2023 has so far been a year of recovery for cryptocurrency after a chaotic 2022, with prices of digital assets such as Bitcoin rising more than 80% in the year to June 30. And that’s not the only good news for the industry. Our data shows that crime related to cryptocurrencies has decreased significantly this year. Check out the graph below, which shows cumulative daily inflows to legal, risky and illegal services for 2023 compared to previous years.
By the end of June, crypto inflows to known illegal entities – not including inflows to entities sanctioned or subject to special measures – were down 65% compared to where they were at the same time in 2022. Inflows to risky entities (made up mainly of mixers and high-risk exchanges) are 42% lower. Of course, transaction volumes are lower overall, but declines are much less severe for legal services, which only saw a 28% drop in inflows. In other words, there has been a pullback in the market, but the volume of illegal crypto transactions is falling much more than the legal crypto transaction volume.
What specific forms of cryptocurrency-based crime are decreasing the most?
Inflows to illegal addresses are down in almost every category, but no form of cryptocrime has suffered more than scams. Through June, crypto scammers took in nearly $3.3 billion less in 2023 than they did in 2022, for a total of just over $1.0 billion on the year. Ransomware, on the other hand, is the only form of cryptocurrency-based crime that will grow rapidly in 2023, with attackers extorting $175.8 million more than they did at the same time in 2022. the positive downward ransomware trend we saw in 2022. We’ll take a closer look at 2023’s scam and ransomware activity below to learn more about why they decreased and increased in 2023, respectively.
Cryptocurrency fraud revenue plummets as two of 2023’s biggest scams suddenly disappear
Scams are almost always the highest revenue form of cryptocurrency-based crime, and while this has been the case so far in 2023, total fraud revenue has declined compared to last year. By the end of June, crypto scammers were pulling in 77% less revenue than they did up until June 2022 – and also keep in mind that 2022 itself is a big drop in income compared to 2021. However, this year’s drop is probably more notable because it comes at a time when crypto asset prices are rising. Usually, positive price movements translate to higher fraud revenue, likely because increased crypto market exuberance and FOMO make victims more susceptible to scammers’ pitches. But 2023’s drastic scam bucks that long-standing trend.
Why is fraud revenue so down? Check out the chart below, which shows the total daily crypto fraud revenue and earnings for the top ten crypto entities identified as scams by Chainalysis.
We can see here that the category’s revenue decline is largely driven by the sudden disappearance of two large-scale scams: VidiLook and, to a lesser extent, Chia Tai Tianqing Pharmaceutical Financial Management. Both scams follow the typical investment scam model of offering exorbitant returns on any cryptocurrency “invested” by users, but VidiLook does it with a unique twist, paying users its native VDL token in exchange for viewing digital ads. look, what then claim users can exert. for great rewards.
Source: Youtube
Both VidiLook and Chia Tai seem to have exit cheat, as they moved all cryptocurrency out of their primary wallets and stopped deposits and withdrawals for users. We can see VidiLook’s exit scam on the Chain list reactor chart below.
After receiving stolen funds from victims during the months of March and April 2023, VidiLook sent more than $50 million in USDT_TRX to the personal wallet on the right side of the chart during the months of March and April 2023. -April.
VidiLook’s exit scam is not surprising, but what is surprising is that the total fraud revenue remains so low after the decline. Ordinarily, we would expect new scams to fill the void. But despite low overall fraud revenue this year, VidiLook serves as an example of why cryptocurrency businesses, users, and law enforcement need to remain vigilant — VidiLook bilked victims out of more than $120 million in cryptocurrency in just a few months, making the damage ‘ a single emphasis. effective scam can do in a short period of time.
It’s also worth noting that while overall crypto fraud revenue is significantly lower, one type of scam took a much smaller hit than others.
Impersonation scams, in which fraudsters impersonate a law enforcement or other type of authority figure to extort money from victims, have only seen a 23% drop in inflows so far in 2023, compared to 77% for scams overall. Worse, the number of individual transfers to impersonation scam addresses actually has increased 49% year-on-year, suggesting that more people fell victim to impersonation scams in 2023, even if the total amount lost is lower. Those data points show that even with total fraud revenue down, law enforcement and crypto compliance teams can’t rest on their laurels.
Ransomware rises as big game hunting makes a comeback
Ransomware is the one form of cryptocurrency-based crime that has increased so far in 2023. In fact, ransomware attackers are on track for their second biggest year ever, having extorted at least $449.1 million through June.
If this pace continues, ransomware attackers will extort $898.6 million from victims in 2023, trailing only 2021’s $939.9 million.
When we published our annual Crypto Crime Report in February we were pleased to report that 2022 had ransomware revenue dropped significantly compared to 2021. Why the reversal in fortunes? First, big-game hunting – that is, the targeting of large, deep-pocketed organizations by ransomware attackers – appears to have returned after a lull in 2022. At the same time, the number of successful small attacks has also grown. Both trends are evident in the chart below, which shows how the distribution of ransomware payout sizes has changed since 2020.
