Cryptocurrency crash triggers crisis for dark web exchanges

The decline in the value of cryptocurrencies has created a cash rush that is pushing many underground exchanges to their breaking point.

According to research from security company Cybersixgill, cybercriminals are looking to protect their pilfered funds by moving them from cryptocurrencies to fiat currencies, forcing some prominent underground exchanges toward bankruptcy.

Operating on the dark web away from the prying eyes of law enforcement, the exchanges allow criminals to make transactions and potentially launder their ill-gotten gains by shifting the stolen funds from fiat cash to various cryptocurrencies -- while paying the exchanges steep transaction fees for their discretion.

Ideally, the exchanges retain a healthy mixture of cryptocurrency and fiat money, without either being too heavily in demand. That, however, has changed amid the larger crash in cryptocurrency prices.

"As crypto prices fell, actors turned to these exchanges to dump it for fiat," explained Dov Lerner, security research lead at Cybersixgill, in a blog post Thursday. "They quickly ran out of their dollar reserves (or their operators also feared losses from buying more crypto), and they ended operations."

Cybersixgill analyzed 34 actors operating dark web exchanges this spring and found that none of them were advertising their platforms. While many of the actors were still active on hacker forums, none of them were promoting their exchanges after early April, when many cryptocurrency values plummeted.

Lerner noted that despite operating underground and spreading business by word of mouth in cybercrime forums, launching an underground exchange is no simple task and requires significant resources to get off the ground. As such, replacing the bankrupted exchanges will be no easy task, particularly as cryptocurrency prices continue to decline.

"Actors need to build reserves of several currencies and design mechanisms to accept payments in various platforms," Lerner wrote. "They also need to market themselves to be discovered and build a reputation so they will be trusted."

The forum traffic is also key to confirming that the shutdowns are likely to be long term, if not permanent. Lerner noted that many of the exchange operators have also gone quiet in cybercrime forums after years of almost daily postings to advertise their services, suggesting that a rebrand or relaunch is not planned.

"Generally, actors that run shops on the underground will promote them frequently on forums, even daily, to ensure that people know about them," Lerner told SearchSecurity. "So if they aren't posting about them anymore, I think it's safe to say that they're gone."

With the exchanges going dark, Lerner said it will be more difficult for cybercriminals to shift their stolen money around. The researcher noted, however, that defenders should avoid getting too excited, as many of the largest and most prolific cybercrime groups will likely be able to continue operations unscathed.

"These exchanges are probably mostly used by less sophisticated actors, who will now be stuck without a way to swap funds," Lerner said in the blog post. "[The] more advanced cybercrime groups, we imagine, have more complex ways to exchange and launder money and they will undoubtably find ways to continue doing so."

Cybersixgill isn't the only vendor to notice significant cryptocurrency activity on the dark web during the spring. Blockchain analytics vendor Chainalysis published a report Thursday on cryptocurrency mixers, which are designed to hide cryptocurrency transactions from governments and law enforcement. Chainalysis found that mixer usage reached an all-time high in mid-April, with a 30-day moving average of $51.8 million in cryptocurrency.

However, that 30-day average quickly fell to less than $20 million. Chainalysis noted that the spike in activity was largely driven by cybercriminals and nation-state threat groups such as North Korea's Lazarus Group, which used mixers to obscure cryptocurrencies stolen from various victim organizations such as Axie Infinity game developer Sky Mavis.