Report: Hackers Laundered $13 Million On Twitch

Report: Hackers Laundered $13 Million On Twitch
Image: Twitch | Kotaku

After an investigation into last month’s leaked data, it has been alleged that a group of hackers laundered almost $US10 (AU$13) million in illegally-obtained funds by making a ton of tiny donations to Twitch streamers.

As MEE and Gamegar report, data related to the Turkish market revealed some funny stuff going on, with large donations being made in tiny amounts — through the platform’s “cheering currency” Bits — to relatively small-time streamers.

Twitch transfers one per cent of income obtained through Bit to the individual streamers. Some were found to be earning up to $US1,800 (AU$2,423) a day, despite have just 40 to 50 viewers.

Under the scam, hackers firstly allegedly stole or obtained the credit card information of random individuals. They then negotiated deals with Twitch streamers to send them large payments of money through Bit.

The streamers would then refund 80 per cent of the money they received to different bank accounts belonging to the hackers, effectively laundering the money.

$US9.8m was laundered through 2,400 Turkish streamers over the past two years.

Having been suspected privately for a few weeks after irregularities in streamer’s incomes were noticed, the effort came to public prominence when Turkish streamer Grimnax shared some Discord screenshots, reportedly showing the hackers reaching out to him and asking if he’d like to take part in their scam:

High-profile Turkish streamer Jahrein, who has 1.7 million Twitch subscribers, is another person trying to raise awareness. He has recently met with politicians, who are now calling in Turkey’s parliament for “the Financial Crimes Investigation Board (Masak) and other relevant Turkish state institutions to scrutinise the scandal.”

While the police in Turkey have been slow to act–Jahrein has only spoken with cybercrime officers this week–the matter has also been reported to Twitch, who say that they have taken action “against more than 150 partners in Turkey for abuse of our monetisation tools”, and have “also worked with those affected who have reached out to us.”

Comments

    • In this case it could go either way.
      Yes, it’s possible they might have found a worrying pattern in the data and ignored it but the entire thing sounds like it was designed to avoid being flagged automatically so it’s also possible it avoided manual detection.
      The small amounts, constantly changing recipients and no knowledge of the initial and final transactions that prove wrongdoing, make it a fairly sophisticated racket.

      It’s the local authorities and banks who should’ve noticed something first, which I’m sure is no surprise to anyone.

  • New twist to an old scheme.

    Same thing has been done on all sorts of marketplaces, including iTunes (pay someone a few hundred bucks to throw together a shitty electronic album, chuck it up on iTunes, then buy it a heap of times with stolen cards).

    Anywhere were you take payment via CC’s, and make payouts to members will be abused in this way.

    And Twitch should have known something was up, as they would have been getting hit with a bunch of chargebacks.

    • Maybe but as I said above, it sounds like it was setup to avoid detection.
      Unless the money was coming and going from the same places, there’s nothing about it that would’ve stood out to Twitch (unless they had already gone looking specifically)
      A bot account makes a tiny purchase, donates it to various streamers, who take their earnings and then send 80% of a set amount to various bank accounts.
      (It actually sounds like a solid grift)

      It’s the banks and other financial authorities who should’ve noticed something amiss somewhere along the line.

      • True the payment systems have some responsibility but Twitch by converting money to bits and paying out on them… is similar to the financial liability a casino would have (like Crown).

        Twitch has already been called out by streamers for both new account validations, bot accounts, and the issue of donation limits/validation, plus financial protections for fraud. All things that would catch or prevent this activity.

        • Totally, Twitch is responsible I just doubt they’ll cop anything unless they were actively involved.
          They will cooperate with authorities and continue to do what ever bare minimum is expected of them.

      • Like I said, there would have been an increase in chargebacks (i.e. people disputing these transactions) for these specific streamers, and the fact that it was for large numbers of small amounts should have made it stand out even more.

        The banks should have noticed as well, but banks don’t really care about chargebacks, as they don’t wear the loss, the merchant does.

        • Yeah very possible but chargebacks are everyday transactions, frequency isn’t really a concern unless a clear trend emerges, same for frequent small donations.

          If your system isn’t flagging anything then it’s unlikely anyone will see it unless they are looking for it directly.
          It took private analysts looking for any and all dodgy dealings just to find an anomaly and further outside investigation to make an allegation.

          I’m not saying Twitch doesn’t know, they know damn well it happens, I just find it equally possible they just don’t look that hard beyond what their obligated to do.

  • To think they had no idea what was happening is being willfully ignorant. The fact they let it happen is unsurprising. Make money!!

  • If Twitch took 99% and the streamers took 20% of what’s left then the launderers were losing 99.2% of their money through the scheme?

    I’m no expert on money laundering but that seems like a terrible return and a very difficult way to get it!

Show more comments

Log in to comment on this story!