Crypto is not a crime | Takeaways from the 2024 Crypto Crime Report

The 2024 Crypto Crime Report from Chainalysis just dropped.

The report is interesting for several reasons, which we will unpack in a second.

It’s also useful because it comes at a time when there’s a lot of criticism around crypto and its use in criminal activities such as money laundering and financing terrorism.

When having those kinds of conversations, it’s always good to have data and have some facts. One of the distinctive advantages of open money in this regard is that onchain transactions leave records.

We can look at those records analyze patterns and make associations. There are obvious implications with this in terms of privacy, but for understanding criminal networks, it’s a great tool.

A few high-level takeaways from this year’s report:

• $24.2 billion was received by illicit addresses. This represents 0.34% of the onchain transaction volume for the year.
• Illicit addresses are either addresses of people or entities involved in known crimes or addresses that meet the sanctioning criteria by the Office of Foreign Asset Control (OFAC). Of that $24.2 billion, $8.7 billion was attributed to FTX, the exchange that filed for bankruptcy in late 2022. FTX founder and CEO was found guilty of fraud in late 2023. This is an interesting inclusion because that $8.7 billion was largely retail investor money held on the exchange. Additionally, some of the $24.2 billion number was likely normal exchange activity, but it is attributed to an entity operating in an OFAC-sanctioned area, such as retail crypto exchanges in Russia.
• The use of stablecoins in illicit activity is on the rise.
• Crypto scams and hacks were down in 2023, but ransomware attacks are becoming a bigger deal.

For more context and to get a sense of how things are changing, check out the backgrounder on the 2023 Crypto Crime Report

What does crypto crime look like in 2023?

Scams, fraud, and hacks: Some key takeaways from 2023 Chainalysis Crime Report.

Daniel McGlynnDaniel McGlynn

One of the biggest takeaways from the 2024 Crypto Crime Report is that the use of cryptocurrency makes it possible to detect (and enforce or at least monitor and track through sanctions) how money is moving around the internet and the world.

Sure, some criminal activity is getting funneled through mixers (which are designed to obscure address details) or privacy coins, but a lot of onchain activity is out in the open if you know where to look.

So, where I’m headed with all of this is that there is a lot to learn here. We can learn how, when, and where people are using onchain platforms for transactions and activities that might be criminal (it’s still hard to be super precise).

It also enables financial crime fighters to see if regulations or interventions are successful. Lastly, onchain financial analytics can also show trends in crime, which we’ll dive into in a minute, which help inform consumers and consumer protection.

Throughout all of this, it’s still important to remember two main points. One is that transactions to known illicit addresses and entities make up a small fraction of total onchain activity (less than one percent). And two, that cash is still the preferred method of transacting to obscure transactions and cover tracks.

The full 2024 Crypto Crime Report from Chainalysis is massive if full of really interesting data and worth a read. What follows below are a couple of high-level takeaways.

Ransomware attacks on the rise

One of the big trends from the report is that crypto-related ransomware attacks flipped hacks and scams for the first time in 2023, and exceeded $1 billion.

It’s not necessarily that ransomware is a new kind of attack vector. Ransomware has been around since the beginning. As recently as 2022, the FBI made major strides against ransomware attacks by making a dent in the “hive ransomware strain,” which ran from Jun 2021 to January 2023 and mainly targeted public institutions.

The biggest issue with ransomware is that the kinds and styles of ransomware attacks are constantly changing, bringing with it new detection and enforcement challenges.

Also interesting is that ransomware-as-a-service exists. In this kind of marketplace, people can become experts in ransomware planning and tactics and then offer their services to people who fund the attack. This makes it possible to constantly optimize and tailor attacks to specific industries and verticals, making them more effective than if a criminal enterprise started from the ground up each time.

Money laundering

Money laundering in crypto gets a lot of attention from mainstream media and talking heads. Maybe it is the name, or maybe it's a lack of understanding of how crypto works, but for crypto critics, money laundering comes up frequently.

