The Islamic State of Iraq and Syria (ISIS) has been called the world’s richest terror group. While the group generates the majority of its funds through oil fields seized in northern Iraq and Syria, it still relies on a number of other ways to secure financing. Donations from wealthy sympathizers greatly helped ISIS when it was first established. However, now that global governments are aware of ISIS and actively look to track and block all funding efforts through banking channels, donations have become harder to receive. These difficulties have not stopped ISIS from seeking ways to bypass sanctions and money-laundering filters, however. The group has begun to use cryptocurrencies such as Bitcoins as it looks for anonymous and untraceable ways to transfer money.


Virtual currency is an electronic cryptocurrency used to purchase both virtual and actual goods and services. It is not contractually backed by assets or legal currency laws, it is not controlled by a central authority and it is not a tangible good. Bitcoins can be sent to anyone who has an Internet connection.

The first step in dealing in this type of currency is to set up a virtual wallet where Bitcoins and their transaction history are stored. According to CoinDesk, the wallet houses a file of secure digital keys used to access your public Bitcoin address and sign transactions. They are traded by sharing a wallet’s anonymous private identification number with the merchant or peer.

Wallets are a way to store the digital documentation of the Bitcoin value and grant access to users to spend them. There are many kinds of virtual wallets, with the most popular forms being desktop wallets, Web-based wallets and mobile wallets.

  • Desktop Bitcoin Wallets: Desktop wallets offer the most security and anonymity. This type of wallet is a software program that is downloaded onto a user’s computer. Desktop wallets process user transactions, allow users to create new addresses and store the user’s private key.
  • Web-Based Bitcoin Wallets: Web-based wallets store a user’s private key online via a main computer or server that is connected to the Web. Web-based wallets allow for more flexibility as they connect to a user’s desktop wallet and mobile device wallet. However, Web-based wallets have greater risks than desktop wallets. According to Bitcoin Reporter, these wallets hold user keys, leaving users vulnerable to any difficulties the service experiences, such as hackings, regulatory problems and technical issues.
  • Mobile-Based Bitcoin Wallets: Mobile wallets work via smartphones. Users must download an app to access their virtual currencies. These apps are simple vehicles into your wallet that you can use on your smartphone. They only use a subset of the block chain and rely on other networks to ensure all the correct information is there for the transaction to take place.

The ISIS-Bitcoin Nexus

Like most forms of technology, fraudsters, criminals and terror groups will find ways to exploit them for nefarious uses — Bitcoin is no different. Due to its anonymity and untraceabilitiy, it is used for criminal activities such as laundering money, buying and selling illegal goods and services and transferring money to support criminal or terror activities. Al-Khilafah Aridat: The Caliphate Has Returned, a pro-ISIS blog, discusses how Bitcoins can be used to fund the caliphate. The post states that they are untraceable by Western governments and, therefore, they will not be stopped by regulatory screening processes. The blog then discusses the decentralized nature of virtual currencies, specifically stating that they are able to access markets that cross all borders and nation-state regulations to send money instantly and in a way that is untraceable by “Kafir” governments.

In an additional step to keep the senders’ and receivers’ identities secret, the blog post discusses the use of dark wallets. Dark wallets offer Bitcoin users more protection in relation to privacy and identity. It is also widely known that dark wallets may enable serious crimes such as murder, child pornography, drug and weapon sales and terror group financing.

According to the blog, Bitcoins are an entirely anonymous donation system that could send millions of dollars instantly from the United States, United Kingdom, South Africa, Ghana, Malaysia and Sri Lanka.

On Oct. 13, Reddit’s Bitcoin forum discussed how the ISIS blog site was accepting Bitcoin as a form of payment on the Swedish/Latvian conversion site The blog claims the payments are strictly for maintenance and hosting the website. Reports indicate that closed the account, claiming it has a strict terms and conditions policy that prohibits using its service for illegal activities. lists its terms of service on its site and bans the following:

  • Anything forbidden by Swedish law;
  • Spamvertising websites;
  • Malicious software such as mail and network bombers, spam, virus operation software and control centers;
  • Scam and phishing websites such as fake eBay, PayPal and bank login forms;
  • Network abuse (i.e., network scanning).

Analyst Comments

It is not surprising that ISIS would begin to adapt to using cryptocurrencies as a way to receive funds; the group has proven to be quite skillful with technology and social media. ISIS has been known to spread propaganda, recruit individuals and seek funds through tools such as Twitter, Facebook, YouTube and

There are some challenges with how ISIS would turn Bitcoins into physical currency in the states in which it operates. Many ISIS-controlled territories do not have the technology to extract high amounts of Bitcoins for cash. However, nearby Turkey, Israel and Dubai all have a small but flourishing Bitcoin community, with a few Bitcoin ATMs available. Bitcoin ATMs work just like bank ATMS and are electric communication devices that allow Bitcoins to be exchanged for cash without the need for a cashier. It is important to note that some models only allow for the purchasing of Bitcoins. When a Bitcoin ATM is not available, users can sell them online; however, this type of sale often requires users to verify their identity.

More from Banking & Finance

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today