The spread of disinformation is not recent, but bad actors are using novel tactics to facilitate these campaigns. The 2019 Mueller Report found that cybercriminals bought the tools used to hack Hillary Clinton’s presidential campaign with Bitcoin worth nearly $100,000. Chainalysis shares additional findings in its latest monthly report.
1. Malicious actors are paid in crypto
Russian nationals Ilya Gambashidze and Nikolai Tupikin helped the Russian government with disinformation campaigns, including deceiving people worldwide to undermine trust in their governments.
In March 2024, OFAC determined Gambashidze was using two crypto addresses to transfer his crypto payments. His wallets received USDT tokens worth more than $200,000 on the TRON network. After OFAC enforced sanctions, Tether froze the funds.
2. Concealing the purpose of funding
The paramilitary organization MOO Veche received funding in crypto, reportedly to help build a positive image of Russia. In its Telegram posts, MOO Veche openly asks for donations in crypto to buy weapons and send them to the Donetsk People’s Republic, which Russian-backed paramilitaries created in 2014.
3. Dark web services sell social media accounts for crypto
Dark web services have been selling as many as 5,000 Facebook accounts at a time, according to data cited by Chainalysis. These services typically advertise and sell accounts of people from the US, UK, or Ukraine. Ubar Store is one such example.
The Russian service, which boasts “more than 10,000 completed orders” on its site, claims to sell TikTok, Facebook, and ad accounts, including Google Ads. It accepts payments in crypto.
4. Anonymous offshore platforms host fake news sites
Bad actors rely on offshore web hosting providers to keep fake news websites online. One example is Shinjiru, a Malaysia-based company offering anonymous offshore web hosting. It hosted the DCLeaks.com website, an element of Russian interference in the 2016 US elections.
The site was registered with Shinjiru in April, launched in June of that year, and leaked emails from Hillary Clinton and the Democratic National Committee.
Shinjiru accepts Bitcoin and Ethereum as payment, along with traditional options. It has been linked with Epik, a US-based web service provider that hosted the far-right group Proud Boys, Neo-Nazi publication Daily Stormer, and the UK-based terror group Atomwaffen Division.
Shinjiru and Epik transfer funds to the same addresses at mainstream exchanges. Epik has also sent millions of dollars worth of Bitcoin to the scammer Arsyan Ismail, who then returned the funds to the same deposit addresses.
Blockchain activities hold clues and proof that can help authorities identify and disrupt bad actors. Chainalysis platform has been used to trace crypto transactions linked to illegal activity.
