2023 was a year of recovery for cryptocurrencies, as the industry bounced back from the scandals, uproar, and price crashes of 2022. As crypto assets recover and market activity expands throughout 2023, many believe that the crypto winter is over and a new one is beginning. The growing season may be coming soon.
But what does all this mean for crypto crime? Let's take a look at the top-level trends.
In 2023, the value received by illicit cryptocurrency addresses decreased significantly, totaling $24.2 billion. As always, we must note that these numbers are lower bound estimates based on traffic to fraudulent addresses identified today. A year from now, these totals will almost certainly be higher as we identify more fraudulent addresses and incorporate their past activity into our estimates. For example, when we published our Crypto Crime Report last year, he estimated the volume of illegal transactions in 2022 to be worth $20.6 billion. The latest estimate for 2022, one year later, is $39.6 billion. Much of this increase was due to the identification of previously unknown highly active addresses hosted by licensed services and the addition of transaction volumes related to services in licensed jurisdictions to our illegal totals. It depends.
Besides the identification of new fraudulent addresses, another major reason for the large increase in the new total is the inclusion of $8.7 billion in creditor claims against FTX in the 2022 numbers. In last year's report, the company said it would suspend inclusion in illegal totals of trading volumes related to FTX and other companies that went bankrupt that year due to alleged fraud pending legal proceedings. Since then, the jury has Former FTX CEO convicted of fraud.
Presumptions of illegal activity typically include only measurable on-chain activity. In the case of FTX, it is impossible to measure the extent of fraud using on-chain data alone, as there is no way to isolate fraudulent movements of user funds. Therefore, we believe that: Claims from creditors amount to $8.7 billion The best estimate is to include the value for FTX. Given the scale and impact of the FTX situation, we treat this as an exception to our normal on-chain methodology. If a court results in a conviction in a similar ongoing case, we will include that action in our illegal transaction data in the future.
All other totals exclude proceeds from non-cryptocurrency native crimes, such as traditional drug trafficking where cryptocurrencies are used as a means of payment. Such transactions are virtually indistinguishable from legitimate transactions in on-chain data. Of course, law enforcement with an off-chain context can use Chainaracy solutions to investigate these flows. If such information is available, we will count the transaction as fraudulent in our data, but there are almost certainly many cases where this is not the case, and therefore the numbers will not be reflected in the aggregate.
In addition to the decline in the absolute value of illegal activity, our estimate of the proportion of total cryptocurrency transaction volume related to illegal activity also fell from 0.42% in 2022 to 0.34%. [1]
We are also seeing a shift in the types of assets involved in crypto-based crimes.
Until 2021, Bitcoin was the top cryptocurrency of choice for cybercriminals due to its high liquidity. However, things have changed over the past two years, and stablecoins now account for the majority of illegal trading volume.This change also occurs at the same time recent growth The share of stablecoins in all cryptocurrency activity, including legitimate activity. However, the advantages of stablecoins do not apply to all forms of cryptocurrency-based crime.
Some forms of illegal cryptocurrency activity, such as sales on darknet markets and ransomware extortion, still primarily occur with Bitcoin. [2] Other transactions, such as those related to fraud or sanctioned entities, are moving to stablecoins. They are also the largest form of crypto crime in terms of transaction volume, thereby driving a larger trend. Sanctioned entities, entities operating in sanctioned jurisdictions or involved in terrorist financing also have greater incentive to use stablecoins. Although they may face additional challenges by accessing the US dollar through traditional means, they still want to benefit from stability. . However, stablecoin issuers can freeze funds if they become aware of misuse, like Tether. did recently It included addresses related to terrorism and war in Israel and Ukraine.
Below, we look at three key trends that will define cryptocurrency crime in 2023 and will be important to watch going forward.
Significant reduction in fraud and stolen funds
Cryptocurrency fraud and hacking revenues decreased significantly in 2023, with total illicit revenues decreasing by 29.2% and 54.3%, respectively.
