Chainalysis’ Crypto Crime Intelligence Briefs Cast Spotlight on North Korea and Iran

New York-based blockchain intelligence firm Chainalysis has launched a new initiative to shed more light on the scope of its latest cryptocurrency crime analyses. 

Published on May 4, three installments of the firm’s new Crypto Crime Intelligence Briefs provide insights into the mechanisms and routes being used for illicit transactions in the crypto space. 

In launching its new series, Chainalysis says that while none of the entities analyzed in its new briefs is currently under active investigation, it is releasing the information to support ongoing work by law enforcement, regulators, cybersecurity firms and compliance professionals. 

Global vectors to keep an eye on

The first of Chainalysis’ briefs looks at the role played by Black Host — an example of a so-dubbed bulletproof hosting provider, which provides anonymity-preserving web hosting services.

Other examples of bulletproof hosting services include, but are not limited to, virtual SIM card providers, VPN providers, and anonymous email providers. All these fit under a canopy of anonymity services that help protect the privacy of users’ web presence.

In the case of Black Host, the provider also supports cryptocurrency purchasing for its services, adding another layer of pseudonymous protection. 

Although many users’ privacy concerns are legitimate, Chainalysis notes, in the case of Black Host its analysis has identified that its services were used, back in May 2018, by a Bitcoin (BTC) address associated with the North Korean government-aligned cybercriminal Lazarus Group

The second of Chainalysis briefs casts the spotlight on the Iranian cryptocurrency exchange ecosystem, in particular a popular local trading platform, Farhad Exchange. 

While many established crypto peer-to-peer sites such as Localbitcoins have halted operations in Iran for fear of fines of United States sanctions violations, domestic exchanges have continued to operate. This is despite the Central Bank’s pledge to crack down on private cryptocurrency projects in recent years.

Farhad, which supports Iranian rials, U.S. dollar and Russian ruble e-currencies from WebMoney, and major cryptocurrencies, has an active social media and online educational program for domestic crypto users. 

Over 20,000 BTC addresses attributed to the exchange have been identified by Chainalysis, involved in over 46,000 transactions. These have purportedly become less active in recent months, and overall hold a balance of under 1 Bitcoin. Nonetheless, they do continue to transact as of April 29, and addresses associated with the platform have received 7,993.09 BTC and sent 7,978.77 BTC since 2016.

In its most recent traffic, Farhad has interacted with mainstream exchanges, as well as higher-risk entities, gambling sites and peer-to-peer platforms. 

Between 2014 to 2017, the exchange received 74 BTC from an address linked to an Iranian national sanctioned for his role in assisting the SamSam ransomware attackers to convert BTC into rials.

The last of Chainalysis’ briefs focuses on a Poland-based crypto Ponzi Scheme, FutureNet, which has established an infrastructure of mock companies to create a veneer of legitimacy for the scam. 

Recent Chainalysis research

Last month, Cointelegraph reported on Chainalysis’ analysis of the use of cryptocurrencies to purchase child sexual abuse material on the darknet, which found that such transactions had increased by 32% in 2019 over the previous year.

Polish crypto exchange employee in induced coma after armed attack   Feb. 3, 2021
Binance denies allegations of market manipulation   Aug. 23, 2021
North Korea’s ‘Bureau 121’ Has an Army of 6000 Hackers   Aug. 19, 2020
Co-Owner of Now-Defunct Crypto Exchange BitMarket Found Dead   July 27, 2019
NCFTA onboards crypto exchange Binance to fight against cybercrime   Jan. 18, 2022