If you ever wondered where all the millions lost to cybercrime and scams go and what damage they could do, read more below:
Delhi Police’s special cell was investigating the case of cryptocurrency worth Rs. 4 Crore that was stolen from the wallet of West Delhi businessman. This was back in 2021. They tried to trace some recipient wallets but quickly ran into a stone wall. Cut to present day. Israel’s intelligence agency Mossad shared a list of suspect wallets operated for terror funding as part of routine exchange of intel with India. And bam! The scrub leads to a match that links the Delhi theft to wallet addresses that were operated by the Hamas, after being routed through various private wallets. (Hamas reportedly further transferred some funds to a UK based gambling site.) It has now come to light that Hamas has been funding terror activity by actively hacking Pro-Israeli nations, like India.
Reminds me of a similar case I remember reading back in July, although it was a different terror outfit. There were 15,000 Indian victims in an investment scam of over Rs. 700 Crore involving a fraudulent investment app. And the money was laundered overseas through crypto and some of the crypto transactions were linked to a Hezbollah wallet (and I quote, “labelled as wallet belonging to terror financing module”).
A few trends to note here.
- Crypto is becoming a favorite go to channel for terror funding. (Yes, I have seen screenshots of donation programs being run by a designated terror outfit on Telegram and other channels asking for crypto.)
- On the other side, most of the scam and online fraud ‘earnings’ are exited to crypto, which typically crosses borders overseas to get laundered.
- Putting a and b together it seems obvious the ramifications of the 1000’s of crores that are being lost to scams and online fraud. And how dangerous this money can be in the wrong hands.
As we think about this as fin crime professionals, the first thing that came to my mind is hey how do we write strategy to capture this. In hindsight, writing rules for money laundering is relatively straight forward and typically where we spend most of our calories in financial intelligence. The largely predefined scenarios tend to lean towards money movements and their anomalies, velocity, liquidity infusion, structuring, high risk geographies, sanction list etc. CTF on the other hand, is the trickier cousin.
OFAC at one point blacklisted several bitcoin wallet addresses. Turns out at the time of the block there was no balance left in the wallet, as all the digital assets stood withdrawn. Writing rules is hard. Freezing or seizing wallets is usually too late. What could be a good solution?
One could be a mass crowdsourcing mechanism for reporting active wallets. Phishbowl is a starting point, and we thank our customers for regularly reporting wallet addresses associated with scams. And this is quite effective. Hopefully we can capture those associated with terror modules as well. What are your thoughts on how we can choke this unhealthy nexus of terror and cybercrime?