The Europol wording on the head office in the Hague showing cybercrime and privacy coins

Europol’s Cybercrime Report Names Privacy Coins and Wallets, and Decentralized Markets as Top Cyberthreats

According to Europol’s cybercrime report, privacy coins like Monero and privacy-enhanced wallet services, like Wasabi and Samurai, are top cyberthreats. These privacy-enhanced digital services made it more challenging for law enforcement agencies to trace digital currency transactions, thus allowing cybercriminals to evade arrests. Europol conducted the research by collaborating and sharing information with EU member states, third-party countries, and the private sector. The cross-cutting crime research addresses key crime areas, namely, cyber-dependent crime, child sexual exploitation, and payment fraud. The European Cybercrime Centre (EC3) publishes the Internet Organized Crime Threat Assessment (IOCTA), its flagship strategic report on key findings and emerging threats, and developments in cybercrime.

Altcoins more frequently used in cybercrime transactions

The IOCTA report found that although Bitcoin remained the preferred method for cybercrime payment, other privacy coins such as Monero (XMR), ZCash (ZEC), and Dash were gaining ground. The report notes that Bitcoin maintained its popularity because of its wide adoption, reputation, and ease of use. Altcoins such as Ethereum and Litecoin also gained substantial ground as alternative payment methods for underground cybercrime services.

Criminals adopting privacy-focused wallets to store and launder money

Threat actors also used “privacy-enhanced wallet services using coinjoin concepts” and centralized mixers to store and launder their cybercrime money. Coinjoin protocols merge different transactions from unrelated individuals into a single transaction, making it harder to trace. Although these protocols do not erase the transaction history, tracing becomes challenging for law enforcement. For example, Samurai offers “remote wipe SMS commands” to delink transactions under distress.

Europol’s IOCTA report also found that dark web administrators were applying privacy-enhanced wallets to their underground payment methods. Popular wallets employing these protocols include Wasabi and Samurai wallets. In June, Europol reported that cybercriminals deposited over $50 million worth of privacy coins in these privacy-enhanced wallets.

Privacy coins mostly used for legitimate transactions

Despite cybercriminals exclusively using privacy coins for cybercrime, Europol’s report found increased digital currency use in legitimate transactions. The report found privacy coins were mostly used for legitimate transactions, with online criminal use amounting to just 1.1% of all transactions. Despite the low volume of illegal transactions, privacy coins pose a disproportionate cybersecurity risk.

Decentralized marketplaces among high priority threats

Europol’s report also found that threat actors were increasingly using other “privacy-focused, decentralized marketplace platforms,” such as OB1’s OpenBazaar and Particl.io. OpenBazaar is open for individual use and has no intermediaries to remove listing before publication. The platform has thousands of downloads on the Android market for its “Haven” mobile platform. IOCTA cybercrime report also found that decentralized markets were catching up with the Tor Network as the preferred methods for anonymizing online activity.

#Privacy coins and wallets, and decentralized markets, are top #cyberthreats, according to Europol's #cybercrime report. #cybersecurity #respectdata Click to Tweet

Other key IOCTA report findings

The Europol report found that the threat landscape was changing due to evolving threats. For example, surface web eCommerce platforms offered alternative output channels for dark web cybercrime goods and services. Such platforms were selling malicious digital goods, such as exploit kits, on behalf of cybercriminals. The supply of dark web goods and services also increased to include personal details, access to compromised systems, malware and ransomware services, and DDoS attacks.