Two prominent research papers have shed light on the latest crime trends affecting the cryptocurrency community over the past two years.

Crypto analytics companies Chainalysis and CipherTrace released reports at the end of January that unpack some interesting data on the methods that criminals have used to steal and defraud users within the cryptocurrency and blockchain space.

These reports paint an interest picture of the ever-changing cryptocurrency landscape and provides some food for thought about the use of crypto in criminal activity around the world.

Exchange hacks and darknet trading still a threat

As Chainalysis outlines in its January 2019 report, cryptocurrency-related crime has actually decreased over the past few years, only accounting for 1 percent of all Bitcoin transactions in 2018.

With that being said, the report shines a spotlight on exchange hacks that have seen billions of dollars siphoned off by criminals, darknet market activities generating millions of dollars in revenue for criminals, and elaborate scams that have fleeced unsuspecting investors.

Chainalysis examines the trends of exchange hacks by tracing the movements of hacked funds from exchanges to their exit points, providing new data on the patterns of transaction activity in the weeks and months after a hack has taken place. The information could become pivotal in helping recover stolen funds in future.

The report notes the resilience of darknet markets amid a global crackdown, identifying the trends in the way new platforms are created and run in the aftermath of previous operations being shut down.

Exchange hacks

Exchange hacks have been the most lucrative modus operandi for cyber criminals in 2018, having generated close to $1 billion in revenue. Chainalysis identified two major hacking groups that are responsible for the majority of these crimes in 2018.

Hackers waste no time cashing out stolen cryptocurrency, usually within three months after the initial attack.

Taking a deeper dive into data, these two prominent hacking groups stole an average of $90 million per hack.

Following the initial hack, stolen funds are then moved to a plethora of wallets and exchanges to cover the tracks from the initial theft. These efforts are elaborate, as hackers will move funds up to 5,000 times.

Hackers then lay low, leaving funds untouched for six weeks or more until interest in the initial theft has died down. At the right time, at least half of the stolen funds are cashed out using various conversion services within 112 days. Three-quarters of the funds are cashed out within 168 days.

Chainalysis notes differing tactics between these two hacking organisations.

The first prominent group is identified as a tightly controlled organization. The hackers shuffle funds around meticulously to avoid being caught by authorities. Data from a traced hack noted up to 15,000 movements of stolen funds.

The second organization is less thorough in their approach, biding their time before converting stolen funds to clean money. According to Chainalysis, the group will sit on funds for six to 18 months before quickly cashing out 50 percent of funds within days on a single exchange.

Number of transactions per day after hacks / Share of hacked funds cashed out over time

These distinct methods could eventually be used to identify specific hacking groups in the future. As noted, exchanges and law enforcement agencies have not had the necessary means to track hacked funds up until recently.

Many exchanges don’t have the software to identify if the funds moved onto their exchanges have been ill-gotten, and stolen funds are processed by other exchanges. As a result, $135 million worth of stolen funds has exited the system through known exchanges.

Addressing these challenges will require a combined effort in the future. Cooperation between exchanges is a good start — as Chainalysis notes in a working case example.

The research company worked to identify stolen funds that had been moved to another exchange, and once these deposits were verified, the exchange was able to work with law enforcement agencies to address the problem.

Decoding hacks is identified as the first step to actively combating this type of crime — allowing funds to then be tracked and recovered. The cryptocurrency community will need to embrace an attitude of collaboration to make this a reality.

Darknet resilience

2017 was a watershed year for cryptocurrencies — Bitcoin, in particular — but the rising prices led to a number of closures of darknet markets that year.

Despite that fact, darknets quickly rearranged themselves, and their activities doubled during 2018. Chainalysis data notes transaction volumes on these platforms breaching the $600 million mark, even as cryptocurrency markets endured humbling price corrections.

This indicates that criminal organizations are not driven by the actual value of cryptocurrencies, it is the anonymity and convenience that drives the use of darknet markets.

Following the closure of AlphaBay and Hansa, two prominent darknet platforms, activity in the space fell by 60 percent. Nevertheless, total darknet activity peaked at over $700 million in 2017.

While 2018’s total amount of Bitcoin being sent to darknet markets was $100 million less than the previous year, Chainalysis’ data showed a gradual increase in the total daily value sent to darknet markets during the year.

Activity on darknet markets averages around $2 million in Bitcoin every day, but the reports show that this accounts for less than 1 percent of the economic activity in Bitcoin, as the graph below illustrates.

Bitcoin flowing to darknet markets

According to the report, Russian darknet market Hydra seems to have picked up much of the activity that used to take place on the now defunct AlphaBay. Hyrda has received over $780 million in Bitcoin, compared to AlphaBay’s $690 million.

