New Report Says Most Cryptocurrency Hacks Come From Two “Professional” Groups

The image of the cryptocurrency hacker has heretofore been one of a free operator, acting alone or as part of a seemingly random swarm of attackers. A new report from Chainalysis suggests otherwise.

Most cryptocurrency hacks are systematic efforts undertaken by one of two “prominent, professional” groups, according to the report. Together, they’ve stolen close to $1 billion in cryptocurrency to date and can be held accountable for at least 60 percent of all reported hacks of exchanges and other large, collective entities that hold cryptocurrency.

First, there’s the hacker group Chainalysis calls “Alpha.” Alpha is organized, careful, and has goals beyond simply getting rich (Chainalysis does not specify what those goals may be, but its full report on crypto hackers comes out on January 30, which may include more information).

Group “Beta,” on the other hand, seems to be less concerned about hiding their shady activities. Smaller than Alpha and more chaotic, they’re in it for the cash.

That said, both groups do make an effort to obscure their hacks. Like any accomplished criminal, they move their stolen money around—through a tangle of wallets that makes it difficult to track the originally stolen crypto. One hack by Alpha, reported The Wall Street Journal, included 15,000 transfers. The group made those transfers quickly. Cryptocurrency stolen through Alpha hacks usually becomes cash within about 30 days of the initial theft. Beta tends to sit on its stolen crypto for months, sometimes for more than a year, before cashing out.

The report draws attention to just how small the cryptocurrency-holding community is and how few people it takes to notably affect it.

Chainalysis, a widely respected research firm with multiple government contracts, hasn’t been able to further identify the two groups and admits that its study could be incorrect. The firm’s findings, however, present a new—and in a sense more threatening—view of cryptocurrency theft. One of blockchain technology’s most prominent boasting points is its security. Altering an “immutable, decentralized” record is not easy—unless you have an organized majority, which can successfully carry out a 51 percent attack on the network.

If there are two significant, organized groups regularly hacking into cryptocurrency exchanges, that’s a powerful thing. No, it doesn’t necessarily mean they’re equipped to carry out 51 percent attacks on any given network, but it does draw attention to just how small the cryptocurrency-holding community is and how few people it takes to notably affect it. As of December 2017, for example, only 1,000 people owned 40 percent of the total bitcoin supply.

According to a December 2018 report from CipherTrace, a company that makes anti-money laundering solutions, cryptocurrency theft increased significantly from the previous two years. As of Q3 of 2018, hackers had stolen $927 million from cryptocurrency exchanges and trading platforms. In 2017 and 2016, a total of $266 million and $152 million were stolen, respectively.

Many cryptocurrency hacks have been traced back to the North Korea-linked Lazarus group, including a $30 million hack of the South Korea-based Bithumb last year. It’s unclear whether Chainalysis has connected either Alpha or Beta to North Korean actors, though groups from the authoritarian nation have been keen on funding via cryptocurrency theft since new sanctions blocked other sources of income from entering the country.