, Chainalysis said this was occurring via “a highly active deposit address at a mainstream exchange” which it didn’t name.

“This may represent a sophisticated attempt at money laundering, in which the ransomware actor funnels funds to its preferred exchange via the mining pool in order to avoid triggering compliance alarms at the exchange,” Chainalysis said in its report. “In this scenario, the mining pool acts similarly to a mixer in that it obfuscates the origin of funds” and “creates the illusion that the funds are proceeds from mining rather than from ransomware.”

The amount of crypto obtained through ransomware attacks that’s then sent to miners appears to back this up. While about $10,000 in crypto was sent from ransomware outfits to mining operations at the beginning of 2018, that has now risen to around $50 million as of mid-2023, according to Chainalysis data.

A less sophisticated approach is also on the rise. This is where Bitcoin obtained through ransomware is sent to exchange deposit addresses used by mining operations.

“While this activity should be easier for exchanges to catch, it’s possible that in cases like these, ransomware actors are trying to pass off their own funds as mining proceeds, even though they’re not first moving the funds through a mining pool,” Chainalysis said. Since 2018, $158.3 million in crypto gained from ransomware has been sent to exchange deposit addresses, “a significant share of the total value sent to exchanges by all ransomware addresses during the time period studied,” Chainalysis said. “Overall, the data suggests that mining pools may play a key role in many ransomware actors’ money laundering strategy.”

Listen: DeCent People With Chainalysis Head of Research Kim Grauer

Ransomware isn’t the only shady part of crypto that is utilizing miners to launder funds, according to Chainalysis. “Other crypto scammers and money launderers working on their behalf are also using mining pools as part of their money laundering process,” the forensics firm said. Chainalysis analyzed the total amount of crypto sent since 2018 to exchange deposit addresses “with scam exposure that have also received at least $1 million worth of cryptocurrency from mining pools.”

The firm found that since 2018 just under $1.1 billion in crypto value fits that description. Even more troubling, if the same metrics are used when looking at all forms of crypto crime, “we find that nearly $1.8 billion in illicit cryptocurrency has moved to deposit addresses with heavy mining exposure,” Chainalysis said.

Steps to combat this type of money laundering include exchanges and mining operators being more stringent on verifying their customers and creating stronger wallet screening tools so that illicit crypto can be rejected, Chainalysis said. Exchanges should also have measure in place to “consider the full exposure profile of any wallets sending funds to them,” such as the firm’s know-your-transaction service.

“We can deny bad actors access to a potentially valuable money laundering capability, and ensure that mining, which is a core functionality of Bitcoin and many other blockchains, isn’t compromised,” Chainalysis said.