Chainalysis Crypto Crime Report 2023: Uncovering Soaring Illicit Activities and the Battle Against Cyberattacks & Sanctions

The year 2022 witnessed a turning point in illicit cryptocurrency activities, characterized by a record-breaking transaction volume and targeted sanctions from the U.S. government.

The cryptocurrency market faced unparalleled turbulence in 2022, culminating in the downfall of major firms, including Celsius, Three Arrows Capital, and FTX, amidst allegations of fraud and other criminal activities. In response, Chainalysis' Crypto Crime Report delved into the world of on-chain illicit activities, offering a rare glimpse into the obscured realm of cryptocurrency crime.

The report highlighted an all-time high of $20.6 billion in illicit cryptocurrency transactions for 2022—an increase from the previous year—with the figure projected to be even higher. Interestingly, 43% of these transactions were linked to sanctioned entities, as the U.S. Office of Foreign Assets Control (OFAC) launched a vigorous campaign of crypto sanctions. However, it is worth noting that despite these sanctions, services such as Russia-based Garantex continue to operate, posing considerable compliance risks for businesses under U.S. jurisdiction.

While most categories of crypto-related crime witnessed a decline in transaction volumes, stolen funds saw a 7% year-over-year increase. Furthermore, the overall proportion of cryptocurrency activities connected to illicit transactions experienced growth for the first time since 2019, rising from 0.12% in 2021 to 0.24% in 2022. Despite this uptick, the percentage of crypto crime remains below 1% of the total volume.

In 2022, the U.S. government ramped up its efforts to curb crypto-related crime, focusing on more prominent entities, a more diverse range of services, and implementing sanctions for various reasons. High-profile sanctioned entities included darknet marketplace Hydra, decentralized mixer Tornado Cash, and Russia-based cryptocurrency exchange Garantex. These instances underscore the unique challenges of enforcing sanctions against different crypto entities.

Additionally, OFAC imposed sanctions on various individuals and entities in 2022 for activities such as cybercrime, drug trafficking, money laundering, and participation in Russia's invasion of Ukraine. The Chainalysis report examined three notable sanctioned entities—Hydra, Garantex, and Tornado Cash—operating in distinct crypto market segments.

Hydra, the most significant darknet market facilitating drug sales and money laundering, was dismantled by German police (working with the U.S.) in April 2022. In contrast, Garantex, a high-risk Russian crypto exchange, continued its operations despite facing sanctions for money laundering. Tornado Cash, a decentralized mixing service on the Ethereum blockchain, was sanctioned for its role in facilitating money laundering related to North Korean cryptocurrency hacks.

The behavior of these entities following the sanctions varied significantly. Hydra's inflows came to a complete halt after its seizure, while Garantex experienced a steady increase in transaction volume. Tornado Cash saw a substantial drop in activity but remained operational.

Counterparties also exhibited diverse reactions to the sanctions imposed on services like Hydra, Garantex, and Tornado Cash. For instance, Garantex's users mostly maintained their usage levels, with some even intensifying their engagement. In contrast, Tornado Cash experienced a decline in inflows across almost all categories, with the exception of scammers and mixing services.

Despite these challenges, the sanctions impacted the targeted services' criminal users. Many illicit entities that had relied on these services for money laundering witnessed a considerable reduction in potential revenue in the two months following the sanctioning event.

The report revealed that crypto sanctions' effectiveness varies depending on jurisdictional and technical constraints. According to the report, factors such as international cooperation and the decentralized nature of targeted services influence the success of crypto sanctions. The report examined revenue changes from sanctioning money laundering services across various illicit categories, including darknet markets, fraud shops, cybercriminal administrators, ransomware, scams, and stolen funds. While sanctions temporarily disrupted the illicit entities that relied on these services and affected their revenue, the report warns that the impact could be short-lived, as entities may find alternative, non-sanctioned money laundering services.

Chainalysis also reported a significant decrease in ransomware payments in 2022, despite a surge in unique strains. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million in the previous year. This decline is attributed to victim organizations increasingly refusing to pay ransoms rather than a decrease in attacks.

Interestingly, the report indicates that most ransomware attackers send extorted funds to mainstream, centralized exchanges, with the share of ransomware funds channeled to these exchanges growing from 39.3% in 2021 to 48.3% in 2022. The use of illicit services, such as darknet markets for ransomware money laundering, decreased while mixer usage increased. The report suggests that the actual number of individuals operating within the ransomware ecosystem is likely quite small, with many strains carried out by the same affiliates.

Money laundering remains critical to financially motivated crimes, including those involving cryptocurrencies. In 2022, illicit addresses sent nearly $23.8 billion worth of cryptocurrency, a 68.0% increase from the previous year. Mainstream centralized exchanges were the largest recipients of illicit cryptocurrency, receiving just under half of all funds sent from illicit addresses. However, DeFi protocols also experienced an increase in illicit funds, with cybercriminals sending funds to DeFi not to obscure their movements but to convert them to other services, including fiat off-ramps.

The report also examines the emergence of underground money laundering services, which are not as publicly accessible or well-known as standard mixers. Typically found through private messaging apps or the Tor browser, these services are usually advertised only on darknet forums. They move cryptocurrency to exchanges on behalf of cybercriminals, exchange it for either fiat currency or clean crypto, and then send it back to the cyber criminals. Like nested OTC and B2B services, many underground services use exchanges for liquidity.

