Money laundering is a common theme among many crypto crimes. Criminal actors exploit the anonymity of the blockchain to launder profits from both off-chain and on-chain crimes to obfuscate the sources of illicit funds and convert them into cash, which can then be moved into the legitimate banking system. Cryptocurrency is used by criminals to launder funds from diverse types of crimes, from real-world criminal activities to cybercrimes, digital fraud, and thefts of cryptocurrencies from online exchanges.
Most mainstream exchanges and other Virtual Assets Service Providers (VASPs) are subject to Financial Action Task Force (FATF) guidance, which aims to mitigate the risks of using virtual assets for money laundering and terrorist financing. FATF implements a risk-based approach to Anti-Money Laundering (AML) that includes Know Your Customer (KYC) regulations that require exchanges and other VASPs to verify their customers’ identities. These regulations have prompted criminals to find advanced techniques to throw off financial investigators and launder their illicit funds.
How does cryptocurrency money laundering work?
Criminals utilize different methods and services that send funds through numerous addresses or businesses to obscure their origins. The assets are then sent from a seemingly legitimate source to a destination address or an exchange to be liquidated. This process makes it very difficult to trace laundered funds back to illicit activities.
Below are the 5 most popular methods employed by criminals for laundering funds on the blockchain.
- Nested services are a broad category of services that operate within one or more exchanges. These services utilize addresses hosted by the exchanges to tap into the liquidity of the exchanges and capitalize on opportunities to trade. Some exchanges don’t require high compliance standards for nested services, allowing bad actors to exploit them for money laundering.
On the blockchain ledger, these nested services transactions appear as having been conducted by their host counterparties (i.e., the exchanges) rather than by the hosted nested services or individuals’ addresses.
The most common and notorious type of nested service is an Over-the-Counter (OTC) broker. OTC brokers enable traders to easily, securely and anonymously trade large amounts of cryptocurrency. The OTC brokers facilitate direct cryptocurrency trades between two parties, without the mediation of an exchange. These trades can be made between different cryptocurrencies (e.g., Ethereum and Bitcoin) or between cryptocurrencies and fiat currencies (e.g., cryptocurrencies, like Bitcoin and fiat currencies, like euros). The OTC brokers find counterparties for a transaction in exchange for a commission, but do not get involved in the negotiations. Once terms are defined, the parties transfer custody of the assets through the broker.
In August 2020, The U.S. Department of Justice (DOJ) filed a complaint to forfeit 280 cryptocurrency addresses involved in the laundering of approximately 28.7 million dollars’ worth of cryptocurrency stolen from an exchange by the North Korea-affiliated hackers known as Lazarus Group. The complaint detailed two hacks of crypto exchanges by North Korean actors, who stole millions of dollars’ worth of cryptocurrency and ultimately laundered the funds through Chinese over-the-counter (OTC) cryptocurrency traders and follows related actions pertaining to the theft of $250 million in cryptocurrency through other exchange hacks by North Korean actors.
The Lazarus Group has continued to use OTC traders to launder funds. In April 2023, the US Department of the Treasury Office of Foreign Assets Control (OFAC) sanctioned three people, including two OTC crypto traders, for aiding the North Korean group.
- Gambling platforms are popular among cryptocurrency money launderers. Funds are paid into the platform through some combination of identifiable or anonymous accounts. They are either cashed out or placed in bets, often in collusion with affiliates. Once the money in the gambling account is paid out, it can be given legal status. Gambling services have been specified in the Financial Action Task Force’s (FATF) “Virtual Assets Red Flag of Money Laundering and Terrorist Financing” report, issued on September 2020. In this report, FATF identified two situations in which gambling services can be considered as a red flag:
- Funds deposited or withdrawn from a virtual asset address or wallet, with direct and indirect exposure links to known suspicious sources, including questionable gambling sites.
- VA transactions originating from or destined to online gambling services.
- Mixers are services that blend digital assets from many addresses together before releasing them at random intervals to new destination addresses or wallets, thus increasing anonymity. They are often used to conceal the trail of funds before they are transferred to legitimate businesses or major exchanges.
Crypto money laundering via mixers has made headlines, and the numbers are big. In March 2023, the US Department of Justice announced the joint international takedown of ChipMixer, a darknet crypto mixing service responsible for laundering more than $3 billion in cryptocurrency. The operation allowed German authorities to seize more than $46 million in crypto from back-end servers.
Another notorious example is Tornado Cash, a mixer that laundered over $7 billion from 2019 until 2022, when the service’s developer was arrested by Dutch authorities.
- Fiat exchanges change crypto into cash, and may be mainstream, peer-to-peer (P2P), or non-compliant (exchanges that do not obey or are not subject to regulations). Once cash exchanges have taken place, traditional financial investigation methods must be employed.
Illicit addresses used exchanges to change nearly $23.8 billion in cryptocurrency in 2022, a 68% increase from the prior year. Mainstream exchanges received almost half the funds from illicit addresses, despite most of these exchanges having compliance measures in place. Before being exchanged, over 40% of illicit funds go through intermediary services, such as mixers or Decentralized Finance (DeFi) protocols, to obscure the money trail.
- Services headquartered in high-risk jurisdictions are services in jurisdictions identified as having strategic deficiencies in their AML or Combating the Financing of Terrorism (CFT) regimes.
The Financial Action Task Force (FATF) identifies jurisdictions with weak measures of combating money laundering and terrorist financing (AML/CFT), which are often externally referred to as the “black list” and “grey list.” The European Commission also identifies countries that have strategic deficiencies in their AML/CFT regimes and that pose significant threats to the financial system of the European Union.
How can law enforcement and security agencies stop cryptocurrency money laundering on the blockchain?
Authorities constantly face new challenges in their investigations due to the increasingly sophisticated money laundering techniques. Money laundering is the key to all cryptocurrency crime, since it gives criminals a way to move funds received from other crimes from. Without the ability to launder money, cryptocurrency profits can’t be stored or converted to fiat currency without detection by law enforcement.
An advanced blockchain analytics solution is necessary for law enforcement and security agencies to fight criminals and terrorists who launder money and stop crypto crime.
To learn more about the challenges of investigating crypto crime and how to get your financial investigations back on track, download our eBook, Keeping Up with Financial Investigations in the Digital Age.