Cameron Camp, security researcher
Should we expect
cybercriminals to ditch the pseudonymous cryptocurrency for other forms of
payment that may be better at throwing law enforcement off the scent?
Earlier this week, the Department of
Justice announced it seized around $2.3 million worth of bitcoin
(BTC 63.7) collected in the BTC 75 payment for Colonial Pipeline ransomware.
Does this mean Bitcoin is hackable – given enough computation horsepower?
For years Bitcoin’s weaknesses (or strengths,
depending on your point of view) have been known, yet rarely come to the fore.
But scammers got greedy, or the market just decided for them. With public
sentiment boiling, along with policymakers’ willingness to pursue those trying
to take control of critical infrastructure, the appetite to go after Bitcoin
has resurfaced.
The problem is that Bitcoin is pseudonymous, but
certainly not anonymous. While it has first mover advantage and has retained
plenty of the residual network effect and related value, chinks in the reputed
anonymity armor are coming into focus.
As the full, historical ledger is publicly
available, analyzing traffic patterns involving a given address makes it
possible to match a standout payment pattern to a particular Bitcoin address
and chase down that rabbit hole to eventually go after the true owner. Since
sufficiently motivated parties have had years of testing the theory, it was
just a matter of time before a target of sufficient importance surfaced to
launch their weaponry.
Speaking of weaponry, the Fed recently increased
the severity ranking of ransomware to that of terrorist activity, extending the
reach, mandate and budget of governmental efforts to track down and eradicate
it, even increasingly overseas. If they can track it.
Years ago other, more privacy-oriented
cryptocurrencies, such as Monero, started to
address Bitcoin’s transaction transparency, implementing things like
ring-signatures and other technical defenses against traceability. But many of
them floundered in their ability to become traded widely enough to seamlessly
transact globally; that spot remained centered around Bitcoin, and later
Ethereum.
But there are plenty of others.
While the ire surrounding outsized payouts from
ransomware seems poised to continue for some time, bad actors seem more likely
to increasingly flee the Bitcoin platform for payouts. Of the 5000-something
alternatives currently listed on one popular trading platform, others in the
top ten seem poised to move toward the top spot, especially if they get
anonymity right.
It had to happen.
As markets mature and users want a more
full-featured and robust platform, renewed focus on more anonymous alternatives
seem natural. All that was needed was a tipping point. This may be it. Not that
some instantaneous exodus amongst the digitally unscrupulous seems imminent,
but expect ransomware gangs’ renewed focus on alternative forms of payment that
are better at hiding their tracks.