Cyber Crime
An In-Depth Look at Crypto-Crime in 2023 Part 2
In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise.
In the second part of our series, we delve deeper into the specific types of crypto-crimes prevalent in 2023 and their impact on the industry and its users. Based on Chainanlysis’s 2024 Crypto Crime Report, we explore various trends in crypto-crime.
Ransomware
In 2023, ransomware attacks intensified, targeting high-profile institutions and critical infrastructure such as hospitals, schools, and government agencies. Notable attacks exploited the MOVEit file transfer software, impacting organizations like the BBC and British Airways. These efforts led ransomware gangs to surpass $1 billion in extorted cryptocurrency payments, marking a significant milestone.
This surge in ransomware payments, the highest ever observed, reflects an escalating trend from 2019 to 2023 despite a decline in 2022. The figure excludes the economic impact of productivity loss and repair costs, illustrated by MGM Resorts' incident with ALPHV-BlackCat and Scattered Spider, which resulted in over $100 million in damages despite no ransom payment.
The ransomware landscape continues to grow, making comprehensive monitoring challenging. Reported figures are conservative and expected to increase as more ransomware addresses are identified, evidenced by the upward revision of 2022 ransom payments from $457 million to a 24.1% higher total.
Money laundering
In 2023, money laundering in cryptocurrency significantly decreased, with illicit addresses sending $22.2 billion to various services, down from $31.5 billion in 2022. This 29.5% drop in money laundering activity is steeper than the 14.9% decline in overall crypto transaction volume.
Money laundering in the crypto context involves two main groups of services: intermediary services and wallets (including mixers, DeFi protocols, and personal wallets) to hold or obscure funds, and fiat off-ramping services (like centralized exchanges, P2P exchanges, gambling services, and crypto ATMs) to convert crypto into fiat currency.
Centralized exchanges remained the primary destination for illicit funds, maintaining a stable rate over the past five years. Although the role of illegal services has decreased, the share of illicit funds moving to DeFi protocols has increased, likely due to DeFi's overall growth despite its transparency, which makes it less ideal for hiding fund movements.
In 2023, there was a slight decrease in illicit service types and increased funds moving to gambling services and bridge protocols, reflecting a shift in money laundering methods.
Stolen funds
Cryptocurrency hacking has been a significant threat, leading to billions of dollars in theft from crypto platforms. In 2022, $3.7 billion was stolen, making it the biggest year for crypto theft. However, in 2023, stolen funds decreased by 54.3% to $1.7 billion despite an increase in individual hacking incidents from 219 to 231.
The primary reason for the drop in stolen funds is a significant decrease in DeFi hacking. In 2022, $3.1 billion was stolen from DeFi protocols, but this amount fell to $1.1 billion in 2023, a 63.7% decrease. Although DeFi hacks still occurred, such as Euler Finance's $197 million loss in March and Curve Finance's $73.5 million loss in July, the overall value stolen from DeFi platforms declined.
Despite the reduction in total stolen funds, attackers are becoming more sophisticated and diverse in their methods. However, crypto platforms are also improving their security and response strategies. Prompt action by platforms and law enforcement can help recover stolen funds and gather information on the attackers. As these processes continue to improve, the amount of funds stolen from crypto hacks will likely decline.
CSAM
CSAM (child sexual abuse material) transactions using cryptocurrency are increasingly prominent despite being an understudied aspect of crypto crime. Law enforcement has shut down platforms like Welcome to Video, which highlights the issue. While not all CSAM activities involve cryptocurrency, its use is growing among buyers and sellers.
The Internet Watch Foundation notes that virtual currency is widely preferred in these transactions, prompting collaboration with law enforcement and finance sectors to support investigations. This analysis aims to provide an initial, objective assessment of the CSAM-cryptocurrency ecosystem.
Terrorist financing
Cryptocurrency use by terrorist organizations is a concern due to its potential for funding illicit activities. Despite its transparency, blockchain technology's traceability makes it less favorable for terrorism financing. Estimating exact volumes of such activities remains challenging across both fiat and crypto transactions. Balancing anti-terrorism efforts with humanitarian aid is complex, as some regions in conflict pose dual risks. Proper validation and a multifaceted approach are crucial to avoid misinterpretations and ethical dilemmas in combating terrorism financing.
Scams
In 2023, cryptocurrency scams remained a significant component of crypto crime, generating at least $4.6 billion in revenue. This represents a decline from 2022, but the figure is a lower-bound estimate based on currently identified scam addresses. Chainalysis expects to identify more scam addresses in the future, which will increase the reported figures. For instance, the 2022 scamming revenue estimate has been revised from $5.9 billion to $6.5 billion.
Scammers are becoming more sophisticated, using tactics like romance scams (or "pig butchering" scams), where they communicate directly with victims through private channels such as text messages. This makes it harder to identify scam-related addresses unless victims report their losses, leading to potential undercounting of scam activity, especially as these types of scams have become more common recently. Identifying these scams is more challenging compared to larger, more publicized Ponzi schemes of the past.
Darknet markets
In 2023, the darknet market ecosystem showed signs of recovery but has not yet reached the revenue levels it experienced before the closure of Hydra Marketplace in 2022. Despite Hydra's dominance and financial success, no other market has taken its place as a comprehensive source for illicit products and services. The sanctioning and closure of Genesis Market last year were notable events, but there were no other significant sanctions or major market takedowns in 2023. The trends in the darknet market will continue to be monitored in 2024, with an interest in new tactics that markets and fraud shops might use to attract more customers.
Key takeaways
- Chainalsyis' findings highlight the ongoing threat of scams in the cryptocurrency space. Here are some key takeaways from the report:
- The estimated revenue from crypto scams is expected to increase in 2024 as scammers become more sophisticated and use new tactics to target victims.
- Romance scams have become a growing concern as scammers use private channels like text messages to communicate with their victims.
- Darknet markets are showing signs of recovery but have not yet reached pre-Hydra revenue levels. However, no other market has emerged as a comprehensive source for illicit products and services.
- Individuals need to be vigilant when engaging in cryptocurrency transactions and always verify the legitimacy of any investment before making a purchase.
- Governments and agencies are increasing their efforts to combat cryptocurrency scams, but it is ultimately up to individuals to protect themselves from falling victim.
Conclusion
The rise of cryptocurrency has brought many opportunities for financial gain, but it has also attracted scammers looking to take advantage of vulnerable individuals. As the industry continues to grow and evolve, it is crucial for individuals to educate themselves on potential risks and stay vigilant to protect their investments.
This article is based on Chainalysis's report, `The 2024 Crypto Crime Report`, and has extracted the key points by Trend Micro from a cybercrime perspective. For more details, please refer to the full report.