According to a September report from security-as-a-service firm Armor, hackers on dark markets are now selling fiat cash for fractions of its worth to avoid the risk of dealing with the money themselves.
There’s now an underground service catering to criminals that lack the skills or nerve to hack into online accounts to steal funds.
Armor’s Threat Resistance Unit (TRU) research team said in the report:
“There are plenty of hackers willing to simply transfer stolen funds to the bank account or PayPal account of your choice or send you the funds via Western Union.”
The team said the new service had been spotted within the last year and it has bloomed into a “key offering” on the dark web.
Those using the service will get what appears to be a real bargain, gaining cash for bitcoin at roughly 10–12 cents on the dollar. For example, a customer can pay the seller $800 in bitcoin and $10,000 will be transferred to their account of choice.
Aside from being cheap, the service makes things much simpler for customers, since they no longer have to buy stolen online bank account credentials, set up a “money mule” account to receive the funds, and log into the stolen account to transfer the money.
Armor calls it a “seamless turn-key money laundering service.”
There is a reason dark web sellers are offering such low prices, of course.
The service appeals to sellers because they are not taking possession of the funds themselves. Just transferring the cash puts the bulk of the risk on the buyer.
More generally, the report says that bitcoin is still the most popular cryptocurrency, being used “almost exclusively” in dark web transactions. Cryptos with more privacy features, like monero, dash, and zcash are sometimes used, but tend to require more technical expertise on the part of victims, Armor said.
US Attorney’s Office Indicts Two Suspects in EtherDelta Hack
The United States attorney’s office for the Northern District of California has indicted two suspects – Elliot Gunton and Anthony Tyler Nashatka – for hacking EtherDelta, a non-custodial marketplace for trading Ethereum (ETH) ERC-20 tokens, in December 2017.
According to the documents originally filed on Aug. 13, Ganton and Nashatka changed the settings of EtherDelta’s domain name system to mislead users and collect their crypto addresses, private keys and to withdraw funds.
A fake website
The suspects managed to gain access to the settings using the phone number of one of the EtherDelta employees and used it to hack their email address. After that, Gunton and Nashatka reportedly changed the parameters of the domain system in such a way as to redirect traffic from EtherDelta to a fake website that resembled a real EtherDelta platform.
Visitors of this fake website could reveal their private keys and potentially lose their cryptocurrency assets. According to the prosecution, the losses of one of the EtherDelta users amounted to at least $800,000. The total amount of stolen funds was not disclosed in the court document.
As Cointelegraph reported in August, Chinese police was reportedly investigating EtherDelta in connection with an apparent exit scam.