In short
- US law enforcement officials cracked down on Chinese nationals who laundered $ 100 million in stolen crypto for North Korean hackers.
- Hackers exploit the Bitcoin blockchain to hide their tracks.
- Philip Gradwell of Chainalysis explains to Decrypt how they do it.
Recently, the United States Department of Justice indicted two Chinese nationals, Tian Yinyin and Li Jiadong, with the laundering of more than $ 100 million in cryptocurrencies stolen for the benefit of their alleged co-conspirators in North Korea. The correspondent documents unsealed by the US government also indicate that Kim Jong-un’s state-sponsored hackers continue to evolve their tactics, often using so-called “peel chains” to cover their tracks.
Talk to Decipher, Philip Gradwell, chief economist at blockchain analysis company Chainalysis, explained that peeling chains are a natural feature of “Unspent Transaction Out” blockchains, such as Bitcoin. Indeed, when the value is transferred from one entity to another on a UTXO blockchain, a “change transfer” is almost always generated at the same time.
“A change transfer is generated because a transaction output must always be fully spent, in the same way that you can’t rip a $ 10 bill in half to pay someone $ 5.” So if you send a lower amount at the end of the transaction to another entity, you send the rest – the “change” – to another address that you control, in the same way that you will get money by spending 5 $ with a $ 10 bill ”. Explained Gradwell.
In particular, it is not a system every blockchain ever created uses, Ethereum being the most obvious example. However, both models track the state of the database and also contribute to the goals of their respective platforms.
Lost in the coat
A “peel-off chain” occurs when an entity makes its next transfer from the change from its previous transfer and sends it to a new address, he said. As a result, he gets of them change the chained addresses, with the payment taken off each sent to the recipient. If the entity transfers again from the last modification address and sends it to a new one, the detachment chain becomes longer.
This is actually how the system is supposed to work, and peeling chains are common. However, Gradwell said that when money launderers use them “they don’t send a transfer to another entity when they take off Bitcoin from their change address.” They simply divide their funds into smaller amounts, in a way that, in a simplified way, seems like some funds could have changed hands. In reality, they did not do so, however.
Believe it or not, things get exponentially complicated from here. When the peel chains get very long and new ones are launched from Bitcoin which has already been peeled off, “peel chain peel chains” start to appear.
Because of this, it is difficult for law enforcement and crypto security companies to track this activity and detect if the funds have actually changed hands, or have simply been moved by the money launderer. via a peel chain that they control. And crypto hackers are constantly stepping up their game, using longer and more complex peel chains.
Last September, Decipher reported that North Korea has officially denied UN expert report linking him to a $ 2 billion hacking campaign. The statement released by KCNA, the North Korean state news agency, has denied any allegation that North Korea “illegally forced the transfer of the $ 2 billion needed to develop ADM programs by involving cyber actors ”.
However, business is piling up.
