TH17106
Detected presence of files containing URLs related to Bitcoin laundering services.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | high | high | None | None |
About the issueโ
Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. Bitcoin (BTC) is a digital currency that uses peer-to-peer technology to facilitate instant payments on the web. The goal of money laundering is to obscure the criminal origins of funds so that they can be accessed and spent. In the context of cryptocurrency-based crime, that generally means moving funds to services where they can be converted into cash, while often taking extra steps to conceal where the funds came from. While presence of Bitcoin laundering service references does not imply malicious intent, all of its uses in a software package should be documented and approved. Security solutions are the only application type that should consider having references to Bitcoin laundering services.
How to resolve the issueโ
- Investigate reported detections.
- If the software should not include these network references, investigate your build and release environment for software supply chain compromise.
- You should delay the software release until the investigation is completed, or until the issue is risk accepted.
- Consider removing all references to flagged network locations.
Recommended readingโ
- Bitcoin.org (External resource)
- Money laundering through cryptocurrencies (External resource - United Nations)