When the FBI successfully breached a crypto wallet held by the Colonial Pipeline hackers by following the money trail on bitcoin’s blockchain, it was a wake-up call for any cyber criminals who thought transacting in cryptocurrency automatically protected them from scrutiny.
One of the core tenets of bitcoin is that its public ledger, which stores all token transactions in its history, is visible to everyone. This is why more hackers are turning to coins like dash, zcash, and monero, which have additional anonymity built into them.
Monero, in particular, is increasingly the cryptocurrency of choice for the world’s top ransomware criminals.
“The more savvy criminals are using monero,” said Rick Holland, chief information security officer at Digital Shadows, a cyberthreat intelligence company.
Monero was released in 2014 by a consortium of developers, many of whom chose to remain anonymous. As spelled out in its white paper, “privacy and anonymity” are the most important aspects of this digital currency.
The privacy token operates on its own blockchain, which hides virtually all transaction details. The identity of the sender and recipient, as well as the transaction amount itself, are disguised.
Because of these anonymity features, monero allows cyber criminals greater freedom from some of the tracking tools and mechanisms that the bitcoin blockchain offers.
“On the bitcoin blockchain, you can see what wallet address transacted, how many bitcoin, where it came from, where it’s going,” explained Fred Thiel, former chairman of Ultimaco, one of the largest cryptography companies in Europe, which has worked with Microsoft, Google and others on post-quantum encryption.
“With monero, [the blockchain] obfuscates the wallet address, the amount of the transactions, who the counter-party was, which is pretty much exactly what the bad actors want,” he said.
While bitcoin still dominates ransomware demands, more threat actors are starting to ask for monero, according to Marc Grens, president of DigitalMint, a company that helps corporate victims pay ransoms.
“We’ve seen REvil…give discounts or request payments in monero, just in the past couple months,” continued Holland.
Monero was also a popular choice on AlphaBay, a massive underground marketplace popular up until it was shut down in 2017.
“It’s almost like we’re seeing, at least from a cyber criminal perspective, a resurgence…in monero, because it has inherently more privacy than some of the other coins out there,” Holland said of monero’s recent rise in popularity among actors in the ransomware space.
There are, however, a few major barriers when it comes to the mainstreaming of monero.
For one, it’s not as liquid as other cryptocurrencies — many regulated exchanges have chosen not to list it due to regulatory concerns, explained Mati Greenspan, portfolio manager and Quantum Economics founder. “It certainly isn’t enjoying as much from the recent wave of institutional investments,” he said.
In practice, that means that it’s harder for cyber criminals to get paid directly in the currency.
“If you’re a corporation and you want to acquire a bunch of monero to pay somebody, it’s very hard to do,” Thiel told CNBC.
The digital currency could also be more vulnerable to regulation at its on-and-off-ramps, which is the bridge between fiat cash and crypto tokens.
“I would wager to say the U.S. and other regulators are going to shut them [monero] down pretty hard,” said Thiel.
One way they could go about that: telling an exchange that if they list monero, they risk losing their license.
But while the U.S. government can indeed keep monero at bay by marginalizing liquidity points, Castle Island Ventures founding partner Nic Carter believes that…