Tom Sadon, Director of Product Marketing
November 09, 2021

5 Kinds of Cryptocurrency Crime

Technology has made almost every aspect of our lives – and the lives of criminals – easier. The blockchain has fostered an ecosystem in which illicit actors can easily operate anonymously and internationally, stalling financial investigations and setting the stage for increased crypto crime. In our previous blog we outlined how criminal actors exploit the blockchain to launder money gained from both off-chain and on-chain crimes. Now, let’s dive into 5 types of crimes driving an illicit blockchain economy that totaled over $10 billion in transaction value in 2020.

1) Cryptocurrency ransomware attacks

Ransomware payouts saw a massive increase in 2020, with nearly $370 million paid in cryptocurrency. Ransomware, a form of malware, typically infiltrates a system by using a malicious attachment or embedded link, or by exploiting a vulnerability. The popular Ransomware as a Service (RaaS) model allows attackers to lease the usage of ransomware strains from their creators in exchange for a commission on ransom payouts.

Attackers threaten to release sensitive data or prevent system access unless a ransom is paid. These attacks target businesses and governments, and have the potential to cripple critical infrastructure, such as hospitals.

Cryptocurrency is particularly useful in both traditional ransomware and RaaS attacks, since it enables borderless transactions among multiple parties who wish to remain anonymous.

The single largest global ransomware attack occurred in July 2021, when an affiliate of the ransomware-as-a-service gang REvil demanded $70 in cryptocurrency. The REvil ransomware attached hundreds of managed service providers via a “zero-day” exploit found in Kaseya desktop management software and demanded a ransom to restore encrypted data. It is unclear whether any payment was made. Two weeks after the attack, REvil vanished from the internet before reappearing a short while later.

2) Cryptocurrency scams

Cryptocurrencies are an ideal vehicle used by criminals to operate scams: they are instant, anonymous, borderless, and require no formality between parties. Scams can take many forms: Ponzi schemes, phishing scams, and investment scams are just a few popular variations that have made recent headlines.

In 2019 the world watched as $2.35 billion was stolen in the PlusToken Ponzi scheme. The scam offered monthly payments to users of its cryptocurrency wallet before abandoning the scheme and withdrawing the wallet funds. Chinese authorities have arrested 109 individuals in conjunction with this scam, which defrauded millions of victims.

The largest crypto scam in 2020 was the Mirror Trading International (MTA) scam, originating in South Africa. In this $588 million Ponzi scheme, victims were also promised investment returns, only to find that they could no longer access or withdraw their funds.

3) Darknet markets & illicit trade

Darknet marketplaces are websites, hosted on the dark web as TOR hidden services (also known as “onion services”). They can only be accessed over TOR, thus allowing for secured and anonymous browsing. Dark marketplaces are accounted for over $1.7 billion worth of cryptocurrency transactions in 2020. These illicit marketplaces facilitate drug trade, stolen data sales, arms dealing, human trafficking, the sale of child sexual abuse materials (CSAM) and more. This form of cryptocurrency crime is a deeply concerning example of how crypto is used to profit from illicit activities and subsequently launder money.

One notorious darknet market is Hydra, the world’s largest darknet market by revenue, which exclusively serves Russia and Russian-speaking countries in Eastern Europe. Hydra’s revenue jumped 33% to 1.37 billion dollars in 2020, accounting for more than 75% of dark marketplace sales worldwide.

Another darknet marketplace is Silk Road, which facilitated trading in illegal goods and often accepted payment in Bitcoin. This dark marketplace launched in 2011 and was shut down by U.S. federal authorities in 2013. Its founder, Ross Ulbricht, was sentenced to life in prison two years later.  Seven years later, in November 2020, a record $1.2 billion worth of bitcoin linked to the Silk Road was seized by U.S. government.

4) Cryptocurrency theft

While cryptocurrency is touted as secure, it is not invulnerable to theft. Criminals employ hacking, social engineering and phishing scams to steal cryptocurrency from victims, before laundering it on the blockchain.

The largest known cryptocurrency theft was the $600 million Poly Network hack in August 2021. Poly Network is a decentralized finance (“DeFi”) cryptocurrency platform, a category that has been particularly vulnerable to hacks. Following the return of the stolen funds, the story underwent a strange twist, as the company invited the hacker responsible for the break to become their Chief Security Advisor.

Prior to the Poly Network Hack, the largest heist recorded involved Coincheck Inc. In January 2018, hackers broke into this Japanese exchange and made off with more than $500 million in digital tokens.

Another particularly notable theft was the KuCoin attack, in which $281 million in crypto assets were stolen from the KuCoin exchange. The attack is attributed to the Lazarus Group, a hacking syndicate with a history of targeting exchanges. Hackers laundered money through decentralized exchanges, also known as peer-to-peer exchanges. Attacks on decentralized exchanges and financing services are trending among criminals. 

5) Terror funding

International and domestic terrorists exploit cryptocurrency to fund their organizations. Terror organizations solicit requests for funds on their websites, social media platforms, encrypted messaging applications, and the dark web. They circumvent authorities by using wallets, mixers, and other tactics to launder money and make tracing funds more difficult for security agencies.

In August 2020 the U.S. Department of Justice dismantled three significant cryptocurrency-based terror financing campaigns involving al-Qassam Brigades (Hamas’s military wing), al-Qaeda, and Islamic State of Iraq and Levant (ISIS). It was the largest seizure of terrorist organizations’ cryptocurrency accounts ever conducted. U.S. authorities seized $2 million in cryptocurrency, over 300 cryptocurrency accounts, four websites, and four Facebook pages in relation to these campaigns.

How can law enforcement and security agencies catch criminals exploiting cryptocurrency?

Catching crypto criminals is notoriously difficult due to the anonymous nature of currencies. Authorities constantly face new challenges in their cryptocurrency criminal investigations due to the increasingly sophisticated methods and technologies used by criminals to enhance their anonymity on the blockchain. An advanced blockchain analytics solution is necessary for law enforcement and security agencies to bring criminals and terrorists to justice and stop crypto crime.

To learn more about the challenges of investigating crypto crime and how to get your financial investigations back on track, download our eBook

Accelerate Your
Blockchain Investigations

Tom Sadon, Director of Product Marketing

Product Marketing Director of Network Intelligence and Blockchain Analytics, Tom bring extensive experience and know-how in the intelligence field: . Intelligence analyst, head of dept. and product manager in the Israeli SIGINT National Unit (ISNU), 10+ years service with honors and awards . Director of Cyber Threat Intelligence in a growing Israeli cyber start-up . Held various managerial positions in Cognyt'es Product Marketing team . Holds a B.A. in Economics, LL.B. & Research LL.M. in Corporate Law, Tel Aviv University.
See more from this author