Crypto crime: The 2023 Chainalysis report
Criminals use cryptocurrencies to conduct all kinds of fraud, scams, and other shady stuff.
That crypto is used to commit crime, or used as part of a criminal enterprise is not surprising. After all, criminals need to be innovative to avoid getting caught. And, criminals use a wide range of financial instruments to commit crimes — the $100 bill being among the most popular.
From a 2019 paper from the International Monetary Fund called The Boom in Benjamins: What makes the US $100 so popular? “Harvard University economics professor and former IMF Chief Economist Kenneth Rogoff says illicit activity and big banknotes are closely linked. ‘Worldwide, high-value currency notes are mainly used to avoid taxes and regulation, and for illegal activity,’ he says. ‘Apartments and houses in major cities all over the world are paid for with suitcases of cash every day, and it is not because the buyers are afraid of bank failures.’”
Nevertheless, crypto is becoming a more and more common tool of criminals. Why? Probably for the same reasons that crypto is becoming more popular in mainstream markets — there is less friction, money can be sent anywhere in the world in seconds (or minutes depending on block times), and large stashes of crypto are easily portable (opposed to lugging around suitcases of big bills).
But the downside, for criminals at least, for using open digital systems, like blockchain-based cryptocurrencies, is that transactions leave digital fingerprints or clues for investigators to follow.
In some cases, crypto forensics investigations have led to recovering funds (especially in instances of scams of fraud), in other cases following the crypto criminal trail has led to increased international sanctions.
In still other cases, understanding the movement of illicit crypto through the dark web or mixers (which are designed to create a layer of privacy in an open and transparent digital world, but can also be used by fraudsters and criminals to move money) helps paint a picture of the rapidly growing digital underworld.
According to the latest crypto crime report published by New York City-based blockchain analytics firm, Chainalysis, $20.6 billion worth of crypto was used in illicit activity in 2022.
The findings of the report are interesting and provide a good look at the current crypto crime situation. A few things to consider before jumping into the trends revealed by the report:
- The $20.6 billion figure is only for on-chain illicit activity that can be clearly documented. The report notes that there is probably other criminal-related activity that hasn’t been documented yet. And there was a whole bunch of crypto-related fraud that isn’t necessarily captured by on-chain activity alone. Definitely 2022 will go down as the year of crypto fraud with major, high-profile exchanges such as FTX and Celisus as well as the protocol Terra Luna and the crypto hedge fund 3AC all collapsing due to various forms of malfeasance and deception.
- The visibility, understanding, and forensics of on-chain crime and activity is increasing rapidly year-of-year. But so is the number of illicit uses for crypto.
- There is a correlation between market activity, such as the big bull run in 2021 and increase in sketchy stuff happening like scams and fraud.
- While there was billions of dollars worth of illicit on-chain activity, crime as a share of overall crypto activity is trending down.
- The ability to apply sanctions, particularly by the Office of Foreign Assets (OFAC) is increasing. In 2018, for example, OFAC sanctioned its first bitcoin addresses. By 2022 the number and kinds of crypto addresses has increased dramatically and includes entire entities affiliated with hundreds of addresses.
- The bear market is hitting criminals as much as it is everyone else. In 2021, known criminal on-chain balances amounted to $12 billion. In 2022, known criminal on-chain balances dropped to $2.9 billion.
Crypto sanctions on the rise
One of the most interesting sections of the report, especially given the backdrop of Russia’s invasion of Ukraine and geopolitical tensions elsewhere, is the increase of crypto-related sanctions.
Sanctions are a means of legally blocking access to US-based financial infrastructure like banks and payment apps, mainly with a goal of preventing money laundering, terrorism financing, human trafficking and other kinds of criminal activity where moving large sums of money is critical. The use of sanctions is a well-established tool, the ability to sanction crypto-related activity is new.
As digital forensics and on-chain analytics get better and more precise, authorities like OFAC are able to pinpoint people and organizations that are transacting in crypto in an attempt to get around the traditional sanctions reporting and enforcement.
Since 2021 OFAC has continually increased the number of targeted crypto addresses and increased the scope of crypto-related sanctions.
Between 2018 and 2021, OFAC went after crypto addresses controlled by individuals. In 2021, addresses controlled by entities and crypto services that were also connected to sanctions-worthy activity were also added to the Specially Designated Nationals and Blocked Person (SDN) list.
Now a person, group, or company can end up on the SDN list if:
- They are affiliated with hacks that involve crypto, especially if the group or incident includes government ties.
- They are any part of a ransomware attack (crypto ransomware attacks are down by revenue over the last year, but increasing in terms of unique ransomware strings).
- They have links to drug trafficking.