For sure, people use crypto for money laundering. Interestingly, the rate of money laundering activity at centralized exchanges (which provide the most straightforward way to exchange crypto for cash and cash for crypto) has been stable over the last five years.

In other words, while money laundering does happen — the activity is shrinking, likely because detection and tracking capabilities continue to get better.

Illicit addresses sent $22.2 billion to exchanges and crypto services in 2023. This figure is down 29.5% from 2022 when $31.5 billion was sent from illicit addresses to crypto exchanges and wallets.

This could be a factor of the bear market of 2023, but overall crypto transaction volume was down 14.9% compared to the 29.5% reduction in illicit send activity.

A couple of other interesting nuggets regarding crypto and money laundering;

• 71.7% of illicit funds were sent to the same five off-ramp services.
• The use of asset bridges (where you can swap one asset for another) is on the rise. The volume of illicit funds sent to bridges doubled from $312.2 million in 2022 to $743.8 million in 2023. But using decentralized finance products and services to commit crimes or hide money is a little bit like committing crimes in broad daylight.

Heists and market manipulation

Another big critique of crypto markets is that they can be manipulated by big bag holders (whales) or by coordinated movements. One tactic that’s happened over and over during big bull market cycles is known as a “pump and dump.”

One of crypto’s greatest attributes is that as a system it's permissionless, which means anyone can build a blockchain (even if it's an exact copy of an existing project).

There are certainly tradeoffs for building permissionless systems and one of them is spam. One instance of spam at the network level is the creation of bogus projects that are then shilled to hungry audiences looking to ride the next market wave.

These vaporware coins are known as “pumps and dumps.” They’ve been around since the early days and they will continue to exist, again because of the permissionless nature of the market.

In 2023, 54% of ERC-20 tokens (ERC-20 is an Ethereum token standard designed to make it easy to launch new tokens) had the characteristics of a classic pump-and-dump scheme. Over time, it will be interesting to see if crypto investors become more sophisticated and the market will no longer tolerate obvious pump-and-dump schemes.

Crypto funding terrorism

“Contrary to common belief, cryptocurrency is not a widely used or effective tool for terrorism funding due to its transparency, traceability, and immutability,” according to the Chainalysis 2024 Crypto Crime Report.

One of the reasons that crypto is considered the tool of choice for terror organizations is because that’s the situation that is portrayed in the mainstream media. Just a few months ago, the Wall Street Journal ran a series of articles related to crypto funding terrorism. The issue is that in some cases, the Journal’s reporters made it sound like the terror organizations only exist because of the availability of crypto funding, which is not accurate.

The point in all of this isn’t more finger-pointing. I think we can all universally agree that any funding getting to terrorists is bad. It doesn’t matter if it’s dollars, doge, or rewards points, the goal is zero funding.

The challenge as it relates to crypto and terrorist funding is that often the channels used to support terror organizations and humanitarian causes are crossed, or at least glitched in a way that makes it hard to cut off funding to terror groups without completely ending funding to aid groups.

Another factor is that terror organizations often use informal networks or crowdfunding platforms to fundraise for specific leaders or causes. These tactics have obvious benefits for people trying to hide funding sources, but they also make getting clean and actionable data difficult.

Sanctions

Following the trend reported last year, sanctions designed to specifically target onchain addresses are on the rise.

In 2023 OFAC sanctioned 18 more crypto-related addresses or entities, making it harder for the sanctioned people or groups to interact with the on and off-ramps of the traditional financial sector.

In the past, crypto-related OFAC sanctions generally targeted services like mixers or exchanges that gave easy access to criminals. This year more of the sanctions targeted specific individuals or groups, potentially signaling a shift in strategy.

Also of note: Activity to and from sanctioned groups, people, and services keeps growing every year. This makes sense in context — OFAC only started crypto-related sanctions six years ago, and each year the sanctions extend their reach.