Blockchain andinfrastructure provider has shared details of its role on elements of the Cl0p (aka Clop) ransomware crew in Ukraine, revealing how the expansion of its in-house cyber capabilities generated firm evidence that cybercriminals are taking advantage of cryptocurrency exchanges in their work.
While the raid on Cl0p is now widely agreed by observers to have been a takedown of more peripheral elements associated with the gang, with the big guns still suspected to be at large, as evidenced by the recent appearance of new victims on their dark web leak site, the joint raid earlier in June still resulted in the seizure of assets including cash, computing equipment, and luxury cars, as.
The group is suspected of laundering substantial sums of extorted cryptocurrency and is thought to have caused over $500m in damage during its lengthyspree.
Binance said that over the past year, it had expanded its in-housedetection and analytics capabilities and, based on its subsequent research and analysis, as well as an existing understanding of cybercriminal cashout tactics, it concluded that the most prominent security issue in the cryptocurrency industry is money gained in cyber-attacks being laundered via nested services and “parasite” exchanger accounts living inside macro virtual asset service providers (IDPs), including its own Binance.com exchange. This network of money launderers deposits and withdraws to one another to wash the money.
“These criminals enjoy taking advantage of reputable exchanges’ liquidity, diverseofferings, and well-developed APIs,” said the organization. “In most cases associated with illicit blockchain flows coming onto exchanges, the exchange is not harboring the actual criminal group themselves, but rather being used as a middleman to launder stolen profits.”
This understood Binance is now implementing a two-pronged approach to crack down on it, implementing a new detection mechanism to identify and offboard suspicious accounts and providing information to law enforcement to build cases and disruptin the physical world.
It applied this approach to the investigation that took out Cl0p – run by a group dubbed Fancycat – coordinated via an international effort including law enforcement from, Spain, Switzerland, Ukraine, and the US.
Fancy was running multiple cyber criminal activities, including distributing cyber attacks, the operation of high-risk exchangers, and money laundering from dark web operations and high-profile attacks associated with the Cl0p andransomware.
“Our AML detection and analyticsthe suspect cluster,” said Binance. “Once we mapped out the complete suspect network, we worked with private sector chain TRM Labs and Crystal (BitFury) to analyze on-chain activity and gain a better understanding of this group and its attribution.
“Based on our analysis, we found that this specific group was not only associated with laundering Cl0p attack funds but. This led to the identification and eventual arrest of Fancycat.”
The organization added: “At Binance, strong controls across exchanges, smart legislation, and. Projects such as our and our ongoing partnerships with law enforcement and security and blockchain analytics firms will be a driving force in improving the cyber security measures across the wider crypto industry.”