How are cryptocurrencies used in carding? (Buying cryptocurrencies with stolen cards, money laundering)

[Student]

For educational purposes, I will go into detail about the use of cryptocurrencies in carding, including the mechanisms, tools, stages, risks, and countermeasures. The goal is to explain how attackers exploit cryptocurrencies to emphasize the importance of cybersecurity and awareness. I avoid instructions that can be used for illegal activities and focus on analyzing the processes and their consequences.

What is carding and why cryptocurrencies?​

Carding is a cybercrime involving the use of stolen bank card data (number, CVV code, owner name, expiration date) to make unauthorized transactions. This could be the purchase of goods, services, digital assets, or the conversion of funds into cryptocurrency and subsequent laundering. According to the analytical company Chainalysis, about $22.2 billion was laundered through cryptocurrencies in 2023, a significant portion of which is related to carding.

Why are cryptocurrencies popular in carding?

1. Pseudonymity: Bitcoin (BTC), Monero (XMR) and other cryptocurrencies do not require you to reveal your identity when creating wallets, unlike bank accounts.
2. Transaction speed: Cryptocurrency transfers take minutes, allowing you to move funds quickly.
3. Globality: Cryptocurrencies are not tied to a specific jurisdiction, which complicates the work of law enforcement agencies.
4. Decentralization: The absence of a central authority (like banks) makes it difficult to block transactions.
5. Mixers and anonymous coins: Tools like tumblers and privacy-enhanced cryptocurrencies (Monero, Zcash) disguise the origin of funds.

How Cryptocurrencies Are Used in Carding​

Carding using cryptocurrencies includes several stages: data theft, cryptocurrency purchase, cashing out or laundering. Let's consider each stage in detail.

1. Theft and acquisition of card data​

How do they steal data?

• Phishing: Fraudulent websites impersonating banks or stores collect card data. For example, phishing attacks increased by 40% in 2024 (according to APWG).
• Skimming: Devices on ATMs or POS terminals read card data. In the U.S., there will be 150,000 cases of skimming in 2023.
• Database hacking: Hackers target retailers or payment systems. Example: Target leaked 40 million cards in 2013.
• Darknet Markets: Card data is sold on marketplaces such as BidenCash, AllWorld Cards, or formerly UniCC. The price per card ranges from $1 (expired data) to $100 (premium cards with high balances).

Data purchase: Carders use cryptocurrencies (usually BTC or XMR) to purchase "dumps" (full card data) or "CCs" (cardholder credentials) on darknet forums or Telegram channels. For example, in 2023, $1.2 billion worth of data was sold through Telegram channels, 60% of which was paid in BTC.

Technical details:

• Carders use automated bots (such as those written in Python) to check the validity of cards through microtransactions.
• For anonymity, VPN, Tor or proxy servers (for example, NordVPN, ProtonVPN) are used.

2. Buying cryptocurrencies with stolen cards​

Once card data is received, carders convert it into cryptocurrency to quickly "exit" the fiat system. This step includes:

Platforms for purchase:

• Cryptocurrency exchanges: Binance, KuCoin, Bybit or local platforms (e.g. Garantex in Russia). Attackers choose exchanges with minimal KYC (Know Your Customer) or use fake documents.
• P2P exchangers: LocalBitcoins (until closing in 2023), Paxful or Telegram bots, where crypto is bought directly from individuals.
• Instant purchase services: MoonPay, Simplex, Banxa, where you can buy crypto from a card without registration.
• Crypto ATMs: In some countries (eg US, Russia) carders use Bitcoin ATMs by entering stolen card details.

Process:

1. The carder chooses a platform with low verification requirements.
2. Using the card data, he buys cryptocurrency (BTC, ETH, USDT). The amounts are usually small ($100–$500) so as not to arouse suspicion.
3. The crypto is transferred to an anonymous wallet (for example, Electrum, Wasabi Wallet).
4. For mass transactions, bots are used that test hundreds of cards simultaneously, making small transactions.

Case Study: In 2022, a group of Eastern European carders used stolen cards to purchase $17 million in BTC through an exchange without KYC. The funds were then processed through the Tornado Cash mixer.


Risks to platforms:

• Exchanges risk reputation and fines. In 2021, Binance received a warning from regulators for insufficient AML (Anti-Money Laundering) controls.
• Platforms are strengthening KYC: passport verification, biometrics, transaction analysis via Chainalysis or Crystal Blockchain.

3. Money laundering through cryptocurrencies​

After purchasing cryptocurrency, carders launder the funds to hide their origin. This process involves three stages: placement, layering, and integration.

Stage 1: Placement Dirty money is introduced into the system. This already happens when buying crypto with a stolen card. The funds are transferred to an anonymous wallet or exchange.

Stage 2: Layering The goal is to obscure the tracks through complex transaction chains. The main methods are:

• Mixers and tumblers: Services like Tornado Cash (before sanctions in 2022), Blender.io or ChipMixer mix crypto with other transactions. For example, Tornado Cash laundered $7 billion from 2019 to 2022, including funds from carding.
• Multi-tiered transfers: Crypto is transferred between dozens of wallets, often across different blockchains (BTC → ETH → XMR).
• Anonymous coins: Monero or Zcash are used, where transactions are harder to track due to built-in privacy.
• DeFi protocols: Funds are invested in decentralized finance (Uniswap, PancakeSwap), where tokens are exchanged without KYC.
• NFTs and Gaming Platforms: Buying non-fungible tokens or in-game assets (such as in Axie Infinity) that are then sold for "clean" crypto.

