Tom Sadon, Director of Product Marketing
November 07, 2021

Money Laundering: The Key to Cryptocurrency Crime

Money laundering is a common theme among many crypto crimes. Criminal actors exploit the anonymity of the blockchain to launder gains from both off-chain and on-chain crimes to obfuscate the sources of illicit funds and convert them into cash for bank deposits. Cryptocurrency is used by criminals to launder funds from diverse types of crimes, from real-world crimes and schemes to cyber-crimes, digital fraud and thefts of cryptocurrencies from online exchanges.

Most mainstream exchanges and other Virtual Assets Service Providers (VASPs) are subject to Financial Action Task Force (FATF) guidance, which aims to mitigate the risks of using virtual assets for money laundering and terrorist financing. FATF implements a risk-based approach to Anti-Money Laundering (AML) that includes Know Your Customer (KYC) regulations that require exchanges and other VASPs to verify their customers’ identities. These regulations have prompted criminals to find advanced techniques to throw off financial investigators and launder their illicit funds.

How does cryptocurrency money laundering work?

Criminals utilize different methods and services that send funds through numerous addresses or businesses to obscure their origins. The assets are then sent from a seemingly legitimate source to a destination address or an exchange to be liquidated. This process makes it very difficult to trace laundered funds back to illicit activities.

Below are the 5 most popular methods employed by criminals for laundering funds on the blockchain.

  1. Nested services are a broad category of services that operate within one or more exchanges. These services utilize addresses hosted by the exchanges to tap into the liquidity of the exchanges and capitalize on opportunities to trade. Some exchanges don’t require high compliance standards for nested services, allowing bad actors to exploit them for money laundering.

    On the blockchain ledger, these nested services transactions appear as having been conducted by their host counterparties (i.e., the exchanges) rather than by the hosted nested services or individuals’ addresses.

    The most common and notorious type of nested service is an Over-the-Counter (OTC) broker. OTC brokers enable traders to easily, securely and anonymously trade large amounts of cryptocurrency. The OTC brokers facilitate direct cryptocurrency trades between two parties, without the mediation of an exchange. These trades can be made between different cryptocurrencies (e.g., Ethereum and Bitcoin) or between cryptocurrencies and fiat currencies (e.g., cryptocurrencies, like Bitcoin and fiat currencies, like euros).  The OTC brokers find counterparties for a transaction in exchange for a commission, but do not get involved in the negotiations. Once terms are defined, the parties transfer the custody of the assets through the broker.

    Last August, The U.S. Department of Justice (DOJ) filed a complaint to forfeit 280 cryptocurrency addresses involved in the laundering of approximately 28.7 million dollars’ worth of cryptocurrency stolen from an exchange by the North Korea-affiliated hackers known as Lazarus Group. The complaint detailed two hacks of crypto exchanges by North Korean actors, who stole millions of dollars’ worth of cryptocurrency and ultimately laundered the funds through Chinese over-the-counter (OTC) cryptocurrency traders, and follows related actions pertaining to the theft of $250 million in cryptocurrency through other exchange hacks by North Korean actors.

  1. Gambling platforms are popular among cryptocurrency money launderers. Funds are paid into the platform through some combination of identifiable or anonymous accounts. They are either cashed out or placed in bets, often in collusion with affiliates. Once the money in the gambling account is paid out, it can be given legal status. Gambling services have been specified in the Financial Action Task Force’s (FATF) “Virtual Assets Red Flag of Money Laundering and Terrorist Financing” report, issued on September 2020. In this report, FATF identified two situations in which gambling services can be considered as a red flag:
    • Funds deposited or withdrawn from a virtual asset address or wallet, with direct and indirect exposure links to known suspicious sources, including questionable gambling sites.
    • VA transactions originating from or destined to online gambling services.
  1. Mixers are services that blend digital assets from many addresses together before releasing them at random intervals to new destination addresses or wallets, thus increasing anonymity. They are often used to conceal the trail of funds before they are transferred to legitimate businesses or major exchanges. 

    Crypto money laundering via mixers has made headlines, and the numbers are big. In August 2021, the custodial mixing service Helix was implicated in a $300 million conspiracy that involved the money laundering of assets generated through drug trafficking and other illicit activities. The DOJ’s charges focus on the intent of Helix to help users conceal the ownership of Bitcoin generated through darknet activities, mainly from the Grams and AlphaBay darknet sites. Helix has been described as a “darknet-based cryptocurrency tumbler.”

    Another notorious example is Bestmixer custodial mixer, accused of facilitating the laundering of criminally obtained funds. It was seized last year, with Europol claiming that most of the funds that passed through this custodial mixing service “had a criminal origin or destination, probably to conceal and launder criminal flows of money.”

  1. Non-compliant exchanges are exchanges that do not obey or are not subject to regulations or have lax compliance programs. These exchanges require little or no user identity verification to transfer crypto-assets and hence are very attractive for illicit actors.

    According to a recent study, the transaction volume of non-compliant exchanges in 2020 amounted to nearly $20 billion, of which $4.2 billion served illicit transactions, a 16% increase in the illicit transaction volume compared to 2019. This research indicates that non-compliant exchanges are so attractive to criminals that they process 10 times more illegal transactions than exchanges with established KYC and Anti-Money Laundering (AML) policies.

  1. Services headquartered in high-risk jurisdictions are services in jurisdictions identified as having strategic deficiencies in their AML or Combating the Financing of Terrorism (CFT) regimes.

    The Financial Action Task Force (FATF) identifies jurisdictions with weak measures of combating money laundering and terrorist financing (AML/CFT) in two public documents, which are often externally referred to as the “black list” and “grey list.” The European Commission also identifies countries that have strategic deficiencies in their AML/CFT regimes and that pose significant threats to the financial system of the European Union.

How can law enforcement and security agencies stop cryptocurrency money laundering on the blockchain?

Authorities constantly face new challenges in their investigations due to the increasingly sophisticated money laundering techniques. Money laundering is the key to all cryptocurrency crime, since it gives criminals a way to move funds received from other crimes on the blockchain. Without the ability to launder money, cryptocurrency gains can’t be stored or converted to fiat currency without detection by law enforcement.

An advanced blockchain analytics solution is necessary for law enforcement and security agencies to fight criminals and terrorists who launder money and stop crypto crime.

To learn more about the challenges of investigating crypto crime and how to get your financial investigations back on track, download our eBook

Accelerate Your
Blockchain Investigations

Tom Sadon, Director of Product Marketing

Product Marketing Director of Network Intelligence and Blockchain Analytics, Tom bring extensive experience and know-how in the intelligence field: . Intelligence analyst, head of dept. and product manager in the Israeli SIGINT National Unit (ISNU), 10+ years service with honors and awards . Director of Cyber Threat Intelligence in a growing Israeli cyber start-up . Held various managerial positions in Cognyt'es Product Marketing team . Holds a B.A. in Economics, LL.B. & Research LL.M. in Corporate Law, Tel Aviv University.
See more from this author