Chainalysis told how scammers launder money through mining pools

By data service, the active address of a large exchange, whose name is not indicated, received money from wallets and mining pools associated with ransomware. Almost $100 million in cryptocurrency came to the crypto wallet address, of which $19.1 million came from ransomware addresses and $14.1 million from mining pools.

Analysts also said that the attacker was sending money to the exchange through a mining pool. So they avoid alerts about suspicious transactions on the exchange.

The mining pool acts as a cryptocurrency mixer so that the origin of the money cannot be traced. Thus, the stolen money looks like it was obtained from mining, and not from a ransomware attack.

At the same time, this method of money laundering is becoming more popular. In total, since 2018, the attacker’s wallet address on the exchange has received $158.3 million from ransomware addresses.

Experts believe that this problem can be solved if mining pools implement a more comprehensive wallet verification process in addition to Know Your Customer (KYC) measures and reject money that comes from suspicious addresses.

Cryptocurrency pyramid BitClub used mining pools to launder money until the US Department of Justice indicted its operators in 2020, Chainalysis notes.

The North Korean hacker group APT43, also known as Archipelago, also launders money through mining. In total, North Korean hackers stole $1 billion worth of cryptocurrency last year. At the same time, the General Intelligence Bureau of North Korea oversaw most of the hacks in the cryptocurrency market. Record theft of cryptocurrencies, among other things, allowed North Korea to accelerate the development of the ballistic missile program.