A new dark web service is being marketed to cyber criminals curious how their various cryptocurrency holdings and transactions can be linked to known criminal activity. Synchronized “Anti-analysis “, The service is intended to provide insight into how law enforcement agencies and private companies might flag their own payment activities trying to link suspicious cryptocurrency transactions to real people.
“Concerned about dirty funds in your BTC address? Take a look at Antinalysis, the new address risk analyzer, ”says the service’s announcement, referring to a link that is only accessible via ToR. “This service is aimed at people who need complete privacy on the blockchain and offers an adversary perspective so the user can understand the possibility that their money is being flagged under autocratic illegal charges. ”
The display continues:
Some people may ask why go into all of this? Simply withdraw in XMR and you’re done. The problem is that paying out in Monero raises eyebrows at exchanges and mailing it in cash is sometimes risky too. If you use the BTC-> XMR-> BTC method, you will still be flagged by our services which are flagged as high risk exchanges (not to mention LE and exchanges). Our service offers you a look from the perspective of LE / exchange (with similar accuracy, but completely different approach), which gives you a basic understanding of how “clean” your address is. “
Tom Robinson, Co-founder of the blockchain intelligence company Elliptical, Antinalysis said to help crypto-money launderers test whether their funds are being identified by regulated financial exchanges as the proceeds of crime.
“Cryptoassets have become an important tool for cyber criminals,” Robinson said wrote. “Ransomware and darknet markets depend on payments in Bitcoin and other cryptocurrencies. However, washing and paying out this income is a great challenge. “
Cryptocurrency exchanges use blockchain analytics tools to screen customer deposits for links to illegal activity. By tracking a transaction through the blockchain, these tools can determine if the funds came from a wallet that is linked to ransomware or other criminal activity.
“The launderer therefore risks being identified as a criminal and reported to law enforcement agencies if he sends money to a company using such a tool,” said Robinson. “Antinalysis wants to help crypto-launderers avoid this by giving them a preview of what a blockchain analysis tool will do with their Bitcoin wallet and the funds it contains.”
Each Antinalysis lookup costs approximately $ 3 with a minimum purchase of $ 30. Other plans go up to $ 6,000 for 5,000 requests.
Robinson says the creator of Antinalysis is also one of the developers of Incognito Market, a darknet marketplace that specializes in the sale of narcotics.
“Incognito was launched in late 2020 and accepts payments in Bitcoin and currency, a crypto asset that offers increased anonymity, ”he wrote. “The introduction of Antinalysis likely reflects the difficulties that the market and its providers are facing in cashing out their Bitcoin proceeds.”
Elliptic wasn’t impressed with the quality of the information Antinalysis provided and said it did poorly at detecting links to major darknet markets and other criminal entities. But with countless criminals now making millions on ransomware, there is certainly a huge, untapped market for services that can help these people improve their operational security.
“It is also important because it is the first time it makes blockchain analytics available to the public,” wrote Robinson. “So far, this type of analysis has mainly been used by regulated financial service providers.”
That may not be entirely true. Nick Bax is an independent expert in tracking cryptocurrency transactions, and he said that Antinalysis appears to be little more than a clone of AMLBot, an anti-money laundering intelligence agency that first went online in 2019. AMLBot’s first advertisement was in Russian, while Antinalysis first appeared in an English-speaking darknet market.
“It looks almost identical to the cheap version of AMLBot,” Bax told KrebsOnSecurity. “My guess is they’re just doing this white labeling.”
Bax said a look on AMLBot at the virtual currency address used in the sample provided by Antinalysis shows a nearly identical result. Here is the result from AMLBot for the same cryptanalysis performed by Antinalysis in the screenshot above in this story:
“If you look at the breakdown, the percentages are all almost identical,” said Bax. “I use ALBot on occasion for good and righteous purposes. And it could also be useful for people who only sell things online to make sure they don’t get any tainted funds. “
Update, 1:42 p.m. ET: The story has been corrected to state that AMLBot has existed since 2019.