It appears to be becoming increasingly difficult for malicious actors in the crypto space to cash out stolen digital assets. Crypto criminals are responding by looking for new ways to outsmart the system.
Last week, Elliptic, a blockchain investigation firm, revealed in a blog post a darknet blockchain analytics tool named Antinalysis, which flagged “dirty” Bitcoins. Elliptic founder Tom Robinson wrote in the post: “The launch of Antinalysis likely reflects the difficulties faced by the market and its vendors in cashing out their Bitcoin proceeds.”
Using the tool, individuals could check their Bitcoin wallets for links to illicit activities likely to be flagged by regulated exchanges as proceeds of crime. Within eight hours of the blog post, and amid resulting media attention, the tool was suspended by one of its service providers, AMLBot, an anti-money laundering intelligence platform.
Clean crypto
Antinalysis was first brought to public attention by reporter-turned-computer security expert Brian Krebbs. According to his blog, Antinalysis was being marketed on the dark web as a Bitcoin “address risk analyzer.” The ad read: “Our service provides you with a view from LE/exchange’s perspective of things (with similar accuracy, but quite different approach) that provides you with basic knowledge of how ‘clean’ your address is.”
Bitcoin and other cryptocurrencies have been longtime favorites among criminals involved in drug deals and money laundering, due to the sense of anonymity provided by blockchains. But regulatory crackdowns have ensured that exchanges use blockchain analytical tools to flag and report crypto tokens potentially linked to criminal activities.
“By tracing a transaction back through the blockchain, these tools can identify whether the funds originated from a wallet associated with ransomware or any other criminal activity,” Robinson wrote in his post.
Whenever crypto criminals send funds to a business or regulated exchange that uses such tools, they stand the risk of being identified and reported to law enforcement.
Using tools such as Antinalysis, crypto launderers can avoid appearing on the radar by analyzing how a blockchain analytics tool will assess their tokens. According to the Antinalysis “About us” page, the tool’s mission was to provide “a perspective from the opponent’s point of view in order for the user to comprehend the possibility of his/her funds getting flagged down under autocratic illegal charges.”
Antinalysis ran on Tor, an anonymous version of the web used to host darknet markets, and categorized Bitcoins according to the risk associated with the tokens, along with their detected sources. According to Robinson’s post, Bitcoins linked to darknet markets, ransomware and theft were flagged as “extreme risk” assets by Antinalysis, while tokens from regulated exchanges and newly-mined coins were categorized as “no risk” assets.
Each assessment report on Antinalysis cost roughly US$3, with a minimum purchase of US$30, while higher-priced plans went up to US$6,000 for 5,000 requests. Antinalysis was developed by the Incognito team, which also runs Incognito Market, a platform for buying and selling controlled substances.
Although Antinalysis claimed to provide highly accurate results, Elliptic’s evaluation of a result by Antinalysis revealed that the tool was “poor” at detecting links to darknet markets and illicit entities. Nevertheless, the tool represented a new tactic at the disposal of crypto launderers that enabled them to stay off authorities’ radar.
Rip-off risk analyzer
Nick Bax, an independent crypto transaction tracing expert, said Antinalysis was in all likelihood a copy of AMLBot. According to Bax, the Antinalysis interface appeared to be starkly similar to the cheapest AMLBot version. Bax also compared a risk report by Antinalysis against a result provided by AMLBot for the same Bitcoin address. The two results were found to be nearly identical.
After an internal investigation, AMLBot found that Antinalysis was built on its API, and shut down the Antinalysis account. AMLBot notified law enforcement authorities of the addresses that had used Antinalysis to generate risk reports.
A technical administrator at Antinalysis provided a statement to a BBC reporter that called the swift shutdown an “unlawful warranted seizure of our data source.” The group claimed to be activists who “dislike state agencies conducting mass surveillance.”
Cryptocurrency lawyer Benjamin Sauter, a partner at Kobre & Kim, told Forkast.News that more blockchain analytics tools such as Antinalysis could be expected to appear in the future. He said: “Some [blockchain analytic tools] are going to be marketed and sold, and they don’t necessarily need to be on the darknet. There are going to be financial incentives to do that. I would expect that you will increasingly see blockchain analytics tools become publicly available.”