Binance have announced they were part of a successful investigation into cybercriminals laundering ransomware profits.
Authorities in Ukraine have announced they had arrested a group of individuals that were working as part of a ransomware gang nicknamed FANCYCAT. The gang has been wreaking havoc globally by hacking and extorting money from multiple victims so far in 2021. The individuals arrested were responsible for cashing out the wallets and laundering funds for the criminals.
After the official statement from the police, Binance followed up by sharing details of its role in the bust. Binance’s blog refers to the sting as “Operation FANCYCAT” and states it was a joint effort between themselves and the Cyber Bureau of Korean National Police Agency, Swiss Federal Office of Police, U.S. Law Enforcement, Spanish Civil Guard, and the Ukrainian Cyber Police. Officials allege that those arrested were part of a gang that carried out cyberattacks, operated a high-risk exchanger, and laundered money. Much of this criminal activity was carried out via the dark web. The investigation revealed that the cybergang is responsible for more than $500 million in theft and damages.
Binance says it has expanded in-house AML detection and analytics capabilities to best combat cybercrime. The release stated that
“Based on our research and analysis, as well as our understanding of cybercriminals’ history and cashout tactics, we arrived at the conclusion that the biggest security problem in the industry today is money connected to cyberattacks being laundered through nested services and parasite exchanger accounts that live inside macro VASPs, including exchanges like Binance.com.”
Binance’s goal is to stop cybercriminals from taking advantage of legitimate exchanges’ liquidity, digital assets, and APIs. The exchange claims that reputable operations such as itself are being used as a middleman to launder stolen assets and are not harboring these criminal organizations. A small but important distinction.
The report states that the FANCYCAT investigators utilized AML detection and analytics to detect suspicious activity on their platform. After the suspects were identified. Private companies TRM Labs and Crystal were called in to analyze on-chain activity to further investigate the group. The results showed that the group was laundering CI0p attack funds along with those from Petya and other illegal operations.
The group of investigators will continue to try and dismantle FANCYCAT. It is clear the job is far from done after a new attack occurred days after the arrests occurred. Hackers from the gang announced they had stolen from a new victim and are demanding payment to release the funds back to the company.