As we will discuss later in the scams section, many crypto scammers are now employing romance scam tactics, targeting individuals and building relationships rather than broadly promoting fraudulent investment opportunities. and promote fraudulent investment opportunities. To reveal. Although the FBI has Show published data Although reports of crypto investment fraud in the United States will increase each year through 2022, our on-chain metrics suggest that globally, fraud profits will trend downward from 2021 onwards. We believe this is consistent with the long-standing trend that this is when fraud is most successful. The market is up, the market is booming, and people feel like they are missing out on a get-rich-quick opportunity. Of course, the impact romance scams have on individual victims is significant and should not be underestimated. While the increase in reporting is a good sign, at least in the US, we believe that insights into romance scams in particular suffer from underreporting. We hypothesize that the true cost of fraud is greater than what FBI reporting and on-chain metrics indicate, but given broader market trends, overall fraud will decline. I am.
Cryptocurrency hacks, on the other hand, are much harder for criminals to hide because once a hack occurs, industry observers can quickly spot any unusual leaks from a particular service or protocol. As we will explain later, the decline in stolen funds is primarily driven by a sharp decline in DeFi hacks. This decline may represent a disturbing reversal of circumstances. long term trends, and could indicate that DeFi protocols are improving their security practices. That said, stolen funds metrics rely heavily on outliers, and one major hack could change the trend again.
Ransomware and darknet market activity increases
Meanwhile, ransomware and darknet markets are two of the most prominent forms of cryptocurrency crime that increased revenue in 2023, contrary to the overall trend. Ransomware revenue growth is disappointing following our steep decline. featured last yearAnd it suggests that perhaps ransomware attackers are adapting to improving organizational cybersecurity, a trend we were the first to report. Before this year.
Similarly, this year's darknet market revenue growth will also be Decrease in 2022 In terms of profits. This decline was largely due to the closure of Hydra, which was once the world's most dominant market and at its peak captured more than 90% of the total darknet market revenue. No single market has yet emerged to replace it, but the sector as a whole is recovering, with total returns rebounding towards his 2021 highs.
Transactions with sanctioned entities drive the majority of illegal activity
Perhaps the most obvious trend that emerges when examining the volume of illegal transactions is the prominence of sanctions-related transactions. In 2023, transaction volume across sanctioned entities and jurisdictions was worth a total of $14.9 billion, representing 61.5% of the total illicit transaction volume we measured in that year. Most of this total comes from virtual currency services licensed by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) or located in sanctioned jurisdictions and subject to U.S. sanctions. It can continue to operate because it is within the jurisdiction. Not forced.
While these services can and have been used for malicious purposes, a portion of the $14.9 billion in sanctions-related transactions happens to be located in those jurisdictions. It also means that it includes the activity of the average cryptocurrency user. For example, the Russian-based exchange Garantex OFAC approved and UK OFSI. The company, which facilitated money laundering on behalf of ransomware attackers and other cybercriminals, was one of the largest drivers of transaction volume related to sanctioned companies in 2023. Galantex continues to operate because Russia is not enforcing U.S. sanctions. Does that mean all of Garantex's trading volume is related to ransomware and money laundering? No. Nevertheless, the exposure to Garantex is limited to crypto platforms under US or UK jurisdiction. poses a serious sanctions risk. This means these platforms will need to be more vigilant than ever and screen their exposure to Garantex in order to comply.
More insights into crypto crime to come
Stay tuned for more research on crypto-based crimes as we continue to develop insights on ransomware, hacking, crypto money laundering, and more.you can also click here Get the full 2024 Crypto Crime Report delivered to your inbox as soon as it's published.
Ending note:
[1] Trading volume is a measure of all economic activity and represents the movement of funds. We remove peel chains, internal service transactions, small change, and other types of transactions that do not count as economic transactions between different economic entities.
[2] These estimates do not include privacy coins like Monero.
This material is for informational purposes only and is not intended to provide legal, tax, financial, investment, regulatory, or other professional advice and may not be relied upon as professional opinion. there is no. Recipients should consult their own advisors before making these types of decisions. Chaina Analysis does not guarantee the accuracy, completeness, timeliness, suitability, or validity of the information contained herein. Chainarise assumes no liability for any decisions or other acts or omissions made in connection with the recipient's use of this material.
