Bitcoin hype pushes hackers to stash their money in lesser-known cryptocurrencies

Lesser-known cryptocurrencies like Monero, Dash and ZCash are all the rage in the criminal underground.
Fake coins with the Monero logo. (Getty)

Cybercriminals are increasingly moving away from bitcoin as their preferred digital currency in favor of lesser-known cryptocurrencies because of prolonged transaction delays, surging transaction costs and general market volatility, experts tell CyberScoop.

Although cybercriminals have been slowly moving away from bitcoin for months, researchers say a noticeable shift towards alternative coins — such as Monero, Dash and ZCash — occurred when bitcoin’s value skyrocketed over $19,000 for one bitcoin in mid-December. The price has drastically fluctuated between $12,000 and roughly $19,000 since then.

“Many cybercriminals emulate the operational best practices of legitimate businesses in order to minimize their overhead costs and maximize returns, and in the case of high transaction costs with bitcoin, it makes perfect sense to look at other coins with smaller overheads,” said Richard Henderson, a global security strategist with endpoint cybersecurity firm Absolute.

Experts say this shift does not necessarily mean that hackers have abandoned bitcoin altogether, but instead current conditions in the criminal underground may be forcing them to change their behavior.


“We’ve seen [dark web] sites pop up in recent months that market themselves on only accepting alternative cryptocurrencies “Monero Only” in the case of currently-down Libertas Market,” said Emily Wilson, director of analysis at Maryland-based dark web intelligence firm Terbium Labs. “Markets being able to operate and advertise based on alternative cryptocurrencies speaks to a slow but visible change in the system … Slow is key here, though. Market admins aren’t adjusting or reacting at the same pace as avid traders.”

The first sign of dissatisfaction from cybercrime syndicates with bitcoin’s performance began around mid-2017, according to Andrei Barysevich, director of advanced collection with Recorded Future.

“Ease of exchange into cash around the world, anonymity and almost instantaneous speed of transactions of even the smallest amounts led to bitcoin’s acceptance as a de-facto currency for the entire criminal underworld,” said Barysevich, but things have changed, challenging these same strengths.

The current situation, Barysevich explained, is different from just six months ago, when far less people were paying attention to bitcoin, pushing transactions through the blockchain and therefore filling up the market with demand.

The emergence of newer, privacy-focused technologies associated with Monero, Dash and ZCash, which make the funds extremely difficult to track has further attracted use by some cybercriminals. One digital payment option, known as Ether, for example, gained popularity recently for its obfuscation capabilities, experts said.


“We are starting to see Ether as a preferred payment option of some members primarily because of service support, which allows entirely anonymous registration, as well as the mixing infrastructure that helps criminals to further obfuscate transactions,” Barysevich told CyberScoop. “This said, we see Dash, ZCash and to some extent Monero as bitcoin’s likely successor [for cybercriminals], because several high-profile vendors of compromised credit cards have already migrated or will do so in the next few weeks.”

Recorded Future and Terbium Labs are far from the only firms to notice Monero’s rise.

“[We’ve noticed that] Monero is becoming increasingly prevalent,” Vitali Kremez, director of research with Flashpoint, told CyberScoop.

The rapid adoption of Monero by hackers is perhaps most evident through its implementation in various online, illegal marketplaces, said Kremez.

“Flashpoint’s has been closely tracking the shift in leveraging Monero as one of the leading currency for trading on various deep and dark web communities due to its advanced payment origin obfuscation algorithms,” Kremez said.


In July, international law enforcement partners including the FBI shut down AlphaBay, the largest dark web marketplace. AlphaBay allowed people to sell drugs, weapons, malware and other illegal material in exchange for cryptocurrency.

As part of the AlphaBay take down, police collaborated with various bitcoin exchange platforms to identify payments relating to illegal activity. While bitcoin was fundamentally designed to be anonymous, certain exchange platforms store data about users and their transactions.

Some say that working relationship may provide another reason for criminals to shy away using bitcoin.

“The lack of cybercriminal trust in bitcoin exchanges also leads to cybercriminals utilizing bitcoin less as a preferred currency,” said Kremez. “In 2017, the collaboration between bitcoin exchanges and law enforcement contributed largely to the major law enforcement wins – from the AlphaBay takedown arrests and the Dream administrator arrest.”

Latest Podcasts