David Grau , Head of Business and Customer Engagement, BLINK
August 01, 2023

Investigating 5 Kinds of Crypto Crime

Technology has made almost every aspect of our lives – and the lives of criminals – easier. The blockchain has fostered an ecosystem in which illicit actors can easily operate anonymously and internationally, stalling financial investigations and setting the stage for increased crypto crime. In our previous blog we outlined how criminal actors exploit the blockchain to launder money gained from both off-chain and on-chain crimes. Now, let’s dive into 5 types of crimes driving an illicit blockchain economy that totaled over $20.6 billionin transaction value in 2022.

1) Cryptocurrency ransomware attacks

Ransomware crypto payouts saw a massive increase, hitting $449.1 million in the first half of 2023, up from $175.8 million in the same period in 2022.  Ransomware, a form of malware, typically infiltrates a system by using a malicious attachment or embedded link, or by exploiting a vulnerability. The popular Ransomware as a Service (RaaS) model allows attackers to lease the usage of ransomware strains from their creators in exchange for a commission on ransom payouts. 

Attackers threaten to release sensitive data or prevent system access unless a ransom is paid. These attacks target businesses and governments, and have the potential to cripple critical infrastructure, such as hospitals. 

Cryptocurrency is particularly useful in both traditional ransomware and RaaS attacks, since it enables borderless transactions among multiple parties who wish to remain anonymous. 

In early 2023, the U.S. Justice Department announced that a months-long program had successfully disrupted the Hive ransomware group, which targeted over 1,500 victims in 80 countries and received over $100 million in crypto ransomware payments. Deputy Attorney General Lisa O. Monaco stated “In a 21st century cyber stakeout, our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million dollars in ransomware payments. We will continue to strike back against cybercrime using any means possible and place victims at the center of our efforts to mitigate the cyber threat.” 

2) Cryptocurrency scams

Cryptocurrencies are an ideal vehicle used by criminals to operate scams: they are instant, anonymous, borderless, and require no formality between parties. Scams can take many forms: Ponzi schemes, phishing scams, and investment scams are just a few popular variations that have made recent headlines.

In 2019 the world watched as $2.35 billion was stolen in the PlusToken Ponzi scheme. The scam offered monthly payments to users of its cryptocurrency wallet before abandoning the scheme and withdrawing the wallet funds. Chinese authorities have arrested 109 individuals in conjunction with this scam, which defrauded millions of victims.

In May 2022, TerraUSD and Luna tokens, two crypto tokens that had reached a high just two months earlier, collapsed, wiping out over $40 billion in value. Many claim the currency was a Ponzi scheme, and the US Security and Exchange Commission charged the creator of the blockchain protocol for securities fraud in early 2023.  

3) Darknet markets & illicit trade

Darknet marketplaces are websites, hosted on the dark web as TOR hidden services (also known as “onion services”). They can only be accessed over TOR, thus allowing for secured and anonymous browsing. These illicit marketplaces facilitate drug trade, stolen data sales, arms dealing, human trafficking, the sale of child sexual abuse materials (CSAM) and more. This form of cryptocurrency crime is a deeply concerning example of how crypto is used to profit from illicit activities and subsequently launder money. 

Dark marketplaces and fraud shops accounted for over $1.5 billion worth of cryptocurrency transactions in 2022, down from $3.1 billion the prior year. The decrease was mainly due to the collapse of Hydra Market, the highest earning darknet market in 2022, which was shut down in a joint US-German operation in April 2022. The collapse of Hydra has made room for other markets to expand, meaning authorities may now have more large players to investigate in the absence of a monopoly, as Hydra accounted for over 93% of darknet marketplace value.  

4) Cryptocurrency theft

While cryptocurrency is touted as secure, it is not invulnerable to theft. Criminals employ hacking, social engineering and phishing scams to steal cryptocurrency from victims, before laundering it on the blockchain. In 2022, hackers stole a total $4 billion worth of crypto.  

In March 2022, the gaming-focused Ronin Network lost over $625 million in crypto in the largest crypto hack yet. The attackers exploited a vulnerability in the site to steal funds. US officials linked the attack to the North Korean state-backed Lazarus Group.  

Prior to the Ronin attack, the largest known cryptocurrency theft was the $600 million Poly Network hack in August 2021. Poly Network is a decentralized finance (“DeFi”) cryptocurrency platform, a category that has been particularly vulnerable to hacks. Following the return of the stolen funds, the story underwent a strange twist, as the company invited the hacker responsible for the break to become their Chief Security Advisor. 

5) Terror funding

International and domestic terrorists exploit cryptocurrency to fund their organizations. Terror organizations solicit requests for funds on their websites, social media platforms, encrypted messaging applications, and the dark web. They circumvent authorities by using wallets, mixers, and other tactics to launder money and make tracing funds more difficult for security agencies. 

In June 2023, in a historic first, Israel seized crypto accounts linked to two terror groups, Quds Force and Hezbollah, confiscating $1.7 in terror funds. In the past, the country has seized dozens of digital wallets linked to multiple terror groups.  

In August 2020 the U.S. Department of Justice dismantled three significant cryptocurrency-based terror financing campaigns involving al-Qassam Brigades (Hamas’s military wing), al-Qaeda, and Islamic State of Iraq and Levant (ISIS). It was the largest seizure of terrorist organizations’ cryptocurrency accounts ever conducted. U.S. authorities seized $2 million in cryptocurrency, over 300 cryptocurrency accounts, four websites, and four Facebook pages in relation to these campaigns. 

How can law enforcement and security agencies catch criminals exploiting cryptocurrency?

Catching crypto criminals is notoriously difficult due to the anonymous nature of currencies. Authorities constantly face new challenges in their cryptocurrency criminal investigations due to the increasingly sophisticated methods and technologies used by criminals to enhance their anonymity on the blockchain. An advanced blockchain analytics solution is necessary for law enforcement and security agencies to bring criminals and terrorists to justice, to stop crypto crime and seize illicit funds.

To learn more about the challenges of investigating crypto crime and how to get your financial investigations back on track, download our eBook

Accelerate Your
Blockchain Investigations

David Grau , Head of Business and Customer Engagement, BLINK

David is Head of Business & Customer Engagement for Blink, Cognyte’s blockchain analytics solution. David has extensive experience in Sales, Marketing and Business Development in the homeland security, cyber, defense and intelligence domains. David holds a BA in Economics and an MBA from Tel Aviv University, and is currently pursuing a Masters degree in History.
See more from this author