On the left side of the graph, we see an increase in the number of very small ransomware payments in 2023, while the number of very large payments on the right side has also grown significantly. The payment size spread has also widened to include higher amounts compared to previous years. In other words, we’re seeing growth in ransomware payments on both ends of the spectrum. Below are some ransomware strains whose mean and median payout sizes reflect those extremes.
Clan name 2023 average payment size 2023 median payment size
Dharma
$265
$275
Phobos
$1,719
$300
Stop/djvu
$619
$563
BlackBasta
$762,634
$147,106
ALPHV/Black Cat
$1,504,579
$305,585
Cl0p
$1,730,486
$1,946,335
At the top of the chart we see a low level RaaS trunks such as Dharma and Phobos, which are typically used in spray and bid attacks against smaller targets and can be deployed by relatively unsophisticated actors. On the lower end we see larger, more sophisticated clans like BlackBasta and Cl0p, who tend to be pickier with targets, hitting larger organizations for more money. Both types of strains were more active this year than in 2022.
Experts at cyber security and incident response firm Kivu saw firsthand 2023’s changes in ransomware patterns, particularly the growth in payment sizes. “These notable shifts in numbers directly align with the growing number of extremely high initial claims, ranging between the tens and hundreds of millions of USD,” said Kivu General Counsel and Risk Officer Andrew J. Davis.
We previously attributed the decrease in average ransom in 2022 to improved cybersecurity and data backup practices by large organizations, as well as law enforcement efforts, increased availability of decryptors, and sanctions against services that offer payout services to ransomware gangs. These developments have hampered attackers’ big-game hunting efforts and have enabled many victims to withstand ransomware attacks without paying. That still appears to be true to some extent, as Davis told us that many organizations are still refusing to pay in 2023. However, he also argued that the non-payment trend may prompt ransomware attackers to increase the size of their ransom demands, perhaps with the intention of squeezing the most money possible from the firms still willing to pay ransoms. To that end, Davis has also noticed an increase in more extreme extortion techniques, such as harassing employees of victim firms that have not yet paid.
We also cannot discount the role of the Russia-Ukraine war in last year’s ransomware decline, as the conflict likely displaced ransomware operators and diverted them from financially inspired cyber intrusions. We reported this before the majority of ransomware revenue comes under pressure with Russian ties, and it stands to reason that the conflict has disrupted ransomware operators’ ability to carry out attacks or perhaps even their mandate for such attacks. For example, Google reported earlier this year that the Cuba ransom gang had switched from financially motivated crimes to espionage. It is clear that the ransomware ecosystem has rebounded in 2023, both in terms of payments and attacks, with record incident numbers. The data serves as an important reminder that ransomware remains a significant threat, and that businesses must continue to strengthen their cybersecurity and data backup procedures for extra protection.
2023 is off to a great start
With the exception of ransomware, Chainalysis data shows that overall crypto-crime is in sharp decline in 2023. This decrease in inflows to illegal addresses shows that the efforts of both the private and public sectors are paying off – law enforcement pressure appears to be dampening criminal activity, while crypto businesses are doing their part to protect users from scams and prevent the hacks that occur in previous years was such a problem, especially for DeFi protocols. However, the persistent plague of ransomware demonstrates the need to remain vigilant. We will continue to monitor these trends, share updates as possible, and look forward to sharing our year-end findings in our next year Crypto Crime Report.
This website contains links to third party websites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the Site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
Chainalysis does not warrant or guarantee the accuracy, completeness, timeliness, suitability or validity of the information in this report and shall not be responsible for any claim attributable to errors, omissions or other inaccuracies of any part of such material.
Disclaimer for Uncirculars, with a Touch of Personality:
While we love diving into the exciting world of crypto here at Uncirculars, remember that this post, and all our content, is purely for your information and exploration. Think of it as your crypto compass, pointing you in the right direction to do your own research and make informed decisions.
No legal, tax, investment, or financial advice should be inferred from these pixels. We’re not fortune tellers or stockbrokers, just passionate crypto enthusiasts sharing our knowledge.
And just like that rollercoaster ride in your favorite DeFi protocol, past performance isn’t a guarantee of future thrills. The value of crypto assets can be as unpredictable as a moon landing, so buckle up and do your due diligence before taking the plunge.
Ultimately, any crypto adventure you embark on is yours alone. We’re just happy to be your crypto companion, cheering you on from the sidelines (and maybe sharing some snacks along the way). So research, explore, and remember, with a little knowledge and a lot of curiosity, you can navigate the crypto cosmos like a pro!
UnCirculars – Cutting through the noise, delivering unbiased crypto news
