Card Not Present Fraud , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development
Bitcoin's Reign on the Dark Web May Be Waning
Wider Use of Litecoin, Monero and Dash Signals Cryptocurrency ShiftThere's one industry that enthusiastically embraces new technology: cybercrime.
See Also: Protect Your Small & Mid-Sized Business from Cyber Threats This Holiday
For online scams and schemes, bitcoin changed the landscape. It became possible to obtain quick and secure payment in virtual currency for extortion schemes without touching conventional banking systems or wire transfer services.
Sure, there are problems with bitcoin: It's not nearly as anonymous as people first thought, and the rapid rise in use since its launch in 2009 has strained the system. Confirming transactions takes longer, and the fees for those transactions rose to astounding levels in December.
Bitcoin's shortcomings as a transactional system have been revealed over time, but it's still the best-known virtual currency. It's sold on every cryptocurrency exchange. Plus, it has a robust, if at times prickly, community and one of the most mature software ecosystems. But other virtual currencies are nipping at its heels in the criminal underground, and a shift could be underway.
The threat intelligence company Recorded Future looked at what kind of virtual currencies are being used in some 150 "dark web" markets and forums, the Web's underbelly for shady activity.
While all of them accept bitcoin, they're also increasingly supporting Litecoin, Monero, Dash, Bitcoin Cash, Ethereum and ZCash. Recorded Future boldly predicts bitcoin will slowly fall out of favor.
"We expect that the cryptocurrency diversification trend will only intensify, and bitcoin will lose its place as a dominant payment method in the dark web in the next six to 12 months," the study says. "However, contrary to a widespread assumption that criminals are abandoning bitcoin altogether, we are convinced it will remain one of the main payment instruments, albeit with a significantly smaller market share."
Cryptocurrency Rage
The last few years have seen an explosion in digital currency. Coinmarketcap.com, one of the most popular market trackers, now lists exchange prices for more than 1,500 digital currencies.
Because bitcoin is open-source software, it quickly spawned other virtual currencies based in part on its code. Developers and enthusiasts have sought to improve on bitcoin in two key areas: making transactions more anonymous while preserving trust in distributed ledger technology and improving transaction speeds.
Litecoin, which focused on speed, was among the first that appeared following bitcoin. And others under development, such as Dash, ZCash and Monero, focused on making transactions less traceable. Recorded Future says it found anecdotal evidence that the surge in bitcoin transaction fees in December put some vendors off.
In mid-December, some transactions were costing $30 in bitcoin, making it unfeasible for small payments. That fee, which is adjusted periodically and determined by a variety of network factors, has since dropped. But it pales in comparison to the early days of bitcoin when fees were tiny fractions of a penny.
Recorded Future says it appears that Eastern European groups are adopting alternative cryptocurrency platforms before English-speaking ones. Russians tend to favor Litecoin for its accessibility and convenience, while English speakers leaned toward Monero.
Litecoin's popularity "came as a surprise," says Andrei Barysevich, Recorded Future's director of advanced collection. "But criminals are, after all, businessmen. They want to make it as easy as possible for customers to make purchases."
One of drivers for Litecoin appeared be the availability of hardware wallets, or devices that are designed to securely store the secret keys that unlock funds. Keeping vast amounts of digital currency on a computer is risky. Many of the popular wallets, such as Ledger and Trezor, support Litecoin.
Discord Over Dash
At least one virtual currency, Dash, has taken issue with Recorded Future's findings.
Bloomberg reports that Dash Core Group says it "is not aware of a single darknet market that uses Dash on its platform."
"We believe it is an absurd assertion that the report concluded that 20 percent of vendors accept Dash for darknet transactions," Dash Core Group CEO Ryan Taylor told Bloomberg. "Numerous publicly available reports, even with Tor and VPN assisted searches, have indicated no adoption of Dash as an alternative payment method for these transactions."
In a statement provided to ISMG, Recorded Future responded to Dash by saying the research came from a manual analysis of 150 forums and that it is "confident that the statistics presented are an accurate evaluation of those sources."
"To be clear, we are not making the claim that cybercriminals use Dash exclusively. The analysis notes a rise of other cryptocurrencies in criminal transactions, most notably, Litecoin," the company says.
Because of its embrace by cybercriminals, virtually currency has acquired a distorted reputation. But as virtual currency enthusiasts often point out, money - in whatever form - will be used for illegal activity.
But many blockchain-based systems, including bitcoin, are seeking to solve the problem of slow and expensive international money transfers. More broadly, blockchain is being looked at its applications for everything from better security on IoT devices to supply chain efficiencies to smart contracts and identity and access management (see Blockchain for Identity Management: It's Years Away).
Cryptocurrency Ransoms
The shift means that enterprises that fall victim to ransomware or extortion may see demands for some other virtual currency. Although experts and law enforcement recommend organizations take breaches on the chin and not pay ransoms, some see ransoms as a cost of doing business.
As the popularity and interest in virtual currency has risen, it shouldn't be necessarily any more difficult for organizations to obtain a different flavor of cryptocurrency. But one development looks assured: Cryptocurrency ransom demands will diversify.