A wallet linked to ransomware attacks funneled funds through a mining pool to make it seem like the digital assets were earned through mining.
While good actors within the crypto space channel their creativity toward building new things, bad actors use the same energy to devise more ingenious ways to hide their ill-gotten gains.
A new report from blockchain analytics firm Chainalysis shows how wallets involved in ransomware attacks are turning to crypto mining pools to launder the funds acquired through exploits.
According to the firm, a highly active wallet address from what it described as a “mainstream exchange” has received funds from wallets and mining pools linked to ransomware. The deposit address received almost $100 million in digital assets, with $19.1 million coming from ransomware addresses and $14.1 million from mining pools.
The chart shows a complex attempt to launder funds through mining pools. According to Chainalysis, the ransomware actor sent funds to the exchange through a mining pool. Through this, they can “avoid triggering compliance alarms” within the exchange.
Graph showing how a wallet linked to ransomware sends funnels funds through a mining pool. Source: Chainalysis
In this case, the mining pool performs the function of a crypto mixer and makes the origin of the funds obscure. This creates a smokescreen, leading observers to believe that the funds are earned through mining and are not from a ransomware attack.
According to the analysis firm, there has been an increase in value sent from ransomware wallets to mining pools. In one instance, Chainalysis highlighted that an exchange wallet address had received $158.3 million from ransomware addresses since 2018.
While the problem appears to be a huge headache for the crypto space, Chainalysis suggested that it can be solved by mining pools applying a more comprehensive wallet screening process in addition to Know Your Customer measures and rejecting funds coming from illicit addresses.