FinCEN Links More Than $5 Billion in Bitcoin Transactions to Ransomware


FinCEN, the U.S. Financial Crimes Enforcement Network, linked more than $5 billion in bitcoin transactions to the most common ransomware variants out there. The organization stated in a report issued last week that the mean average total monthly suspicious amount of ransomware transactions was $66.4 million during the first two quarters of 2021. FinCEN also determined that the most used cryptocurrency associated with these activities was bitcoin.


FinCEN Dives Into Ransomware Attacks

FinCEN, the U.S. Financial Crimes Enforcement Network, found that more than $5 billion in bitcoin transactions were linked to payments made to the top-ten most popular ransomware variants. These findings were published by the institution in a report titled “Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021,” which summarizes the ransomware activity during the first two quarters of the year.

The report, which examines ransomware trends and their critical effect on infrastructure, states that 635 reports and 458 transactions were reported as of June. This number goes over the whole amount of incidents that were reported during 2021. Some of the most known incidents include the Colonial Pipeline attack, which caused shortages of gas all across the country.

Bitcoin the Preferred Crypto

The report also found that bitcoin was the most used cryptocurrency for ransomware-related transactions. In the examined period, FinCEN reported that the vast majority of payments associated with these incidents were requested to be made in bitcoin. However, there was a marginal increase in payments made with monero, a privacy-focused cryptocurrency.

Another interesting finding of the report is that most of the funds collected through these activities were directed to known entities such as exchanges and that techniques such as “Chain Hopping”, which involves changing one cryptocurrency into another, were being used to avoid detection by the authorities. The use of mixers is also an increasingly common occurrence, seeking to further obfuscate the paths of the mixed cryptocurrencies.

Defi applications could also serve to convert some of these currencies to others in order to exchange them freely on other, more liquid exchanges. FinCEN identified ransomware-related funds that were sent indirectly to addresses associated with open protocols for use on defi applications.

The institution advised organizations to be quick to file a suspicious activity report when a ransomware attack happens and to integrate intrusion detection systems in their cyber defense mechanisms.

What do you think about FinCEN’s latest ransomware report and its link to cryptocurrencies? Tell us in the comments section below.