Ransomware actors and cryptocurrency scammers have found a new ally in cloud Mining services, joining forces with nation-state actors to exploit these platforms for laundering their ill-gotten digital assets.

In a recent revelation by Google Mandiant, the North Korea-based APT43 group was exposed for utilizing hash rental and Cloud Mining Services to obscure their tracks and cleanse the stolen cryptocurrency.

Cloud mining services offer users the ability to rent computer systems and utilize their hashing power for mining cryptocurrencies, eliminating the need to manage mining hardware directly. However, according to Chainalysis, it is not solely nation-state hacking collectives that are capitalizing on these services.

A striking example involves the utilization of Mining Pools and wallets associated with ransomware actors, funneling funds towards a highly active deposit address on an undisclosed mainstream crypto exchange.

Astonishingly, this operation resulted in the transfer of $19.1 million from four ransomware wallet addresses and $14.1 million from three mining pools.

To obscure the origin of these funds, a significant portion was routed through a network of intermediary wallets and pools, creating the illusion that these proceeds derived from legitimate mining activities rather than ransomware.

The collective value of assets channeled from ransomware wallets through mining pools has surged from less than $10,000 in the first quarter of 2018 to an astounding $50 million in the first quarter of 2023.

Since January 2018, a staggering 372 exchange deposit addresses have received at least $1 million worth of cryptocurrency from mining pools, highlighting the pivotal role these pools play in the money laundering strategies of numerous ransomware actors.

Notably, scam operators, such as the BitClub Network, have also enlisted mining pools to merge their illicit Bitcoin gains with assets acquired from a Russia-based Bitcoin mining operation and BTC-e, a crypto exchange notorious for facilitating money laundering in the infamous Mt. Gox hack.

Deposit addresses linked to scam-related activities have received nearly $1.1 billion worth of cryptocurrency from mining pools since 2018, cementing the significant role these platforms play in facilitating the illicit movement of digital assets.

This demonstrates the extent to which crypto scammers and their associates rely on mining pools as an integral component of their money laundering endeavors.

The data indicates that mining pools have emerged as a crucial tool within the playbooks of ransomware actors, crypto scammers, and money launderers alike.