Criminals Direct Money Mules to Bitcoin ATMs to Launder Hacked Funds

Bitcoin ATMs have been relatively safe from any gang-related activity so far. That situation has come to change, as fraudsters are using these devices to launder money, according to KrebsOnSecurity. By hacking bank accounts, they deposit funds into money mules’ accounts. These mules then withdraw funds in cash and remit the stolen funds through one of the many Bitcoin ATMs available today.

Criminals are looking into different ways to make money these days. Phishing, extortion, ransomware, and bank account hacking remains the four most popular solutions to date. But when corporate bank accounts get hacked, things transpire in a very different manner compared to what most people would anticipate.

Money Mules Receive Bitcoin ATM Instructions

The first step is to move the funds out of the hacked account into a dummy bank account. Setting up these accounts usually occurs through fake information, or by recruiting so-called money mules. This latter category provides their real information to a company they think of as legitimate, through which they receive payments. Every incoming transfer then needs to be forward to a different account, for which they will receive a small cut as a commission as well.

But things are evolving in a different direction. Money mules no longer need to forward payments, but rather withdraw them in cash. Whereas remittance services like Western Union and MoneyGram were often used for money laundering, criminals are now instructing mules to visit Bitcoin ATMs. Since all of these machines let users buy cryptocurrency with fiat, there are plenty of potential targets.

Once the money mules purchase Bitcoin through these ATMs, they then forward the money to a particular address via a QR code. For now, it remains unsure why criminals are avoiding more common solutions such as Western Union and MoneyGram, though. Then again, the recipient of funds need sot provide their identification when picking up money, and forging documents can be time-consuming.

The bigger problem is how there are so many – unwitting –  money mules in the world today. Any company asking its employees to forward money sounds dodgy at best. After all, with a corporate bank account, there is no limitation as to where they can send money. Using Bitcoin ATMs is a rather worrisome turn of events, although it remains to be seen if this was just a one-time incident involving a Bitcoin ATM.

Header image courtesy of Shutterstock