Stage 3: Integration Funds are returned to the economy as legal. Examples:

• Cashing out through intermediaries: "Drops" or "mules" (front men) exchange crypto for fiat through banks, exchangers or payment systems (Qiwi, WebMoney).
• Asset purchase: Crypto is spent on real estate, cars or goods through front men.
• Casino and betting: Funds are swung through an online casino where crypto is exchanged for chips and then withdrawn as "winnings".
• P2P transactions: In Russia, exchangers in Telegram or through marketplaces (Wildberries, Ozon) are popular, where crypto is converted into goods or cash.

Statistics: $2.09 trillion was laundered through crypto exchanges in Russia in 2024, some of which was related to carding. Globally, 23% of laundered funds in 2023 went through DeFi and mixers, according to Chainalysis.

Technical aspects and tools​

Carders use specialized tools to increase efficiency and anonymity:

• Card checking bots: Programs (e.g. Python or C#) automate card testing via payment system APIs (Stripe, PayPal). They check validity via microtransactions (e.g. $0.01).
• Tor and I2P: Networks for anonymous access to darknet markets.
• Crypto wallets: Wasabi Wallet (with CoinJoin feature), Samourai Wallet or hardware wallets for storage.
• Anonymous exchanges: KYC-free platforms such as Bisq or Hodl Hodl, although their popularity is declining due to regulations.
• Fake documents: Carders buy passport scans or generate them via Photoshop to pass KYC.

Attack example: In 2023, a Russian group of carders used a botnet to check 10,000 cards per hour, buying $500,000 worth of BTC through P2P exchanges on Telegram.

Risks and consequences​

For victims:

• Financial losses: Average loss from one card is $500–$2000.
• Data leakage: Personal data may be used for blackmail or other attacks.
• Legal complications: Recovering funds through the bank takes months and success is not guaranteed.

For carders:

• Legal implications: In the US, carding is punishable by up to 7 years in prison under 18 USC § 1029 (fraud with access devices). In Russia - up to 7 years under Art. 159.6 of the Criminal Code of the Russian Federation (cyberfraud) or Art. 174 (money laundering). Example: in 2021, the leader of the Infraud group received 10 years for damages of $568 million.
• Asset freezes: Exchanges are freezing suspicious wallets and mixers (like Tornado Cash) have been sanctioned by OFAC.
• Tracking: Chainalysis and Elliptic analyze the blockchain, identifying 70-80% of "dirty" transactions. In 2023, law enforcement confiscated $1.7 billion in crypto.

For platforms:

• Fines for weak AML: Binance fined $4.3 billion in 2024
• Reputational Losses: Platforms caught laundering money lose users.

Countermeasures​

For users:

1. Data protection:
   • Use 2FA (two-factor authentication) for banking apps.
   • Set up real-time transaction notifications.
   • Avoid entering card details on suspicious websites.
2. Monitoring:
   • Check your card statements weekly.
   • Use leak monitoring services (Have I Been Pwned).
3. Actions in case of theft:
   • Block your card immediately through your bank.
   • File a report with the police and Rosfinmonitoring (in the Russian Federation).
   • Contact the exchange if the crypto was purchased with your card.

For exchanges and banks:

• AML/KYC Enhancement: Passport verification, biometrics, IP analysis.
• Blockchain Analytics: Chainalysis, TRM Labs tools identify suspicious wallets.
• Microtransaction Limits: Banks block small test charges (e.g. $0.01).
• Cooperation with authorities: In 2024, Interpol confiscated $300 million in crypto thanks to exchange data.

Government measures:

• In Russia, since 2023, exchanging crypto for fiat is considered money laundering if a connection to a crime is proven.
• The US and EU impose sanctions against mixers and exchanges without licenses.
• In the Russian Federation, the law on the regulation of cryptocurrencies (No. 259-FZ of 2024) obliges exchanges to report suspicious transactions.

Examples from practice​

1. UniCC (2011–2022): Largest darknet card marketplace, handling $358 million in BTC. Shut down after leaders were arrested in 2022.
2. Tornado Cash: Mixer laundered $7 billion, including funds from carding. In 2022, it fell under US sanctions, but analogues continue to work.
3. Russian market: In 2024, $800 million was laundered through Telegram channels and exchangers (UAPS, PinPays), some of which was related to carding.

Conclusion​

Cryptocurrencies make carding easier due to speed, pseudonymity, and access to laundering tools (mixers, DeFi, P2P). However, blockchain analytics and increasing regulation make such schemes increasingly risky. For educational purposes, it is important to understand how these processes work in order to protect your data and finances. Use reliable platforms, monitor security, and do not trust suspicious services. If you become a victim, immediately contact your bank and law enforcement.

If you want to delve deeper into a specific aspect (for example, blockchain analytics or protection against carding), ask and I will give a more detailed analysis.