How Did BTC-E (Allegedly) Process 95% of Bitcoin Ransom Payments

 

BTC-E, the oldest bitcoin exchange in the bitcoin industry, was officially taken down and seized by six U.S. law enforcement agencies last week for its involvement in the theft of $2.21 billion from now-defunct bitcoin exchange Mt. Gox and Bitcoinica.

Alexander Vinnick, the founder of BTC-E, was arrested in Greece and charged for laundering over $4 billion in bitcoin through his bitcoin exchange. In addition to laundering funds stolen from Mt. Gox and Bitcoinica, which amount to over $2.4 billion, Google and blockchain analyst firm Chainanalysis revealed at the Black Hat USA 2017 security conference that 95 percent of ransomware have been cashed out via BTC-E.

By law, in almost all regions excluding those that are yet to regulate their bitcoin markets such as India, bitcoin exchanges and trading platforms are required to comply to strict Know Your Customer (KYC) and Anti-Money Laundering (AML) policies. To be fully compliant with the law, exchanges need to maintain a database of its clients, their personal information and explicit details into transactions processed by the exchange for its clients.

Over the past few years, law enforcement agencies including the FBI and Europol found success in tracing bitcoin payments received by criminals on the dark web. Although it is not possible for law enforcement agencies and investigators to directly link a wallet to an identity, bitcoin transactions can be traced down to an identity if criminals decide to cash out via regulated bitcoin exchanges.

For instance, when a group of hackers stole around $950,000 within a two-month period by exploiting a bug discovered in the UPI application of the Bank of Maharashtra (BoM) and purchased over $155,000 in bitcoin through local bitcoin exchanges including Zebpay, bitcoin exchanges collaborated with law enforcement agencies and utilized their KYC systems to trace the identities of the hackers.

Hence, primarily due to the transparent nature of bitcoin and strict regulations of overseas bitcoin markets, bitcoin usage amongst dark web criminals and hackers has significantly decreased.

However, if criminals can launder bitcoin transactions through exchanges and essentially mix the inputs and outputs of transactions, they can anonymously cash out bitcoin. According to the Greek police and U.S. investigators, Vinnick and BTC-E laundered bitcoin transactions for the vast majority of ransomware distributors and according to Google and Coinalytics, 95 percent of ransomware distributors laundered their bitcoin transactions through BTC-E.

BTC-E was able to process 95 percent of bitcoin ransom payments because it had the authority over its KYC and AML systems. Because BTC-E had absolute control over its platform and it operated as a platform for ransomware distributors and hackers, it allowed users to avoid investigations from law enforcement agencies while cashing out their funds.

For large amounts of bitcoin, BTC-E owner Vinnick also utilized Tradehill, another one of his exchanges, to launder funds. According to the US authorities and the US Financial Crimes Enforcement NetworK (FINCEN), Vinnick received stolen funds from Mt. Gox and laundered them through BTC-E and Tradehill, a San Francisco-based exchange.

Despite promising the community a 10-day recovery period, within a few days after the arrest of Vinnick, BTC-E was seized by US authorities and the company was fined a total of $110 million.

Investigators at FINCEN stated that Vinnick and other executives at BTC-E utilized the trading platform to assist criminals that have profited from ransomware, fraud, identity theft, tax refund fraud schemes, public corruption and drug trafficking.

“BTC-e quickly became the virtual currency exchange of choice for criminals looking to conduct illicit transactions or launder illicit proceeds, all of which BTC-e failed to report both to FinCEN and law enforcement,” read the FINCEN report.