How Hackers Cash out Stolen Bitcoin & Ransomed

Since cryptocurrency transactions are virtually anonymous, cybercriminals use them in dark markets for illicit trading. Through ransomware attacks like WannaCry, Petya, Locky, and Cerber, hackers receive a lot of money. Moreover, we learn about cryptocurrency trading hack every so often, wherein attackers steal thousands of dollars in Bitcoin. But how they cash out or convert stolen money into fiat currency?

An example of how much hackers are after cryptocurrencies is the recent news of “thefts of 2020”. Bitcoin is one of the massively valuable cryptocurrencies in which about half a billion dollars in total stolen.

After stealing thousands of cryptocurrencies from exchanges and ransomware targets, understandably, cybercriminals will not retain them in electronic form. The next move is to turn cryptocurrency into real-world currency. Several cryptocurrency platforms enable cybercriminals to cash out their bitcoin without being detected, i.e., anonymously.

According to Google researchers, many victims buy bitcoins through Craigslist and Localbitcoins. And since 2014, more than 95% of all bitcoin payments received from ransomware targets were cashed out through a Russian bitcoin exchange called BTC-E.


95% BTC-EAs per a report by Chainalysis, cybercriminals use progressively rigorous techniques to transform illicitly acquired cryptocurrency into real money. Criminal entities sent $2.8 billion in bitcoin via cryptocurrency exchanges in 2019. And attackers utlize platforms known as “over-the-counter brokers” to turn cryptocurrency into real money.

As per the report, brokers conduct transactions between particular buyers/sellers who don’t want to trade on an open market. The Chainalysis report identifies a group known as the Rogue 100. The group assists in the circumvention of laws such as anti-money laundering and know your customer legislation. The advent of these forms of rogue cryptocurrency exchanges, together with new technologies, has made it increasingly challenging for law enforcement to monitor digital currency use in cybercrime and terrorist funding.

According to Chainalysis:

We tracked $2.8 billion in Bitcoin that transferred from criminal organizations to exchanges over the year. Binance and Huobi got just over 50% of the number. Binance and Huobi are well ahead of all other exchanges in terms of illegal Bitcoin provided. Given that Binance and Huobi are two of the largest platforms in service and are subject to KYC regulations, this can come as a surprise.”

Exchange receive

Bitcoin mixers

Bitcoin mixers tidy dirty cryptocurrency by tossing it between several addresses until merging the entire amount via bitcoin wallet. One Bitcoin wallet hosted on the clean internet is needed. You can also create two or more bitcoin wallets that only operate on the dark web.

Bitcoin is transferred from a secure internet wallet to a Tor wallet that is hidden.  It is time to put it through a tumbler now that it is in a dark web wallet. The tumbler will segment the Bitcoin into several transactions, transmitting it at random intervals to Tor-hosted bitcoin wallets that it will be difficult to link up the transactions back. After the tumbling, the BTC is clean to withdraw from a cryptocurrency exchange.

Unregulated exchanges

Without using a cryptocurrency mixing service first, unregulated cryptocurrency exchanges may use to clean bitcoin. Swapping bitcoin several times through different markets can lead to clean bitcoin. When a trader trades one cryptocurrency for the other, they are incorporating levels of confidentiality. Much as when they change wallet addresses on the dark web. The individual will then use other unknown exchange accounts to deposit their bitcoin to an existing cryptocurrency wallet.

P2P Networks

Many criminals use decentralized peer-to-peer networks to reduce the risk of bitcoin money laundering. Using naive third parties, they may also transfer funds to their next destination. The majority of cryptocurrency money laundering concludes with clean bitcoin being channel into markets in areas with little to no anti-money laundering regulations. They finally trade it for local cash then use it to buy high-end products.

Bitcoin ATMs

According to Statista:

As of January 1, 2021, there were nearly 14,000 Bitcoin ATMs all over the world”. Bitcoin ATMs allow anyone with a credit or debit card to buy bitcoin.  They may also have bi-directional features, letting clients exchange bitcoins for cash by scanning a wallet address. Bitcoin ATMs acknowledge cash deposits and create a QR code that checks at a conventional exchange to redeem bitcoin. Financial institution regulations for maintaining a database of clients and transactions for these devices differ across countries.

Final Thoughts

Says Jonathan Levin, the founder of Chainalysis,

What we used to see was just Bitcoin transactions between theft and the movement toward over-the-counter traders that enable hackers to get out of Bitcoin. That is relatively straightforward now there are a lot more currencies involved. They can move through obscure currencies, but eventually, they end in the same spot, which is moving it back to Bitcoin and through the over-the-counter market”.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...