In 2022, criminal balances saw a sharp decline in value, dropping from $12.0 billion at the end of 2021 to just $2.9 billion. This decrease is attributed to price declines in the ongoing bear market and large, successful seizures by law enforcement in 2022. In addition, stolen funds dominate on-chain criminal balances, likely due to the substantial increase in cryptocurrency thefts in the last two years and the high-profile discussions surrounding these hacks on crypto Twitter and industry forums.

DeFi protocols are particularly susceptible to oracle manipulation attacks, where bad actors can drain funds without exploiting platform code vulnerabilities. In these attacks, the perpetrator manipulates the price oracles that DeFi protocols rely on to ensure accurate asset pricing.

Price oracles are essential for many DeFi platforms, as they provide the data required for smart contracts to execute transactions based on real-world prices. However, if an attacker can manipulate the price oracle data, they can trick smart contracts into executing transactions based on fraudulent prices, leading to theft or other malicious activities.

In recent years, high-profile oracle manipulation attacks have been carried out on DeFi protocols like dForce, Balancer, and Harvest Finance, often exploiting vulnerabilities in the price oracle systems. To mitigate the risk of oracle manipulation attacks, some protocols use decentralized oracles that rely on a network of independent data providers, ensuring no single entity can manipulate the data. Other protocols use multiple oracles or employ advanced security measures like multi-signature schemes and time locks to protect funds from theft during an oracle manipulation attack.

Alongside money laundering and DeFi security challenges, the cryptocurrency world also grapples with darknet markets, scams, and pump-and-dump schemes, all of which pose significant threats to the industry's integrity and public perception.

Darknet Markets: Hydra's Closure and the Battle for Dominance

Darknet markets operate on private networks, requiring specific software, configurations, or authorization to access, and enable vendors to sell illicit goods and services to anonymous buyers through cryptocurrencies. The industry experienced a significant shift in 2022 when Hydra Marketplace, one of the most prominent players, was shut down in a joint US-German operation. Hydra's shutdown led to a decline in darknet market revenue, dropping from $3.1 billion in 2021 to $1.5 billion in 2022. However, three markets—Mega Darknet Market, Blacksprut Market, and OMG!OMG! Market—rose to prominence, attracting former Hydra users and vendors. Fraud shops selling compromised data saw a decline in revenue, while the closure of Hydra prompted a sector-wide decline and a battle for market dominance among remaining players.

The Decline in Crypto Scam Revenue and the Rise of Stablecoins

While scams remain the largest form of cryptocurrency-based crime, a new report reveals that crypto scam revenue fell nearly by half in 2022, dropping from $10.9 billion to $5.9 billion. Investment scams generated the most revenue, but romance scams were the most destructive per victim, averaging nearly $16,000 per victim. Despite the ongoing bear market, romance and giveaway scams continue to grow.

Blockchain analysis exposes the interconnected nature of the crypto scam ecosystem, making it difficult to estimate the actual amount lost to fraudsters. Stablecoins have become increasingly popular among scammers, with most scam revenue coming from the United States. Centralized exchanges are the most common service used by scam victims, with crypto ATMs also being exploited by scammers to target newcomers to cryptocurrency.

Pump and Dump Schemes: A Growing Concern

Pump and dump schemes are fraudulent practices in which holders of a tradable asset, such as cryptocurrency, heavily promote the asset to other investors using misleading statements to cause rapid price increases. Once new investors buy in, the holders sell their overvalued shares at a profit, causing the price to plummet and leaving newer investors with a low-value asset.

These schemes have become common in the crypto world due to the ease of launching new tokens and establishing an artificially high price and market capitalization. An analysis of all tokens launched on Ethereum and BNB blockchains in 2022 revealed that 24% of the 40,521 analyzed showed a price decline in the first week, indicative of possible pump-and-dump activity. The creators of these tokens made $30 million in profits before the tokens' value plummeted. The same wallet provided initial liquidity for several tokens that fit the pump-and-dump criteria, suggesting common ownership.

Pump and dump schemes are uniquely destructive in cryptocurrency due to the ease of launching new tokens and the social media-driven nature of crypto investment news and discussion.

The Chainalysis Crypto Crime Report for 2022 reveals a record-breaking $20.6 billion in illicit cryptocurrency transactions, with a notable increase in stolen funds and the overall proportion of cryptocurrency activities connected to illicit transactions.

Despite intensified efforts by the U.S. government to combat crypto crime through targeted sanctions and international cooperation, the effectiveness of these measures varies depending on jurisdictional and technical constraints. Moreover, as the cryptocurrency landscape continues to evolve, so does the nature of illicit activities within the ecosystem, including the rise of underground money laundering services, DeFi protocol vulnerabilities, and pump-and-dump schemes.

While the industry has made progress in addressing some of these challenges, the ever-changing crypto crime landscape demands continuous vigilance and innovation to ensure the cryptocurrency market's integrity, security, and public perception.

For a more globally understanding of the regulatory framework governing the global cryptocurrency market, it becomes essential to consider the recent advancements not just within the US, but also across the broader landscape of the EU and the UK. We invite you to delve into our astute article on the Markets in Crypto-Assets (MiCA) regulation. This proposed legislation, set forth by the European Commission, is poised to significantly reform the contours of the European cryptocurrency domain. [Link to article here]

This expanded international perspective plays a critical role in deepening our grasp of the complexities, challenges, and potential strategies for mitigating cryptocurrency-related crimes. Crypto regulation is not Ameri-centric, as it demands a broader, global perspective. Recognizing the decentralized nature of cryptocurrencies and their impact across borders, effective regulation requires international cooperation and coordination.

If you want to gain deeper insights into the current landscape of crypto crime and explore the findings of the 2022 Crypto Crime Report by Chainalysis, we encourage you to read the full report here.