How do criminals exploit cryptocurrencies?

How much do criminals use digital assets?

Entities involved in illicit activity received some $5bn in digital asset funds in 2020 and sent a similar amount. Those sums, from blockchain data provider Chainalysis, represent less than 1 per cent of overall cryptocurrency flows, however, and are dwarfed by the $1.6tn in cash that is laundered annually, according to UN estimates.

Nevertheless, the freewheeling, loosely regulated world of digital assets has earned a reputation for facilitating crime, given the lack of checks and balances on the system in its early years. The net has been tightening as regulators circle and cryptocurrency businesses develop tools to root out questionable activity. But the use of digital assets for crimes such as scams and ransomware demands persists.

Why do criminals use digital assets?

The attraction of digital assets for criminals is that they afford varying levels of anonymity, depending on the particular asset. This can make them a tool to facilitate money laundering, for example.

Bitcoin, the most popular, offers pseudonymity for its holders. This means holders can choose services to buy and sell the cryptocurrency without being required to disclose information that can identify them personally. However, every transaction is recorded on an immutable blockchain, so those with the technical expertise can see which digital wallets are sending funds to others.

By contrast, monero, a smaller cryptocurrency, was designed as an anonymous “privacy coin” to obscure the identities of the sender and receiver, as well as the amount exchanged. It is more illiquid, however, meaning that it can be difficult to buy large amounts and can attract unwanted attention for criminals.

What types of criminal activity are digital assets used for?

Scams make up the majority of criminal transactions using digital assets, according to Chainalysis. Last year, for example, hackers took over the Twitter accounts of hundreds of high-profile users, including then US presidential candidate Joe Biden and electric-car tycoon Elon Musk, to demand more than $100,000 in bitcoin. “Doubling all payments sent to my BTC address. You send $1,000 and I will send $2,000 back!” wrote one scammer from Musk’s account.

The second-largest category of crime is illicit transactions on the dark web, Chainalysis data show. The dark web is the name for those parts of the internet, popular among hackers and criminals, that are invisible to search engines and require anonymising software to access. They act as hubs for buying and selling firearms, drugs, stolen data and other illegal products.

Many only accept payments in digital assets. On Hydra, the largest dark web market place by revenues, there are money launderers called “Treasure Men”: a user pays a cryptocurrency amount to an intermediary, who will turn it into cash and leave it at a pick-up point.

A smaller but rapidly growing criminal use for digital assets is collecting ransomware payments. Ransomware usually involves hackers seizing an organisation’s data or hijacking computer systems and only unlocking access for a ransom. As the practice has proliferated, hackers have taken to demanding ransom payments in bitcoin or monero, making it harder for law enforcement agencies to trace the funds. In 2020, at least $350m in crypto ransoms was paid to hacker gangs. Other criminal use cases include terrorist financing, evading sanctions or moving stolen funds.

“I see the promise of these new technologies,” US Treasury secretary Janet Yellen said in February. “But I also see the reality: cryptocurrencies have been used to launder the profits of online drug traffickers; they’ve been a tool to finance terrorism.”

Are there ways to stop this?

Regulatory pressure has encouraged many cryptocurrency businesses to improve their policing of nefarious activity.

When digital assets first began to take off, criminals would use the major cryptocurrency exchanges, many of which had little to no anti-money-laundering (AML) or know-your-customer (KYC) processes. Blockchain analysis company Elliptic estimates that, between 2011 and 2019, large exchanges helped cash out between 60 and 80 per cent of all Bitcoin transactions from known bad actors. That share now stands at 45 per cent, as many crypto exchanges have improved their systems.

In September, the US Treasury imposed sanctions on a cryptocurrency exchange for the first time, for facilitating ransomware payments. More regulation or sanctions may be on the way.

Meanwhile, law enforcement agencies and the private sector are developing technology to track criminal groups and their use of digital assets, by analysing flows of cryptocurrencies in the blockchain. For example, US authorities were able to track and recover a large portion of the ransomware payment made to the Russian hackers who effectively shut down the Colonial oil pipeline earlier this year, causing fuel shortages on the US east coast.

However, the game of cat and mouse is escalating as criminal groups develop techniques to cover their crypto tracks.