Only 4% of nearly 120,000 Bitcoin (around $7 billion today) stolen by a hacker from crypto exchange Bitfinex in 2016 have been laundered so far—and it will take the thieves over a century to cash out their bounty in full, according to blockchain intelligence firm Elliptic.
According to the report published on Thursday, 79% of the stolen funds hadn’t moved to this day and still reside in the hacker(s) wallet. While another 21% have been moved around over the past five years, the malicious actors managed to launder or exchange “only” approximately $270 million of their cache.
This is because the evolution of crypto tracking tools, regulation, and law enforcement methodologies have made illicitly gained digital assets extremely hard to cash out today, Elliptic pointed out.
Peeling off your BTC
For example, the hacker used so-called “peel chains” to launder and exchange their funds. Using this method, crypto tokens are usually moved around a lot, rapidly migrating from wallet to wallet, while just small portions of BTC are being “peeled off” to their actual destination along the way.
An example of peeling chains used by the Bitfinex hacker. Image: Elliptic
Back in 2016, coins laundered via peel chains were extremely hard to trace manually, the firm explained, but there are now many automatic tracing systems that have been developed since then. For example, the “Elliptic Forensics” software ostensibly allows to “determine within milliseconds the ultimate source or destination of funds in an address, regardless of the number or complexity of the transactions used by a launderer.”
Still, after stealing 119,756 BTC in 2016, the hacker reportedly conducted a “flurry of transactions” in 2017, but their activity nearly ceased by 2020.
However, when the price of Bitcoin began exploding in early 2021, the temptation apparently became too much for the hacker, prompting them to move 12,241 BTC in April—worth $774 million at the time.
Elliptic also identified the three main venues the hacker used to move his stash: darknet markets (84%), privacy wallets (12%), and exchanges (4%).
Not so many options anymore
The laundering process first began in 2017 on Alphabay, the largest darknet market at the time. After it was shut down by law enforcement later that year, the operation moved to Hydra, which is the biggest illegal marketplace today.
“After a hiatus in 2019, the launderers returned to Hydra in 2020, and are currently depositing $3 million of the stolen bitcoins every month. In total, approximately $72 million-worth of the stolen bitcoins have been sent to Hydra to date,” Elliptic revealed.
The hacker also actively used privacy-focused wallets that allow users to hide their coins from blockchain trackers. Initially, some portions of BTC were sent to JoinMarket, but the hacker later switched to Wasabi as their primary wallet.
In total, the attacker has laundered roughly $10 million and keeps sending another $1 million worth of the stolen Bitcoin to Wasabi Wallet every month.
Finally, crypto exchanges account for just 4% of the hacker’s transactions—and this is because most of them are using strict know-your-customer and anti-money laundering procedures today, making it extremely hard to cash out stolen funds without revealing your identity.
“At that rate, it will take another 114 years to work through the rest of the stolen funds. As well as shedding light on criminal activity such as that suffered by Bitfinex, blockchain analytics has made it increasingly difficult to make crime pay when using crypto for illicit purposes,” Elliptic concluded.