2023 was a year of recovery for cryptocurrency as the industry recovered from the scandals, blow-ups and price drops of 2022. With crypto assets recovering and market activity growing throughout 2023, many believe that the crypto winter is ending, and a new phase of growth may soon be upon us.
But what has all this meant for crypto-crime? Let’s look at the high-level trends.
In 2023, a significant drop in value received by illegal cryptocurrency addresses, to a total of $24.2 billion. As always, we must caution by saying that these figures are lower bound estimates based on inflows to the illegal addresses we identified today. One year from now, these totals will almost certainly be higher as we identify more illegal addresses and incorporate their historical activity into our estimates. For example, when we published our Cryptocrime Report last year, we estimated $20.6 billion in illegal transaction volume for 2022. One year later, our updated estimate for 2022 is $39.6 billion. Much of that growth came from the identification of previously unknown, highly active addresses hosted by approved services, as well as our addition of transaction volume associated with services in approved jurisdictions to our illegal totals.
Another important reason why the new total is so much higher, besides the identification of new illegal addresses: We now count the $8.7 billion in creditor claims against FTX in our 2022 figures. In last year’s report, we said we would wait to include transaction volumes related to FTX and other firms that collapsed under allegedly fraudulent circumstances that year in our illegal totals until legal processes were concluded. Since then, a jury FTX’s former CEO found guilty of fraud.
Typically, we only include measurable on-chain activity in our estimates for illegal activity. In the case of FTX, it is impossible to use off-chain data alone to measure the extent of the fraudulent activity, as there is no way to isolate illicit movements of user funds. As such, we believe the $8.7 billion in creditor claims against FTX is the best estimate to include. Given the size and impact of the FTX situation, we are treating this as an exception to our usual on-chain methodology. If courts convict in similar, ongoing cases, we plan to include their activities in our illegal transaction data in the future as well.
All other totals exclude income from non-crypto-native crime, such as conventional drug trafficking in which crypto is used as a means of payment. Such transactions are virtually indistinguishable from legitimate transactions in on-chain data. Of course, law enforcement with off-chain context can still investigate this flow using Chainalysis solutions. In cases where we can confirm such information, we count the transactions as illegal in our data, but there are almost certainly many cases where this is not the case, and therefore the numbers will not be reflected in our totals.
In addition to the reduction in absolute value of illegal activity, our estimate for the share of all crypto transaction volume associated with illegal activity also fell, to 0.34% from 0.42% in 2022. [1]
We are also seeing a shift in the types of assets involved in cryptocurrency-based crime.
Through 2021, Bitcoin reigned supreme as the cryptocurrency of choice among cybercriminals, likely due to its high liquidity. But that has changed in the past two years, with stablecoins now accounting for the majority of all illicit transaction volumes. This change also comes along recent growth in stablecoins’ share of all crypto activity in general, including legitimate activity. However, stablecoin dominance is not the case for all forms of cryptocurrency-based crime.
Some forms of illegal cryptocurrency activity, such as darknet market sales and ransomware extortion, still occur primarily in Bitcoin. [2] Others, such as scams and transactions related to sanctioned entities, have moved to stablecoins. These also happen to be the largest forms of cryptocrime by transaction volume, driving the larger trend. Sanctioned entities, as well as those operating in sanctioned jurisdictions or involved in terrorist financing, also have a greater incentive to use stablecoins, as they may face more challenges in accessing the US dollar through traditional means, but still want to take advantage of the stability it offers. However, stablecoin issuers can freeze funds when they become aware of their illegal use, like Tether did recently with addresses related to terrorism and warfare in Israel and the Ukraine.
Below, we will look at three key trends that have defined cryptocrime in 2023 and will be important to look ahead.
Scams and stolen funds down big
Revenue from crypto-scams and hacking both dropped significantly in 2023, with total illegal revenue for each down 29.2% and 54.3%, respectively.
As we discuss later in our scams section, many crypto scammers have now adopted romance scam tactics, targeting individuals and building relationships with them to point them to fraudulent investment opportunities, rather than advertising them far and wide, which often make them more difficult. to expose Although the FBI has published data show that reports of crypto-investment scams in the US have increased year-over-year through 2022, our on-chain statistics indicate that scam revenue has decreased worldwide since 2021. We believe this is consistent with the long-standing trend that scams are most successful when markets are up, exuberance is high, and people feel they are missing a get-rich-quick opportunity. Of course, the impact of romance scams on individual victims is devastating and should not be underestimated. And while increased reporting — at least in the US — is a good sign, we still believe insights into romance scams in particular suffer from underreporting. We hypothesize that the true damage from scams is greater than reporting to the FBI and our on-chain statistics show, but overall, scams are down given broader market dynamics.
