While there have been plenty of stories about cryptocurrency hacks in the past few years, a new report finds that most of those have come from one of two groups, neither of which has been caught and both of which remain active today.
Life to date, they’ve stolen roughly $1 billion worth of digital currencies, says security firm Chainalysis, which spent three months tracking transactions.
The two groups, according to the report, are responsible for 60% of all publicly reported crypto hacks, which often involve tens or hundreds of millions dollars’ worth of coins being taken from exchanges. But while some of their methods are similar, others are wildly different.
“We suspect that one of the prominent hacking groups, which we’ll refer to as group Alpha, is a giant, tightly controlled organization at least partly driven by non-monetary goals,” says Chainalysis. “By contrast the second hacking organization, group Beta, seems to be a less organized and smaller organization absolutely focused on the money. They don’t appear to care very much about evading detection.”
To avoid detection, both groups use an advanced form of money laundering, transferring the funds an average of 5,000 times before cashing them out and waiting until the furor over the theft has died down before doing so. This can range anywhere from 30 days to 18 months.
Cryptocurrency exchanges, since they both facilitate trades and hold investors’ digital wallets, are prime targets for hackers.
Assuming the report is accurate (and its authors suggest there is the possibility their conclusions could be wrong), it points once again to security flaws in the industry that prevent cryptocurrencies from becoming a standard business currency.