News
Crypto Crime Trends of 2024 from Chainalysis
2023 was a recovery year for cryptocurrencies, as the industry recovered from the scandals, explosions, and price drops of 2022. As cryptocurrencies recover and market activity grows throughout 2023, many they believe that the cryptocurrency winter is ending and that a new growth phase could soon be upon us.
But what has all this meant for crypto crime? Let’s take a look at the high-level trends.
2023 saw a significant drop in the value received from illicit cryptocurrency addresses, totaling $24.2 billion. As always, we must point out that these figures are lower estimates based on the inflows to the illicit addresses we have identified today. A year from now, these totals will almost certainly be higher, as we identify more illicit addresses and incorporate their historical activity into our estimates. For example, when we released our Crypto Crime Report last year, we estimated $20.6 billion worth of illicit transaction volume for 2022. One year later, our updated estimate for 2022 is 39 .6 billion dollars. Much of this growth came from identifying previously unknown and highly active addresses hosted by sanctioned services, as well as our addition of transaction volume associated with services in sanctioned jurisdictions to our illicit totals.
Another key reason the new total is much higher, beyond identifying new illicit addresses: We now count $8.7 billion in claims against FTX in our 2022 data. In last year’s report, we had stated that we would withhold inclusion in our illicit totals of transaction volumes associated with FTX and other companies that failed that year under allegedly fraudulent circumstances until legal proceedings arose. Since then, a jury has convicted the former CEO of FTX of fraud.
Typically, we only include measurable on-chain activity in our estimates for illicit activity. In the case of FTX, it is impossible to use on-chain data alone to measure the extent of fraudulent activity, as there is no way to isolate illegitimate movements of user funds. As such, we believe that $8.7 billion in claims from creditors versus FTX is the best estimate to include. Given the size and impact of the FTX situation, we are treating it as an exception to our usual on-chain methodology. If courts convict in similar ongoing cases, we plan to include their activity in our illicit transaction data in the future.
All other totals exclude revenue from non-cryptocurrency crime, such as conventional drug trafficking where cryptocurrencies are used as a means of payment. Such transactions are virtually indistinguishable from legitimate transactions in on-chain data. Of course, law enforcement with off-chain context can still investigate these flows using Chainalysis solutions. In cases where we are able to confirm such information, we consider the transactions to be illicit in our data, but there are almost certainly many cases where this is not the case, and therefore the numbers would not be reflected in our totals.
In addition to the reduction in the absolute value of illicit activity, our estimate for the share of all crypto transaction volume associated with illicit activity also fell, to 0.34% from 0.42% in 2022. [1]
We are also seeing a shift in the types of assets involved in cryptocurrency-based crime.
Until 2021, Bitcoin reigned supreme as the cryptocurrency of choice for cybercriminals, likely due to its high liquidity. But things have changed in the last two years, with stablecoins now accounting for the majority of illicit transaction volume. This change also comes with it recent growth in stablecoins’ share of all overall crypto assets, including legitimate assets. However, the dominance of stablecoins is not the case for all forms of cryptocurrency-based crime.
Some forms of illicit cryptocurrency activity, such as darknet marketplace sales and ransomware extortion, still occur predominantly in Bitcoin. [2] Others, such as scams and transactions associated with sanctioned entities, have moved to stablecoins. These are also the largest forms of crypto crime in terms of transaction volume, thus driving the larger trend. Sanctioned entities, as well as those operating in sanctioned jurisdictions or involved in terrorist financing, also have a greater incentive to use stablecoins, as they may face greater challenges in accessing the US dollar through traditional means, but still want to benefit from the stability that provides. . However, stablecoin issuers can freeze funds when they become aware of their illicit use, like Tether done recently with addresses linked to terrorism and the war in Israel and Ukraine.
Below, we will look at three key trends that have defined crypto crime in 2023 and that will be important to watch moving forward.
Scams and stolen funds decrease significantly
Revenue from scams and hacking declined significantly in 2023, with total illicit revenue down 29.2% and 54.3%, respectively.
