Peer-to-Peer Cryptocurrency Exchanges Abused in Cash-Out Schemes
Cybercriminals responding to security measures such as Know-Your-Customer implemented by Coinbase and other reputable cryptocurrency exchanges have begun to abuse legitimate peer-to-peer exchanges instead to convert or launder stolen funds.
Flashpoint analysts have observed a growing number of underground discussions and specific recommendations around certain peer-to-peer services that threat actors consider valuable for converting cash or other funds into or out of cryptocurrency.
Transactions carried out through peer-to-peer cryptocurrency exchanges differ from traditional exchanges in that they are one-to-one relationships. Sellers and buyers know who they’re dealing with and exchange certain personal information beyond a wallet address to also include locations or IP addresses. Parties may also meet face-to-face to close out transactions.
The decentralized nature of peer-to-peer cryptocurrency exchanges is highly attractive to threat actors seeking to launder funds, since the accountability and transparency measures adhered to by a number of larger centralized exchanges is not mandated, challenging law enforcement efforts to track such activities. Although certain peer-to-peer cryptocurrency exchanges might willingly cooperate with law enforcement, there are readily available methods that threat actors utilize while laundering their illicitly gained funds to maintain anonymity. The greater perception of anonymity afforded by a peer-to-peer exchange may spur continued growth of this facet of money laundering and conversion, analysts said.
Local Exchanges are a Transparent Platform
Local peer-to-peer exchanges are some of the most popular because they provide users with a communication platform for interactions with others wanting to buy or sell digital currency. After striking a deal, a buyer can exchange cash in person, transfer bank funds online, or use other means such as prepaid cards, other cryptocurrencies, or gift cards, in exchange for the seller transferring cryptocurrency to the buyer.
Threat actors wishing to launder stolen money are abusing these legitimate services. Larger centralized exchanges may offer enhanced security measures, including Know-Your-Customer, which may be driving the push toward peer-to-peer exchanges. Know-Your-Customer is a security process in which businesses, mostly financial institutions, verify the identity of clients in order to cut down on the possibility of fraudulent use of a platform. These standards require that individuals present several forms of identification, for example at a bank upon opening accounts or lines of credit.
Cash-Out Schemes and Local Exchanges
Without this and other security controls in place, decentralized peer-to-peer exchanges are attractive to criminals who need to launder funds. Activity on Deep & Dark Web (DDW) and since-shuttered fraud-related subreddits—which are Reddit forums dedicated to a specific topic —has perked up related to the use of these local cryptocurrency exchanges for cashing out and money laundering.
Discussions among threat actors in these forums primarily are concerned with recruiting others to cash-out schemes. They also spell out the prerequisites for others to join and the terms necessary to convert stolen funds to Bitcoin or Monero, even in large amounts. Some discussions around peer-to-peer exchanges date back at least four years and can be found even in the largest underground markets, Flashpoint analysts said. Tangentially, some discussions include listings of established—also known as aged—local exchange accounts for sale. Aged accounts are less likely to be flagged for fraud, analysts said, because they have the appearance of long-term use.
Anonymity is the key for profit-motivated threat actors, thus the initial attraction to Monero in particular for cashing out. Monero is marketed as a privacy-centric exchange and its users carry out transactions over the Tor network and .onion URLs. It still trails Bitcoin as the preferred currency in these types of criminal exchanges, however.
Flashpoint analysts believe this abuse of peer-to-peer cryptocurrency exchanges will continue because of the transparency of transactions and the one-to-one nature of these relationships, which can even include face-to-face meetings. This could be especially true as larger exchanges continue to stiffen their security controls, including the implementation of Know-Your-Customer standards.
Flashpoint Analyst Team
The Flashpoint analyst team is composed of subject-matter experts with tradecraft skills honed through years of operating in the most austere online environments, training in elite government and corporate environments, and building and leading intelligence programs across all sectors. Our team covers more than 20 languages including Arabic, Mandarin, Farsi, Turkish, Kazakh, Spanish, French, German, Russian, Ukrainian, Italian, and Portuguese.