Crypto hacking, on the other hand, is much more difficult for criminals to hide, as industry observers can quickly detect the unusual outflows of a given service or protocol when a hack occurs. As we will discuss later, the decline in stolen funds is largely driven by a sharp decline in DeFi hacking. That fallout can lead to the reversal of a disturbing, long term trend, and may indicate that DeFi protocols are improving their security practices. That said, stolen funds statistics are heavily outlier-driven, and one big hack could shift the trend again.
Ransomware and darknet market activity is on the rise
Ransomware and darknet markets, on the other hand, are two of the most prominent forms of cryptocrime that saw revenues rise in 2023, contrary to overall trends. The growth of ransomware revenue is disappointing after the sharp declines that we covered last yearand suggests that ransomware attackers may have adapted to organizations’ cybersecurity improvements, a trend we first reported earlier this year.
Similarly, this year’s growth in darknet market revenue also comes to a 2022 decrease in income. That decline was largely driven by the shutdown of Hydra, which was once by far the world’s most dominant market, accounting for more than 90% of all darknet market revenue at its peak. While no single market has yet emerged to take its place, the sector as a whole is recovering, with total revenue climbing back to its 2021 highs.
Transactions with sanctioned entities drive the vast majority of illegal activities
Perhaps the most obvious trend that emerges when looking at illicit transaction volume is the prominence of sanctions-related transactions. Sanctioned entities and jurisdictions together accounted for a combined $14.9 billion in transaction volume in 2023, representing 61.5% of all illicit transaction volumes we measured in the year. Most of this total is powered by cryptocurrency services approved by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), or located in sanctioned jurisdictions, and can continue to operate because they are in jurisdictions where US sanctions are. not enforced.
While these services can and have been used for nefarious purposes, it also means that some of that $14.9 billion in sanctions-related transaction volume includes activity from average crypto users who happen to live in those jurisdictions. For example, Russia-based exchange Garantex, which was approved by OFAC and OFSI in the United Kingdom. for its facilitation of money laundering on behalf of ransomware attackers and other cybercriminals, was one of the largest drivers of transaction volume related to sanctioned entities in 2023. Garantex continues to operate because Russia does not enforce US sanctions. So, does this mean that all of Garantex’s transaction volume is associated with ransomware and money laundering? No. Nevertheless, exposure to Garantex poses serious sanctions risks for crypto-platforms subject to US or UK jurisdiction, meaning that those platforms must remain increasingly vigilant and watch for exposure to Garantex in order to comply.
More crypto crime insights to come
Stay tuned for more research into cryptocurrency-based crime as we continue to introduce insights into ransomware, hacking, cryptocurrency laundering and more. You can too click here to get the full 2024 Crypto Crime Report delivered to your inbox as soon as it’s published.
Endnotes:
[1] Transaction volume is a measure of all economic activity, a proxy for funds changing hands. We remove shell chains, internal service transactions, petty cash and any other type of transaction that would not count as an economic transaction between different economic actors.
[2] These estimates do not include privacy coins such as Monero.
This material is for informational purposes only and is not intended to provide legal, tax, financial, investment, regulatory or other professional advice, nor should it be relied upon as a professional opinion. Recipients should consult their own advisors before making these types of decisions. Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information herein. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with the Recipient’s use of these materials.
Disclaimer for Uncirculars, with a Touch of Personality:
While we love diving into the exciting world of crypto here at Uncirculars, remember that this post, and all our content, is purely for your information and exploration. Think of it as your crypto compass, pointing you in the right direction to do your own research and make informed decisions.
No legal, tax, investment, or financial advice should be inferred from these pixels. We’re not fortune tellers or stockbrokers, just passionate crypto enthusiasts sharing our knowledge.
And just like that rollercoaster ride in your favorite DeFi protocol, past performance isn’t a guarantee of future thrills. The value of crypto assets can be as unpredictable as a moon landing, so buckle up and do your due diligence before taking the plunge.
Ultimately, any crypto adventure you embark on is yours alone. We’re just happy to be your crypto companion, cheering you on from the sidelines (and maybe sharing some snacks along the way). So research, explore, and remember, with a little knowledge and a lot of curiosity, you can navigate the crypto cosmos like a pro!
UnCirculars – Cutting through the noise, delivering unbiased crypto news