As we will discuss later in our scams section, many cryptocurrency scammers have now adopted romance scam tactics, targeting individuals and building relationships with them to pitch them to fraudulent investment opportunities, rather than advertising them far and wide, which it often makes them harder to discover. Even if the FBI did published data showing While reports of cryptocurrency investment scams in the US have increased year-over-year through 2022, our on-chain metrics suggest that scam revenues globally have been on a downward trend since 2021. We believe this is in line with the long-standing trend that scams are most successful when markets are rising, exuberance is high and people feel like they are missing out on an opportunity to get rich quick. Of course, the impact of romance scams on individual victims is devastating and should not be underestimated. And while the increase in reports – at least in the United States – is a good sign, we still believe that insights into romance scams in particular suffer from underreporting. We hypothesize that the true damage from scams is greater than what FBI reports and our on-chain metrics show, but overall, scams are declining, given broader market dynamics.
Crypto hacking, on the other hand, is much harder for criminals to hide, as industry observers can quickly spot unusual outflows from a given service or protocol when a hack occurs. As we will discuss later, the decline in stolen funds is driven largely by a sharp decline in DeFi hacking. This abandonment could represent the reversal of a disturbing situation, long-term trendand it could mean that DeFi protocols are improving their security practices. That said, stolen funds metrics are heavily driven by outliers, and a major hack could change the trend again.
Ransomware and darknet market activity is on the rise
Ransomware and darknet markets, on the other hand, are two of the most prominent forms of cryptocrime that saw revenue increase in 2023, bucking overall trends. Ransomware revenue growth is disappointing following the sharp decline seen in our country covered last yearand suggests that perhaps ransomware attackers have adapted to improvements in organizations’ cybersecurity, a trend we first reported Before this year.
Likewise, this year’s growth in darknet market revenues also comes after a 2022 decline in revenue. This decline was caused largely by the shutdown of Hydra, which was once by far the most dominant market in the world, capturing over 90% of all darknet market revenue at its peak. While no single market has yet emerged to take its place, the sector as a whole is on the rebound, with total revenue returning towards 2021 highs.
Transactions with sanctioned entities underlie the vast majority of illicit activities
Perhaps the most obvious trend that emerges when looking at the volume of illicit transactions is the importance of sanctions-related transactions. The sanctioned entities and jurisdictions together accounted for a combined $14.9 billion in transaction volume in 2023, representing 61.5% of all illicit transaction volume we measured during the year. The majority of this total is driven by cryptocurrency services that have been sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), or that are located in sanctioned jurisdictions and that can continue to operate because they are located in jurisdictions where US sanctions are in effect. not applied.
While such services can and have been used for nefarious purposes, this also means that some of that $14.9 billion in sanctions-related transaction volume includes activity from average cryptocurrency users residing in those jurisdictions. For example, the Russian stock exchange Garantex, which was sanctioned by OFAC AND OFSI in the UK. for facilitating money laundering on behalf of ransomware attackers and other cyber criminals, was a major driver of transaction volume associated with sanctioned entities in 2023. Garantex continues to operate because Russia does not enforce US sanctions. So does this mean that all of Garantex’s transaction volume is associated with ransomware and money laundering? No. However, Garantex exposure introduces serious sanctions risks for crypto platforms under US or UK jurisdiction, meaning that such platforms must remain increasingly vigilant and monitor Garantex exposure to be compliant .
More insights into crypto crime to come
Stay up to date on more research into cryptocurrency crime as we continue to provide insights into ransomware, hacking, crypto money laundering and more. You can too Click here to receive the entire 2024 Crypto Crime Report directly to your inbox as soon as it is published.
Final notes:
[1] Transaction volume is a measure of all economic activity, an indicator of how funds change hands. We eliminate peeling chains, internal service transactions, switching, and any other type of transaction that would not count as an economic transaction between distinct economic actors.
[2] These estimates do not include privacy coins like Monero.
This material is for informational purposes only and is not intended to provide legal, tax, financial, investment, regulatory or other advice, nor should it be relied upon as professional advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis does not guarantee the accuracy, completeness, timeliness, suitability or validity of the information contained herein. Chainalysis has no liability for any decision made or any other act or omission in connection with Recipient’s use of this material.