August 13, 2021

A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “Antinalysis,” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.

Sample provided by Antinalysis.

“Worried about dirty funds in your BTC address? Come check out Antinalysis, the new address risk analyzer,” reads the service’s announcement, pointing to a link only accessible via Tor. “This service is dedicated to individuals that have the need to possess complete privacy on the blockchain, offering a perspective from the opponent’s point of view in order for the user to comprehend the possibility of his/her funds getting flagged down under autocratic illegal charges.”

The ad continues:

Some people might ask, why go into all that? Just cash out in XMR and be done with it. The problem is, cashing out in Monero raises eyebrows on exchanges and mail by cash method is sometimes risky as well. If you use BTC->XMR->BTC method, you’ll still get flagged down by our services labelled as high risk exchange (not to mention LE and exchanges). Our service provides you with a view from LE/exchange’s perspective of things (with similar accuracy, but quite different approach) that provides you with basic knowledge of how “clean” your address is.”

Tom Robinson, co-founder of blockchain intelligence firm Elliptic, said Antinalysis is designed to help crypto money launderers test whether their funds will be identified as proceeds of crime by regulated financial exchanges.

“Cryptoassets have become an important tool for cybercriminals,” Robinson wrote. “The likes of ransomware and darknet markets rely on payments being made in Bitcoin and other cryptocurrencies. However, laundering and cashing-out these proceeds is a major challenge.”

Cryptocurrency exchanges make use of blockchain analytics tools, he said, to check customer deposits for links to illicit activity. By tracing a transaction back through the blockchain, these tools can identify whether the funds originated from a wallet associated with ransomware or any other criminal activity.

“The launderer therefore risks being identified as a criminal and being reported to law enforcement whenever they send funds to a business using such a tool,” Robinson said. “Antinalysis seeks to help crypto launderers to avoid this, by giving them a preview of what a blockchain analytics tool will make of their bitcoin wallet and the funds it contains.”

Each lookup at Antinalysis costs roughly USD $3, with a minimum $30 purchase. Other plans go as high as $6,000 for 5,000 requests.

Robinson says the creator of Antinalysis is also one of the developers of Incognito Market, a darknet marketplace specializing in the sale of narcotics.

“Incognito was launched in late 2020, and accepts payments in both Bitcoin and Monero, a cryptoasset offering heightened anonymity,” he wrote. “The launch of Antinalysis likely reflects the difficulties faced by the market and its vendors in cashing out their Bitcoin proceeds.”

Elliptic wasn’t impressed with the quality of the intelligence provided by Antinalysis, saying it performs poorly on detecting links to major darknet markets and other criminal entities. But with countless criminals now making millions from ransomware, there is certainly a vast, untapped market for services that help those folks improve their operational security.

“It is also significant because it makes blockchain analytics available to the public for the first time,” Robinson wrote. “To date, this type of analysis has been used primarily by regulated financial service providers.”

That may not be entirely true. Nick Bax is an independent expert in tracing cryptocurrency transactions, and he said it appears Antinalysis may be little more than a clone of AMLBot, an anti- anti-money laundering intelligence service that first came online in 2019.

AMLBot’s user interface.

“It looks almost identical to the cheap version of AMLBot,” Bax told KrebsOnSecurity. “My guess is they’re just white-labeling that.”

Bax said a lookup at AMLBot on the virtual currency address used in the sample provided by Antinalysis shows a near identical result. Here’s AMLBot’s result for the same crypto analysis performed by Antinalysis in the screenshot at the top of this story:

AMLBot’s response for the same cryptocurrency address provided as an example by Antinalysis.

“If you look at the breakdown the percentages are all almost identical,” Bax said. “I use AMLBot occasionally for good and righteous purposes. And it could also be useful for people who are just selling stuff online to make sure they aren’t receiving tainted funds.”

Update, 1:42 p.m. ET: Corrected the story to note that AMLBot has been around since 2019.

Update, 1:52 p.m. ET: Elliptic updated its blog post to confirm the connection between Antinanlysis and AMLBot, noting that AMLBot itself is a reseller of yet another service: “As first suggested in an article by Brian Krebs, we can now confirm that the results provided by Antinalysis are identical to those provided by AMLBot. It is therefore likely that Antinalysis makes use of the AMLBot API. AMLBot is itself a reseller for Crystal Blockchain, an analytics provider.”


9 thoughts on “New Anti Anti-Money Laundering Services for Crooks

    1. Mike Hunt

      such a subjective statement. You should update it to say “Some person is already planning…”

  1. Gary

    The “infrastructure” bill has/had provisions to crack down on IRS fraud. The last person I would have suspected to defend crypto currency is Ron Wyden. Unfortunately he isn’t my congressman but if you live in his district you may want to clarify his stance on fighting crime associated with cryptocurrency.

  2. Tom M

    A great reminder that anyone working to prevent financial crime, fraud or cyber-enabled financial crime is working against living-breathing opponents. As part of that effort, those opponents are going to be watching what those targeting them are doing and attempting to learn as much as possible (what they are doing, how they do it, what they are thinking of doing and how they plan to do it).
    It is, as Kurt points out, a series of move/counter-move or trace/trace-bust.

  3. MyMileStone Card

    Thanks for the information, I will try to figure it out for more. Keep sharing such informative post keep suggesting such post.

  4. C. Jackson

    Thank you for sharing this info with us, very informative. Please continue keep us updated on such matters.

  5. J. Beeler

    Thanks for all you do. I don’t always read every article you post but I do read some and appreciate your efforts on everyones behalf to stay safer.

  6. Kashif Khan

    Once you’ve found your perfect freelancer crm, most of the hard work is over. The next step is to familiarize yourself with this new business software tool, and set it up in a way that will help you accomplish important business objectives.A good CRM will help you automatically log and act on email conversations with clients and prospective clients.

Comments are closed.