11.6.21

Tracking ransomware cryptocurrency payments: What now for Bitcoin?

 


Cameron Camp, security researcher

Should we expect cybercriminals to ditch the pseudonymous cryptocurrency for other forms of payment that may be better at throwing law enforcement off the scent?

Earlier this week, the Department of Justice announced it seized around $2.3 million worth of bitcoin (BTC 63.7) collected in the BTC 75 payment for Colonial Pipeline ransomware. Does this mean Bitcoin is hackable – given enough computation horsepower?

For years Bitcoin’s weaknesses (or strengths, depending on your point of view) have been known, yet rarely come to the fore. But scammers got greedy, or the market just decided for them. With public sentiment boiling, along with policymakers’ willingness to pursue those trying to take control of critical infrastructure, the appetite to go after Bitcoin has resurfaced.

The problem is that Bitcoin is pseudonymous, but certainly not anonymous. While it has first mover advantage and has retained plenty of the residual network effect and related value, chinks in the reputed anonymity armor are coming into focus.

As the full, historical ledger is publicly available, analyzing traffic patterns involving a given address makes it possible to match a standout payment pattern to a particular Bitcoin address and chase down that rabbit hole to eventually go after the true owner. Since sufficiently motivated parties have had years of testing the theory, it was just a matter of time before a target of sufficient importance surfaced to launch their weaponry.

Speaking of weaponry, the Fed recently increased the severity ranking of ransomware to that of terrorist activity, extending the reach, mandate and budget of governmental efforts to track down and eradicate it, even increasingly overseas. If they can track it.

Years ago other, more privacy-oriented cryptocurrencies, such as Monero, started to address Bitcoin’s transaction transparency, implementing things like ring-signatures and other technical defenses against traceability. But many of them floundered in their ability to become traded widely enough to seamlessly transact globally; that spot remained centered around Bitcoin, and later Ethereum.

But there are plenty of others.

While the ire surrounding outsized payouts from ransomware seems poised to continue for some time, bad actors seem more likely to increasingly flee the Bitcoin platform for payouts. Of the 5000-something alternatives currently listed on one popular trading platform, others in the top ten seem poised to move toward the top spot, especially if they get anonymity right.

It had to happen.

As markets mature and users want a more full-featured and robust platform, renewed focus on more anonymous alternatives seem natural. All that was needed was a tipping point. This may be it. Not that some instantaneous exodus amongst the digitally unscrupulous seems imminent, but expect ransomware gangs’ renewed focus on alternative forms of payment that are better at hiding their tracks.