How to Cash In Stolen Bank Account Credentials Using Bitcoin

How to Cash In Stolen Bank Account Credentials Using Bitcoin

Siphoning money from banks accounts has always been challenging for cyber criminals. A fresh tutorial exposed by IntSights Cyber Intelligence Analysts exposes some novel methods of accomplishing this.

When it comes to cybercrime, no one pulls a gun, violates into a physical safe or picks a wallet from someone’s pocket. Crimes are committed in the virtual domain, and cybercriminals love the safety of operating at their pajamas, stealing money from people thousands of miles away, at relatively low risk. There is, however, one drawback to this otherwise “perfect” crime scheme: in the end, criminals want to get the money into their own wallets. Until very recently, this meant actual, physical money.

The tutorial, from the aptly named site: siph0n

Crossing the virtual/physical barrier has always been complicated, not to mention risky. In the early days of cybercrime, criminals discovered that buying things online (using stolen money), and shipping it to their actual addresses was not a good idea. So, they developed other ways to monetise cyber criminal activities – very first and foremost: the cash mule. The cash mule is at the bottom of the cybercrime food chain – the worst off individual who takes the greatest risks.

These poor (literally – some cash mules recruited were homeless) individuals were given the task of withdrawing money from ATMs using stolen credit cards and credentials (stolen from people around the world, sold on underground carding stores, printed on plastic cards and sent to the cash mules). Mules were at higher risk of being caught because they frequented bank branches with movie security camera. Plus, if they withdrew large amounts of cash which did not seem compliant with their poor exterior (for more information see the following link).

The last duo of years has seen a shift in the methods of exploiting cybercrime. The emergence of virtual currencies permit cybercriminals to switch currencies, send money abroad, and convert it to another currency using various services, semi-legitimate currencies (such as virtual currencies used for online gaming or gambling), and wire services. The conversion inbetween actual currencies and virtual ones, or from one virtual currency to another generally takes place via online exchangers. Most of these services are legitimate, operating within the digital underground economy, with extra security for their customers.

Assuming one gained access to an actual, live bank account, however, there remained the challenge of transferring money out. Recently, IntSights’ cyber intelligence analysts have discovered a site on the darknet which provides a detailed tutorial on how to cash-out bank accounts to bitcoin. According to the site, to accomplish this one needs:

1. A hacked bank account – they suggest an account with Five,000 US$ or more, to verify it’s active. The site has a tutorial explaining how to obtain this.

Two. A throwaway email account

Trio. A burner (one time) phone number

The process is ordinary: head to a darknet cybercrime store and buy the credentials to a legitimate bank account. Then, open an account on, or All three sites suggest a similar service. They permit someone to purchase bitcoins with a stolen bank account.

On, one can monitor their account and be notified via email when deposits are made. Acknowledging the automatic fraud detection mechanism employed by banks and bitcoin exchange services, the site suggests to keep the very first withdrawal low (around $50). It also states that the “chances that Coinbase will flag your transaction will be VERY low. After a successful very first transaction, feel free to bump up the withdrawal to $100 and keep bumping it up after every successful transfer”. Once the money has been converted to bitcoins it can be sent to any other bitcoin wallet and is virtually untraceable.

The site also provides handy tips for successful withdrawals, such as:

· When buying bitcoins, make sure to buy amounts that look like random purchases; E.g., $39.95 or $44.23 instead of $40 or $50. This will look less suspicious to the account holder if they notice the charge, ensuring that they will be less likely to suspect fraud and switch sides the transaction.

· Target accounts that hold $1,000-$Five,000. People with more money are less likely to be proactive when they see random charges. If they spot the transaction, they tend to take a duo days before they investigate and report it, which permits enough time to receive BTC and transfer out of the account.

· The best days to initiate transfers are Friday, Saturday, Sunday and Monday. After making a purchase, the charge will showcase up on a bank statement within two days. BTC will hit the Coinbase account two days after that.

· Be sure to anticipate when you will receive the bitcoins so you can instantaneously transfer them to your wallet.

· Business accounts are the best because owners are less responsive when they spot random charges. Plus, usually, they only check their online statements a duo times a month.

Overall, this is a fairly plain method, and will generally permit for safe, quick utilisation of stolen bank credentials. That’s fine for the cybercriminals, but does mean that anyone who suspects they have been a victim of such activity should request that their bank inspect their accounts instantly.

This post was written by IntSights Intelligence Analyst, Agam Gabay.

Related video:

Leave a Reply