Cyber laundering can occur in two ways:
Instrumental cyber laundering
When at least one of the three stages of washing occurs digitally.
Online cyber laundering
When all three stages occur digitally.
In the case of online cyber laundering, the funds to be laundered already exist in digital form, which facilitates and speeds up the process. In this way, virtual currencies or cryptocurrencies are most commonly used to acquire other currencies. This type of cyber laundering is easily traced by the authorities as all transactions are visible on the blockchain, making it possible to find the addresses and wallets that form the final destination of the funds. This advantage does not necessarily lead to the identification of the natural person behind these wallets, but it often facilitates the recovery of funds.
However, cyber laundering presents a different challenge as it is a hybrid method. The currencies in question are often purchased with cash by the criminals themselves, causing a disruption in the traceability of the funds after the original cybercrime. This is made difficult when considering that, due to the possible high amount of cash involved, the purchase of these assets is done privately where the subjects are not obliged to comply with any control or reporting to the authorities.
The decentralised nature of cryptocurrencies also makes it difficult to recover funds as there is no possibility of intervention by central authorities and these assets cannot be confiscated. In the specific case of instrumental cyber laundering, greater emphasis on robust KYC controls and adequate due diligence training for frontline employees may be considered.
One way that has become common for money laundering takes advantage of e-commerce, as well as other internet businesses. The difficulty of detecting this type of laundering, as well as the ease of implementation, have made these methods favourable to criminals:
Sale of goods at high prices
Taking advantage of e-commerce facilities, cases have been detected of items being sold at very high prices. The publications appear to be legitimate, but often the prices do not seem to correspond to the item.
As an example, publications of electronic books (ebooks) were found listed for up to USD 2,000 whose title and content were meaningless words. However, legitimate books were also found to be sold without proper authorisation for money laundering.
A similar example is the sale of video game items (virtual items) in video game marketplaces. Such items often facilitate game progress and are purchased for high prices by gamers. These items have also been targeted by criminals to launder money by pretending to sell them.
False rents
The growing popularity of apps for advertising and renting houses and flats has been used by criminals in conjunction with complicit landlords to fake rentals and generate revenue to launder illicit funds. In several cases, fraudulent cards have been used to generate the transactions.
Similarly, these apps have been used to advertise and rent properties that have been obtained with laundered money to generate licit income.
Phantom journeys in transport applications
The popularity and emergence of more and new ridesharing apps has allowed criminals to team up with accomplice drivers to generate phantom rides and make payments with illicit funds. Similar to fake rentals, cards are often fraudulently used to accomplish these transactions.
A similar notorious case involved Russian cybercriminals who created an app emulator that allowed them to run an Android simulator on a laptop while using a ridesharing app. The hackers faked the desired location (same as the driver) via a VPN to act as an intermediary between the passenger and the driver. Discount codes were often used on the simulator app while the passenger paid the full fare, so that the scam money was easily legitimised.
Although these types of scams do not generate high revenues, the cases observed appear to have been stable and difficult to detect, and were also used as a service offered to criminals to protect their identity. In several cases it was also observed that discount codes were used to pay the app, while the passenger paid the criminals by another means, obtaining a favourable fare.
Micro-laundering and micro-transactions
Taking advantage of mobile or digital payment applications, criminals have often evaded anti-money laundering controls (where they exist) through thousands of small payments using multiple accounts. The size of the payments often makes them undetectable as they are inconspicuous and spread across a wide network of accounts.
Cryptocurrencies
Although many cryptocurrency exchanges are regulated to some extent, it is common for criminal actors to register under stolen or synthetic identities to gain access to one or more accounts. This happened in a case detected in Australia, where the criminal deposited the equivalent of USD 31,100 in Australian dollars at a cryptocurrency ATM and then transferred these funds to nine accounts at the exchange.
Bets
In a Hong Kong case, an illegal gambling syndicate used stored value accounts (SVF) under the names of its employees. Players transferred money into these accounts to obtain points that were used for online gambling and could be exchanged for cash by fiat through the bookmakers' SVF transactions. Subsequently, the money in the SVF accounts was transferred and converted at bureaux de change.
NFTs
The emergence of this new asset class has led to the adaptation of money laundering modalities related to works of art with non-fungible tokens. It is estimated that at least USD 44.2 billion in cryptocurrencies were sent in Ethereum smart contracts associated with NFT marketplaces. Blockchain analysis of these transactions traced funds sent from illegal addresses or associated with criminal activity.
The research firm that uncovered this case found that the funds, though small in comparison, showed a trend of growth during 2021, starting at USD 1 million and rising to USD 1.4 million by the last quarter of the year.
It is important to consider that technology, despite the benefits it provides, will continue to create new challenges as it advances and cybercrime finds new ways to exploit it. However, the principles and stages of money laundering have remained the same in all observed cases, even if the methods change. It is therefore important to reinforce controls, good practices and training of frontline staff in due diligence.