Cryptocurrency exchanges and platforms are increasingly targeted by financially motivated threat actors for direct financial theft amongst other cyber operations. Conversely, these services are also relied upon by cyber criminals for laundering money obtained from other criminal endeavours such as ransomware and Business Email Compromise (BEC). As cryptocurrencies are much more difficult to track in comparison to conventional money networks, the targeting and use of cryptocurrency exchanges may make the laundering and cash-out of stolen funds simpler for the threat actor. In addition, the security budgets of cryptocurrency entities do not come close to those of traditional financial institutions, making them easier targets that can still hold large amounts of liquid assets.
As Decentralised Finance (DeFi) platforms have been gaining attention in the cryptocurrency community, they have also been piquing criminal interest as potential marks and laundering mechanisms. DeFi platforms enable users to swap one type of cryptocurrency for another and directly transfer between wallets without being subject to know-your-customer checks and transaction recording, as would be the case on a standard cryptocurrency exchange.¹ Though there can be legitimate uses for DeFi, it can also be used illicitly for chain hopping, where adversaries can switch between types of cryptocurrencies in quick succession or through automation to make it extremely difficult to track sources and destinations of money. Several DeFi platforms have suffered cyber attacks in recent months.