In 2018, hundreds of millions of dollars were stolen from cryptocurrency services. About $1 billion was withdrawn by two highly professional hacker groups.

According to the recent report, Chainalysis revealed two professional hacker groups responsible for many cybercrimes. These two groups of hackers stole about $1 billion in cryptocurrencies from crypto services, mainly crypto exchanges. This is about 60% of losses in all publicly registered hacks.

On average, these groups managed to steal $90 million in cryptocurrencies per hacking incident.

“The hackers typically move stolen funds through a complex array of wallets and exchanges in an attempt to

disguise the funds’ criminal origins. On average, the hackers move funds at least 5,000 times,” the report reads.

Hackers withstand a period of 40 days or more, during which they do not move the stolen funds, waiting until interest in the theft has died down. As soon as they feel safe, they begin to cash out stolen assets. 50% of stolen funds were cashed through exchanges within 112 days after the hack, and 75% were cashed within 168 days.

According to Chainalysis, one of the hacker groups is a powerful, tightly controlled organization, partly driven by non-financial goals. They seem to be trying to create chaos in order to maximize profits. This group uses more sophisticated methods, skillfully shuffling means to avoid detection.

The second hacker organization seems to be less organized, focused primarily on obtaining financial profit. They are not so eager to remain in the shade, but to find a faster way to cash out stolen funds.

Studying cashing strategies of these two groups will ultimately help catch cybercriminals, Chainalysis believes.

Analysis of transactions shows that the first hacker group predominantly steals funds and immediately begins to mix them quickly. This group prefers to transfer money, making many transactions (up to 15,000 movements in one of the traced hacks). Hackers of this organization act relatively quickly, cashing out up to 75% of stolen assets within 30 days.

The second hacker group is ready to wait longer but also performs fewer transactions in order to “cover up” the tracks. This group steals funds and then stores them for 6–18 months before they cash out. Cashing out stolen assets is carried out in one transaction, during which up to 50% of the funds can be withdrawn in a few days or about $32 million at a time.