On the black market, money’s no good unless it’s clean (or laundered).

Bitcoin and other cryptocurrencies have long been the astute cybercriminal’s currency of choice because of its decentralised, anonymised basis. But as the heat increases on ill-gotten gains and the use of crypto worldwide by law enforcement and governments, criminals are having to keep one step ahead.

What was once a Wild West of unregulated crypto exchanges is now coalescing into something more formalised, with checks and balances. Many regulated exchanges now require all bitcoin addresses that flow through it to be checked and identified as proceeds of crime if it’s been stolen or connected to illicit activity.

It all makes for bad reading for cybercriminals looking to get the proceeds of crime into their bank accounts. And they’re not taking the changing face of crypto lying down.

A dark web blockchain analytics tool has been launched, according to Elliptic, that will triage bitcoin addresses for their likelihood of being caught up in automated proceeds of crime checks. The idea is that if a certain address is too hot, the criminal won’t deposit it through a regulated exchange.

Why this is important

The tool, called Antinalysis, is a boon for those who obtained their crypto wealth through questionable means. Crypto exchanges have become much more careful about the kind of bitcoin they handle. “By tracing a transaction back through the blockchain, these tools can identify whether the funds originated from a wallet associated with ransomware or any other criminal activity,” says Tom Robinson, Elliptic’s co-founder and chief scientist. (Elliptic provide analytics tools to many exchanges.)

“The launderer therefore risks being identified as a criminal and being reported to law enforcement whenever they send funds to a business using such a tool.”

Tom Robinson

Antinalysis looks to head off this issue before it arises. It’s a cut-down version of the types of tools that the exchanges themselves use, running on Tor, and giving users who pay $3 to check a single bitcoin address a preview of what a blockchain analytics tool is likely to make of the address they submitted. The tool looks likely to be a reskin of AMLBot, or utilises the AMLBot API, which is used within the industry.

“The site provides a breakdown of where it thinks the bitcoins have come from, categorising by risk,” explains Robinson. “Proceeds of darknet markets, ransomware, and theft are considered to be ‘extreme risk’, while funds from regulated exchanges and freshly-mined coins are classed as ‘no risk’.”

In one example Robinson demonstrated, 2.7% of the bitcoins held in a single address were traced back to darknet markets.

Are the results accurate?

Criminals are criminals, however you look at it, and are always eager to swindle someone. Which begs the question: is the tool actually accurate? Antinalysis claims to be able to serve up very accurate results that are checked against results from commercially available blockchain analytics tools.

But Robinson is less sure. “Elliptic’s own evaluation of the results returned for a range of bitcoin addresses shows that it was poor at detecting links to major darknet markets and other criminal entities,” he says. “This is perhaps not surprising — providing accurate blockchain analytics requires significant investment in technology and data collection, over long periods of time.”

Nonetheless, it’s a big step forward for cybercriminals.

Even if it’s not as accurate as its makers claim, it’s still another weapon in the arsenal to try and head off criminal investigations and unnecessary attention around their activities. It’s an example of the cat and mouse game that those trying to avoid police detection, and those trying to police the space, are engaged in.