Binance Takes Down $500 Million Cybercrime Case
Binance, the world’s largest cryptocurrency exchange, recently took down a $500 million cybercrime case with the help of international law enforcement.
The cybercrime involved a ransomware gang called Cl0p, which has hacked a number of American targets including universities like Stanford, University of Miami, University of Maryland, and University of Colorado. Six individuals have been arrested for their involvement with Cl0p, and a number of computers, cars, and cash have been seized due to their expectant affiliation with the gang.
Oleksandr Hrynchak, Chief of Cyberpolice Department of the National Police of Ukraine said, “Through our collaboration with international organizations and law enforcement including Binance, the Cyber Bureau of Korean National Police Agency and US Law Enforcement, we exposed a group of hackers that used ransomware to extort over $500 million USD from American and Korean companies. To date, we conducted 21 home searches and seized vehicles and real estate that were in connection with the criminal activity.”
Therefore, a critical part of Binance’s commitment to ensuring the secure and sustainable growth of the global crypto ecosystem involves fighting different strains of ransomware and fraud. Earlier this year we released a case study on our first Bulletproof Exchanger Project, a dedicated anti-ransomware initiative where we worked with the Ukraine Cyber Police to arrest a major cybercriminal group laundering over $42M of illicit funds.
More recently Binance Security has been taking part in an international investigation with Ukraine Cyber Police, Cyber Bureau of Korean National Police Agency, US Law Enforcement, Spanish Civil Guard, and Swiss Federal Office of Police, among others, in apprehending a prolific cybercriminal ring. The group — also known as FANCYCAT — has been running multiple criminal activities: distributing cyber attacks; operating a high-risk exchanger, and laundering money from dark web operations and high-profile cyberattacks such as Cl0p and Petya ransomware. In all, FANCYCAT is responsible for over $500M worth of damages in connection with ransomware and millions more from other cybercrimes.
Blockchain analysis shows a network of money launderers living inside macro exchanges which deposit and withdraw to each other to wash the money. Understanding this diagnosis, we are taking the necessary steps to prevent illicit activity. We are applying a two-pronged approach: 1) implementing our own detection mechanisms to identify and offboard suspicious accounts 2) collaborating with law enforcement to build cases and take down criminal groups.
We applied the two-pronged approach to the FANCYCAT investigation: our AML detection and analytics program detected suspicious activity on Binance.com and expanded the suspect cluster. Once we mapped out the complete suspect network, we worked with private sector chain analytics companies TRM Labs and Crystal (BitFury) to analyze on-chain activity and gain a better understanding of this group and its attribution. Based on our analysis we found that this specific group was not only associated with laundering Cl0p attack funds, but also with Petya and other illegally-sourced funds. This led to the identification and eventual arrest of FANCYCAT.
We are continuing to investigate the FANCYCAT criminal syndicate across multiple jurisdictions and the connections associated with other cyber attacks. At Binance, we believe that strong controls across exchanges, smart legislation, and ongoing education will help immensely with weeding out bad actors. Projects such as our “Bulletproof Exchanger” and our ongoing partnerships with law enforcement, as well as security and blockchain analytics firms, will be a driving force in improving the cybersecurity measures across the wider crypto industry.