- They have verifiable dark market ties that show money laundering activity. What’s interesting about crypto-relate money laundering is that it is increasing (up 68 percent from 2021 to $23.8 billion), and that a lot of laundered money gets sent to addresses affiliated with centralized crypto exchanges — mainly because centralized exchanges are the crypto\fiat on-ramps and off-ramps.
- And the most recent kind of crypto-related sanctions for an entity targets a group identified as a Russian paramilitary group operating in Ukraine.
What makes the crypto/sanctions conversation so interesting is that for a long time, crypto was viewed as a means to evade detection and capture in traditional financial channels. But, on-chain activity is open and transparent, and as authorities get better at monitoring on-chain movements for illegal and dangerous activity, crypto might start to lose its reputation as a money-moving tool for illicit activities.
Crypto for ransom and the evolving crypto scam market
During the bull-run of 2021, crypto scam activity ballooned as more people, more interest, and more money flowed into the crypto markets. In 2022, as the crypto markets started to cool and then drop, so did the revenue generated by fraudsters in crypto specifically.
Crypto-related ransomware attacks decreased revenue-wise from $765 million in 2021 to $456 million in 2022. Ransomware generally refers to any kind of attack where accounts or access to entire devices is compromised and the attacker will not restore access until they are paid. Crypto is a popular form of payment.
While the pullback in year-over-year revenue numbers might show a decline in overall crypto-related ransomware value, the kinds and variety of ransomware attacks — or ransomware streams — is on the rise. In 2022, there were more than 10,000 unique ransomware streams identified.
Like the movement of crypto to and from sanctioned addresses, a lot of the proceeds earned from ransomware attacks — or 48.3 percent — can eventually be traced to centralized exchanges where the crypto can be converted to fiat currency.
Following a similar dropping trend, crypto-related scam activity dropped 46 percent from $10.9 billion in 2021 to $5.9 billion in 2022. In fact, even with the drop in revenue, straight-up scams represent a big part of crypto crime.
Some of the biggest scams identified include:
- Giveaway scams
- Impersonation scams
- Investment scams
- NFT scams
- Romance scams
Besides the somewhat traditional scams, a newer more elaborate and sophisticated scam gained attention in 2022. Called a pig butchering scam, the general idea is that a scammer reaches out to a potential victim on social media platforms and starts to develop a friendship over a longer period of time.
During the trust-building phase, the scammer will portray themselves as successful and demonstrate an enviable lifestyle. Overtime, the scammer will start talking about investing and eventually lead the victim to some kind of investment opportunity that is really just a straight-up scam.
While investigators and law enforcement are getting better at dealing with crypto-related attacks and scams, crypto still represents a massive attack surface providing criminals and scammers with plenty of opportunity to find new ways of making money.
DeFi hacks and attacks
Big, high-profile, high-dollar hacks are becoming more and more common. Crypto hacks as a broad category added up to $3.8 billion in 2022. Hacks of DeFi protocols accounted for 82 percent of the overall hack number.
SOURCE The Chainalysis 2023 Crypto Crime Report
Even more specifically, hacks of cross-chain bridges (bridges enable on-chain conversions of assets from one protocol to another via smart contracts) resulted in 64 percent of all hacks. The reason? The smart contracts that underpin cross-chain bridges can have holes or vulnerabilities that make them easy targets to exploit.
What’s so interesting about all of the hacks on DeFi is that it shows both the advantages and disadvantages of open and transparent financial systems. A few key takeaways related to the transparency of DeFi:
- The visibility of DeFi makes it easy for hackers to study smart contracts and on-chain behavior and then find weaknesses. The visibility also makes it possible for security experts and auditors to study behavior and analyze trends.
- Both security and transparency are possible, but likely security in a transparent financial world will require new practices.
- So far, DeFi protocols and applications have generally been prioritizing growth and adoption over security. That could change — and more secure experiences might help with long term growth and adoption.
- There are indicators — even within DeFi’s open systems — that could be used as warning signs or at least help make systems more secure (such as as meme pool activity flashing before on-chain transactions are settled).
- Regulators could focus on minimum security standards that would help protect consumers and also help protect bigger picture interests like national security.
- Law enforcement/authorities are getting better at tracking on-chain and DeFi-related crime.
Chainalysis 2023 Crypto Crime Report takeaways
There are a lot of takeaways from the 2023 Crypto Crime Report by Chainalysis, and it’s definitely worth a read.
While the volume of illicit on-chain activity seems to be on an up-trend, it kind of makes sense given the overall adoption and utility of cryptocurrency. And despite the screaming headlines and the focus on the dark side of crypto, illicit activity still only represents a small (albeit big dollar number) of overall crypto transactions.
One of the most interesting things about crypto and crime will be to keep an eye on the push and pull between openness, transparency, and on-chain activity against the growth in digital crime, and overall awareness of cybersecurity issues.