Changpeng Zhao, CEO of Binance, speaks at a conference in 2018. REUTERS/Darrin Zammit Lupi/File Photo
BRATISLAVA, June 6 (Reuters) – In September 2020, a North Korean hacking group known as Lazarus broke into a small Slovakian crypto exchange and stole virtual currency worth some $5.4 million. It was one of a string of cyber heists by Lazarus that Washington said were aimed at funding North Korea’s nuclear weapons programme.
Several hours later, the hackers opened at least two dozen anonymous accounts on Binance, the world’s largest cryptocurrency exchange, enabling them to convert the stolen funds and obscure the money trail, correspondence between Slovakia’s national police and Binance reveals.
In as little as nine minutes, using only encrypted email addresses as identification, the Lazarus hackers created Binance accounts and traded crypto stolen from Eterbase, the Slovakian exchange, according to account records that Binance shared with the police and that are reported here for the first time.
“Binance had no idea who was moving money through their exchange” because of the anonymous nature of the accounts, said Eterbase co-founder Robert Auxt, whose firm has been unable to locate or recover the funds.
Eterbase’s lost money is part of a torrent of illicit funds that flowed through Binance from 2017 to 2021, a Reuters investigation has found.
During this period, Binance processed transactions totalling at least $2.35 billion stemming from hacks, investment frauds and illegal drug sales, Reuters calculated from an examination of court records, statements by law enforcement and blockchain data, compiled for the news agency by two blockchain analysis firms. Two industry experts reviewed the calculation and agreed with the estimate.
Separately, crypto researcher Chainalysis, hired by U.S. government agencies to track illegal flows, concluded in a 2020 report that Binance received criminal funds totalling $770 million in 2019 alone, more than any other crypto exchange. Binance CEO Changpeng Zhao accused Chainalysis on Twitter of “bad business etiquette.”
Binance declined to make Zhao available for an interview. Responding to written questions, Chief Communications Officer Patrick Hillmann said Binance did not consider Reuters’ calculation to be accurate. He did not respond to requests to provide Binance’s own figures for the cases identified in this article. He said Binance was building “the most sophisticated cyber forensics team on the planet” and was seeking to “further improve our ability to detect illegal crypto activity on our platform.”
As Reuters reported in January, Binance kept weak money-laundering checks on its users until mid-2021, despite concerns raised by senior company figures starting at least three years earlier. In response to that article, Binance said it was helping drive higher industry standards and the reporting was “wildly outdated.” In August 2021, Binance compelled new and existing users to submit identification.
With around 120 million users worldwide, Binance processes crypto trades worth hundreds of billions of dollars a month. The sector was hit by a sharp correction in May, its overall value slumping by a quarter to $1.3 trillion. Zhao said he saw “new found resiliency” in the market.
Meanwhile, his company is extending its reach into traditional business, announcing a $200 million investment in media group Forbes this year and committing $500 million to Tesla boss Elon Musk’s bid to take over Twitter. Forbes abandoned its plans to list publicly last week and a Forbes spokesperson said Binance’s investment would not take place. Musk didn’t respond to requests for comment.
The flow of illicit crypto through Binance, identified by Reuters, represents a small portion of the exchange’s overall trading volumes. Yet as policymakers and regulators, including U.S. Treasury Secretary Janet Yellen and European Central Bank President Christine Lagarde, voice concern over the illegal use of cryptocurrencies, the trade demonstrates how criminals have turned to the technology to launder dirty money.
For this article, Reuters interviewed law enforcement officials, researchers, and crime victims in a dozen countries, including in Europe and the United States, to assess the enduring impact of past gaps in Binance’s anti-money laundering rules.
Reuters reviewed detailed data about Binance client transactions on “darknet” sites – marketplaces for narcotics, weapons and other illegal items. Most of the data was provided by Crystal Blockchain, an Amsterdam-based analysis firm that helps companies and governments trace crypto funds. The data showed that from 2017 to 2022, buyers and sellers on the world’s largest darknet drugs market, a Russian-language site called Hydra, used Binance to make and receive crypto payments worth $780 million. Reuters cross-checked these figures with another analysis firm, which agreed with the findings.
In April, the U.S. Justice Department announced that U.S. and German law enforcement had seized Hydra’s servers. […]