For cybercriminals looking to launder illicit gains, bitcoin has long been the payment method of choice. But another cryptocurrency is coming to the fore, promising to help make dirty money disappear without a trace.
While bitcoin leaves a visible trail of transactions on its underlying blockchain, the niche “privacy coin” monero was designed to obscure the sender and receiver, as well as the amount exchanged.
As a result, it has become an increasingly sought-after tool for criminals such as ransomware gangs, posing new problems for law enforcement.
The rise of monero comes as authorities race to crack down on cyber crime in the wake of a series of audacious attacks, notably the hack on the Colonial Pipeline, a major petroleum artery supplying the US east coast.
“We’ve seen ransomware groups specifically shifting to monero,” said Bryce Webster-Jacobsen, director of intelligence at Groupsense, a cyber security group that has helped a growing number of victims pay out ransoms in monero. “[Cyber criminals] have recognised the ability for mistakes to be made using bitcoin that allow blockchain transactions to reveal their identity.”
Russia-linked REvil, the notorious ransomware group believed to be behind the attack earlier this month on meatpacker JBS, has removed the option of paying in bitcoin this year, demanding monero only, according to Brett Callow, threat analyst at Emsisoft.
Meanwhile both DarkSide, the group blamed for the Colonial Pipeline hack, and Babuk, which was behind the attack on the Washington DC Police earlier this year, allow payments in either cryptocurrency, but charge a 10 to 20 per cent premium to victims paying in riskier bitcoin, experts say.
Justin Ehrenhofer, a cryptocurrency compliance expert and member of the monero developer community, said that at the beginning of 2020, its use by ransomware gangs was “a rounding error”. Today he estimates that about 10 to 20 per cent of ransoms are currently paid in monero, and that the figure will probably rise to 50 per cent by the end of the year.
Monero was launched as an open-source project in 2014 by a user of a bitcoin forum with the pseudonym “thankful_for_today”. Its original white paper argued that bitcoin’s traceability was a “critical flaw”, adding that “privacy and anonymity are the most important aspects of electronic cash”.
Ehrenhofer is among those who argues that bitcoin’s visibility should be rejected in favour of a fully private financial system. “The main goal is transaction indistinguishability — to make private and fungible money,” he said. “We want to make monero as similar to cash as possible, where one $10 bill is the same as another and the merchant doesn’t know where they came from.”
While the currency has enjoyed a more than fivefold rise in price since the beginning of 2020, tracking the wider cryptocurrency rally, its overall market capitalisation remains a sliver of that of bitcoin: nearly $5bn compared with $727bn, according to data from Coinmarkcap.
Still, it has inspired a loyal following among privacy idealists and anti-establishment cryptography hobbyists such as Ehrenhofer, who are dedicated to maintaining its code and using advanced mathematics to try to ensure its transactions remain untraceable. It now has the third-largest community of developers of any cryptocurrency, behind bitcoin and ethereum, data show.
But monero has also attracted controversy since its inception, thanks to its association with illicit payments and money laundering. Dr Tom Robinson, chief scientist and co-founder of blockchain intelligence group Elliptic, said an increasing number of marketplaces on the dark web now exclusively accept monero for sales of everything from guns to drugs. “That’s been a big shift over the past year,” he said.
Meanwhile ransomware negotiators, who are typically hired by victims to help handle extortion payments, have also begun contacting monero developers in order to understand how the cryptocurrency works, according to Ehrenhofer. The negotiators are aiming to “build out the liquidity relationships” needed to facilitate payment in the event of a monero ransom demand, he said.
The absence of a digital trail for monero is proving increasingly problematic for law enforcement, which typically works with private sector cryptocurrency analytics groups to trace suspect transactions on bitcoin’s digital ledger.
Europol in a 2020 report placed privacy coins among the factors that have “rendered cryptocurrency investigations more challenging and [that] we can expect these to feature more prominently in future investigations”.
In September last year, the US Inland Revenue Service offered a bounty of $625,000 for any contractors able to develop tools to help trace monero. It has since awarded the contract to cryptocurrency forensics group Chainalysis and data analysis group Integra FEC.
Other cryptocurrency forensics groups have also quietly been attempting to do the same. CipherTrace chief executive Dave Jevans said his company had started working on the currency more than two years ago under a contract with the US homeland security department, and had filed patent applications as part of the work, but would not share further details.
Some experts say it is unlikely that ransomware gangs will switch to demanding monero exclusively, as difficulty in sourcing it could make victims less likely to pay up.
Many point to challenges around its liquidity and availability, meaning only smaller transactions may be possible. “If you pick a currency that’s too obscure, the very act of purchasing the currency can make [it] more expensive to purchase. That creates levels of unpredictability in a negotiation,” said Eric Friedberg, co-president of Aon-owned cyber security group Stroz Friedberg.
Others note that given its opaqueness, it is impossible to ascertain whether or not your transactions are with sanctioned entities — which could risk severe penalties.
Multiple experts say US legislators are so far steering away from singling out any particular cryptocurrency when drafting relevant legislation. Still, many big cryptocurrency exchanges have shied away from listing privacy coins for fear of attracting regulatory scrutiny, as authorities increasingly insist on higher know-your-customer and money-laundering standards.
As a result, some ransomware negotiators remain nervous of any involvement with monero.
“If a client wants to do anything in a privacy coin, we don’t support it,” said Bill Siegel, chief executive of Coveware, one of the most popular ransom negotiator companies. “We understand what the attitude is from a regulatory standpoint and we want to be helpful to law enforcement.”