Therefore, a critical part of Binance’s commitment to ensuring the secure and sustainable growth of the global crypto ecosystem involves fighting different strains of ransomware and fraud.
Earlier this year Binance released a case study on their first Bulletproof Exchanger Project, a dedicated anti-ransomware initiative where the company worked with the Ukraine Cyber Police to arrest a major cybercriminal group laundering over $42M of illicit funds.
More recently Binance Security has been taking part in an international investigation with Ukraine Cyber Police, Cyber Bureau of Korean National Police Agency, US Law Enforcement, Spanish Civil Guard, and Swiss Federal Office of Police, among others, in apprehending a prolific cybercriminal ring. The group — also known as FANCYCAT — has been running multiple criminal activities: distributing cyber attacks; operating a high-risk exchanger; and laundering money from dark web operations and high-profile cyber attacks such as Cl0p and Petya ransomware. In all, FANCYCAT is responsible for over $500M worth of damages in connection with ransomware and millions more from other cybercrimes.
Over the past year Binance has expanded its in-house AML detection and analytics capabilities. Based on the company’s research and analysis, as well as their understanding of cybercriminals’ history and cashout tactics, the company arrived at the conclusion that the biggest security problem in the industry today is money connected to cyber attacks being laundered through nested services and parasite exchanger accounts that live inside macro VASPs, including exchanges like Binance.com. These criminals enjoy taking advantage of reputable exchanges’ liquidity, diverse digital asset offerings and well-developed APIs.
In a majority of the cases associated with illicit blockchain flows coming onto exchanges, the exchange is not harboring the actual criminal group themselves, but rather being used as a middleman to launder stolen profits. Figure 1 shows an example of the money laundering process on an exchange in relation to cyber attacks: