Lae alla meie zondacrypto
rakendus ja alusta investeerimist kohe!!
In this lesson, we explore recent statistics and discover insights about criminal activities related to cryptocurrencies based on data from the 2022 ’Crypto Crime Report’ by Chainalysis.
The lesson is based on information from the 2022 ’Crypto Crime Report’ published by the blockchain data platform Chainalysis. The report's authors base their estimates on blockchain data and since bankruptcy and criminal proceedings related to the collapses of some companies are still ongoing, their transactions are not included in this year's 'Crypto Crime Report’. As a result, it focuses on illegal activities that can be tracked on-chain.
Last year, cryptocurrencies experienced disturbing market turbulences. The collapses of prominent companies, including FTX, Celsius and Three Arrows Capital, among others, created uncertainty among investors and attracted the attention of regulators.
Despite the overall market slowdown, the volume of illegal transactions increased for the second consecutive year in 2022, reaching a record high of $20.6 billion. However, the report's authors point out that this is only the lower bound estimate, as the volume of illegal transactions is likely to increase with the discovery of new addresses linked to criminal activities.
It is worth highlighting that illegal activity in cryptocurrencies still represents a small share of the total volume of cryptocurrency transactions, amounting to less than 1%. It should also be noted that despite this year's jump, the share of crime in total cryptocurrency activity shows a downward trend.
43% of the volume of illegal transactions in 2022 came from activities related to sanctioned entities.
Several cryptocurrency-related services were designated as sanctioned entities by OFAC (Office of Foreign Assets Control) in 2022. Three of them in particular are noteworthy because they highlight the unique challenges to sanctions enforcement against different types of cryptocurrency-related entities.
These include:
Breakdown of the source of funds coming to each sanctioned entity in the 60 days preceding the imposition of sanctions on them:
It showed by far the highest criminal activity of all three services, with 68.2% of all incoming funds coming from illegal addresses and 12.6% from risky ones.
6.1% of the inflows came from illegal sources and 16.1% from addresses considered risky. While 6.1% may seem like a small share of total inflows, it represents a high figure compared to other centralized exchanges, which received an average of only 0.3% of funds from illegal sources during the same period.
34% of all funds sent to Tornado Cash came from illegal sources.
In the 60 days prior to the sanctions, Garantex and Hydra received funds from a wide variety of illicit entities, including fraud companies or individuals associated with ransomware.
During this period, Hydra received about $176,000 in cryptocurrencies from ransomware-related addresses, accounting for 2.2% of all funds sent by such addresses. Garantex, on the other hand, received $931,000 from ransomware-related addresses, representing 11.6% of all funds sent by such addresses. These figures show that these services - especially Garantex - were crucial to enabling ransomware attacks.
Tornado Cash was involved in illegal activities, focusing mainly on two types of cybercrime: hacking and scams. 99.7% of all illegal funds Tornado Cash received in the 60 days prior to being sanctioned were stolen funds. The Harmony Bridge hack that took place in June 2022 (about 45 days before Tornado Cash was sanctioned) brought about 65.7% of the total inflow of stolen funds to the mixer during this period.
Key findings: The impact of crypto sanctions depends on the jurisdiction and technical constraints.
Revenue from ransomware declines because more victims refuse to pay.
Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. The report's creators stress that the real totals are higher because there are cryptocurrency addresses controlled by ransomware attackers that have not yet been identified on the blockchain.
Although the data shows a clear decline in ransomware payments, this doesn't mean that these attacks decreased to the same extent. According to experts, the decline may be due to the fact that more and more organizations are refusing to pay ransoms to cybercriminals who use ransomware attacks.
What exactly is behind this change?
According to data, most ransomware attackers transfer the money they receive to major and centralized exchanges.
Evaluation of the ransomware ecosystem
While the multiplicity of existing strains of ransomware might indicate that competition in the market is high, the reality is otherwise - the number of ransomware attackers is probably quite small.
Most strains of ransomware operate on a Ransomware-as-a-service model, where the authors allow their software to be used by other cybercriminals, called affiliates, in exchange for a percentage of the profits. Many of the attacks are carried out by the same affiliate group, using different strains of ransomware.
In the Chainalysis Reactor chart below, the authors of the ’Crypto Crime Report’ showed an affiliate whose wallet received deposits from the Dharma, Conti and BlackCat ransomware strains at different times, indicating that the affiliate conducted attacks for all three strains.
Analyzing the ransomware data, it is possible to conclude that the ransomware ecosystem shouldn't be viewed as a collection of separate strains, but rather as a small group of hackers who frequently change their 'brand' (this phenomenon makes the ransomware sector appear larger than it really is).
Ilegal addresses sent nearly $23.8 billion worth of cryptocurrencies in 2022, up 68% from 2021.
The purpose of cryptocurrency money laundering is to hide the origin of the funds so that it becomes difficult to link them to a crime. Ultimately, money laundering involves converting cryptocurrency into fiat currency and in most cases, it's done using cryptocurrency exchanges.
Cryptocurrency money laundering typically involves two types of entities and on-chain services:
Illegal addresses sent nearly $23.8 billion worth of cryptocurrency in 2022, up 68% from 2021. In most cases, major centralized exchanges were the recipients of the transfers, receiving slightly less than half of all funds sent from illegal addresses.
More and more illicit money is going into DeFi protocols, as DeFi protocols themselves were the most common target of attacks in 2022. As a result of such attacks, hackers typically end up with less popular tokens (mostly not listed on major, centralized exchanges), which require the use of decentralized exchanges (DEX) to exchange them for more popular cryptocurrencies.
Using mixers
Mixers are popular services used by cryptocurrency criminals, receiving 8% of all funds sent from illegal addresses in 2022. Last year, OFAC sanctioned mixers for the first time ever, first Blender.io and then Tornado Cash, for their role in laundering cryptocurrencies stolen by North Korea's Lazarus Group.
The sanctioning of known mixers may have contributed to two trends observed in 2022:
Mixers processed a total of $7.8 billion in 2022, 24% of which came from illegal addresses.
It is also worth noting that the vast majority of illegal funds processed by the mixers consist of stolen funds, much of which were stolen by hackers linked to North Korea.
Concentration of money laundering at fiat off-ramp services
Fiat off-ramps, such as exchanges, allow criminals to convert cryptocurrencies into fiat currencies, which is probably their main target for money laundering. On the other hand, these services are among the most regulated and their compliance teams play a large role in detecting illegal activities, preventing the flow of illicit funds and exchanging them for cash.
In 2022 there were 915 unique fiat off-ramps receiving illegal cryptocurrencies (down from 1,124 in 2021). Of the illegal funds received by exchanges, 67.9% went to just five services, all of which are centralized exchanges.
"Underground" money laundering services are a growing concern
Another trend in money laundering, as observed by Chainalysis, is the growth of underground services that are not as publicly available or well-known as standard mixers (usually accessed through the TOR browser and mostly advertised only on darknet forums). Such services typically move cryptocurrencies to exchanges on behalf of cybercriminals, exchange them for fiat currency or "clean" cryptocurrencies, and then send them back to the cybercriminals.
2022 the biggest year in history for cryptocurrency thefts with a total value of $3.8 billion.
DeFi protocols the biggest victims of hacking
Over the previous year, 82.1% of the total amount stolen by hackers came from DeFi protocols, amounting up to $3.1 billion (an increase from 73.3% in 2021). The report's authors point out that 64% of these stolen funds came from cross-chain bridge protocols. Bridges are attractive targets for hackers because smart contracts become powerful, centralized collections of funds supporting assets that have been "bridged" to a new chain.
How to make DeFi safer?
Recommended solutions:
The report indicates that regulators can also play a significant role here and can help make DeFi more secure by setting minimum security standards that protocol developers would have to follow.
Hackers linked to North Korea
Hackers linked to North Korea (such as those on the Lazarus Group) broke their own records in 2022, stealing cryptocurrencies worth an estimated $1.7 billion. Most experts agree that the North Korean government is using these stolen funds to fund its nuclear weapons programs.
$1.1 billion of that total was stolen through hacks of DeFi protocols. The reason hackers linked to North Korea tend to send much of what they steal to other DeFi protocols is that during their attacks they acquire large amounts of non-liquid tokens that are not listed on centralized exchanges. Hackers must therefore turn to other DeFi protocols (usually DEX) to exchange them for more liquid assets.
Hackers linked to North Korea pose a serious threat to the cryptocurrency ecosystem. However, law enforcement agencies are able to fight them more and more effectively. An example of this was the seizure of $30 million worth of funds stolen by North Korean hackers who carried out an attack on the Axie Infinity Ronin Bridge. This was the first such incident in history, which shows that law enforcement agencies have increasing capabilities to fight cryptocurrency-related crimes.
In 2022, there was a decrease in revenue from the previous year for darknet markets.
The darknet market's revenue in 2022 closed at $1.5 billion, down from $3.1 billion in 2021.
Hydra Market led as the highest-earning darknet market in 2022, despite being sanctioned by OFAC and shut down in a combined US-German operation in April - no other market beat their revenue advantage.
The report, prepared by Chainalysis, explains that Hydra offered legitimate business-style service to its customers, providing amenities and customer care. For example, Hydra offered a service that allowed users to check drug purity. In addition, Hydra provided a Telegram bot that could help users in the event of an overdose, and also helped vendors contact lawyers.
The closure of Hydra resulted in a decline in darknet market revenue across the sector - average daily revenue for all markets fell from $4.2 million to $447,000 immediately after Hydra's closure.
Cryptocurrency scam revenue dropped 46% in 2022.
Although scams remain the largest form of cryptocurrency-based crime, revenues from this area dropped significantly from $10.9 billion in the 2021 to $5.9 billion in 2022. It should again be emphasized that the numbers indicated are the lower end of estimates and are likely to change as Chainalysis identifies more addresses related to these activities.
Despite the fact that revenues from this category declined in 2022, several very ‚successful’ scams were observed, the largest of which was Hyperverse, which brought in nearly $1.3 billion in revenue. In 2022, investment fraud dominated as a major category and contributed the most revenue among all illegal activities in this area.
A brief overview of the categories of scams that Chainalysis tracks:
The average deposit taken from romance scam victims was nearly $16,000, almost triple the next closest category.
Revenue from scams usually correlates with the price of Bitcoin, but not every type of crime follows the same pattern. For example, romance scams are more about building a personal relationship with the victim. The victim's main goal is not to get rich quick, but rather to help a person they consider to be a potential partner.
24% of new tokens launched in 2022 had features of ’pump and dump’ schemes.
In the world of cryptocurrencies, the use of "pump and dump" schemes (artificially raising the price to attract investors, followed by the sale of tokens by their creators, causing a sharp drop in value and losses for investors) has become common. This is due to the ease with which fraudsters can launch a new token into the market and artificially inflate its price and market capitalization by controlling the volume of trading and supply of the token. Many projects and tokens are launched by anonymous teams, allowing criminals to conduct many such scams.
Last year, more than 1.1 million new tokens were launched on the market. However, most of them failed to gain popularity among the cryptocurrency community, which was measured by the number of swaps made on exchanges.
Of the 1.1 million tokens launched in 2022, the report's creators, based on specific criteria, identified 40,521 tokens that gained enough popularity on DEXes to be analyzed. It turned out that 9,902 of them, that is 24%, experienced a price drop in the first week after their launch, indicating that they were created to scam others (using a ’pump and dump’ scheme).
The report's creators found that 445 individuals or groups were responsible for nearly 10,000 suspicious tokens launched in 2022.
The most active suspected pump-and-dump token creator identified launched 264 tokens in 2022.
Criminal activity in cryptocurrencies accounts for less than 1% of total cryptocurrency transaction volume and despite this year's spike, its share of total cryptocurrency activity is on a downward trend.
DISCLAIMER
This material does not constitute investment advice, nor is it an offer or solicitation to purchase any cryptocurrency assets.
This material is for general informational and educational purposes only and, to that extent, makes no warranty as to, nor should it be construed as such, regarding the reliability, accuracy, completeness or correctness of the materials or opinions contained herein.
Certain statements in this educational material may relate to future expectations that are based on our current views and assumptions and involve uncertainties that could cause actual results, performance or events to differ from those statements.
BB Trade Estonia OU and its representatives and those working directly or indirectly with BB Trade Estonia OU do not accept any liability arising from this article.
Please note that investing in cryptocurrency assets carries risks in addition to the opportunities described above.