As this demonstrated, authorities may have worked tirelessly to shut down many of these operations, but criminals move quickly to find different platforms to carry out their activities.

According to law enforcement officials, criminals are beginning to use messaging applications like Telegram and WhatsApp to facilitate these illegal transactions. This bypasses the ability of law enforcement agencies to curtail illicit transactions by shutting down a website.

Ironically, criminals and users of these markets have to take on the additional risk of trusting their counterparty in these person-to-person dealings.

Nevertheless, darknet markets and their users continue to find new ways to continue their activities, creating an endless challenge for authorities around the world.

Anti-Money Laundering efforts

As criminals come up with innovative ways to steal funds from crypto users around the world, they still face a problem when it comes to laundering this money.

Money laundering as a whole is a murky subject, because accurate data can only be gleaned from successful prosecutions, which are then used to make estimates of money laundering statistics.

Interestingly enough, money laundering using cryptocurrencies provides a unique opportunity to trace funds, given that transaction data is completely transparent in fully decentralized cryptocurrencies.

To this end, Chainalysis has provided some rough data that breaks down the laundering of cryptocurrencies around the world. The data suggests that 65 percent of stolen funds flows through exchanges, 12 percent through peer-to-peer (p2p) exchanges, and the remainder through conversion services, Bitcoin ATMs and gambling websites.

Funds flowing from known illicit entities to conversion services, 2018

A majority of illicit funds actually flow through either exchanges (65 percent) or p2p exchanges (12 percent), with the rest flowing through other conversion services such as mixing services, bitcoin ATM’s and gambling sites.

A deep dive into money laundering with crypto

Ciphertrace’s 2019 report on cryptocurrency crime takes a deep dive into money-laundering efforts over the past 12 months.

According to their report, in the first two quarters of 2018, nearly three times the amount of cryptocurrency was stolen during the whole of 2017. Cumulatively, over $1.7 billion was stolen: $950 million solely from exchanges, while the remaining $725 million was stolen through scams.

Nearly 3x as Much Crypto Stolen from Exchanges in 1st Half of 2018 as in All of 2017

This substantial amount of money still needs to be cleaned, which has given birth to a plethora of money-laundering services focused on the cryptocurrency sector.

The first process in traditional money laundering is known as structuring — basically moving money around so that it cannot be traced to its original illicit source.

Ordinarily, criminals would buy assets like gold bars and sell them to do this. In the crypto world, this requires bringing money into the cryptocurrency system to move it around.

According to CipherTrace, this is done using mixers, tumblers and chain hopping. The more the cryptocurrency is moved around the system, the harder it is to trace its origin. Given the anonymous nature of cryptocurrencies, this makes it incredibly difficult for investigators to trace funds.

These various money-laundering services in the crypto space take funds from users, mix them together and output the funds back to users, creating an intricate web of transactions that makes the origin of the funds difficult to identify.

Furthermore, some of these services now separate their input and output funds. Put simply, they have a seperate account for funds brought in, and another for funds going out. This is an evolution in methodology — given that in 2016 and 2017, crypto money launderers typically kept all their funds in one pool.

Over the last two years, that has changed. Input funds are deposited into an exchange, then moved around various exchanges before moving the funds to an output pool. This reduces transaction costs and creates international barriers between the initial input pool and eventual output pool.

Furthermore, some criminals use cryptocurrency gambling websites to laundering money as well. By simply setting up accounts, they can move funds in and out, creating another stop in the flow of these illicit funds.

Phishing still a threat

While Chainalysis suggest that phishing attacks have become less prevalent over the last 12 months, there are a few notable instances that show that hackers are still looking to trick people into giving up their details.

In January 2019, users of Electrum and MyEtherWallet were warned of phishing attacks looking to dupe unsuspecting users.

A fake Twitter account masquerading as Electrum informed users of a fake upgrade to a new software update, while some MyEtherWallet users had received a fake email that was requesting sensitive account information.

In December, some Electrum users lost nearly $1 million in BTC in an ongoing phishing hack that fooled users into downloading a fake version of the wallet, with users subsequently and unknowingly providing password information.

Cryptocurrency exchange LocalBitcoins also fell prey to a phishing scam attack last month, when a hacker noted a vulnerability in the LocalBitcoins forum and lined it to a phishing address.

An international police operation also arrested a hacker in January, who is believed to have used a phishing attack to steal $11 million worth of Iota tokens since January 2018.

These few instances highlight the damage that phishing attacks can cause to unwary users.

Future trends

Chainalysis’ report also provides a prediction of criminal trends in the space in 2019. Given the hype of 2017, many investors were duped by scams and projects during that period. Now that cryptocurrency markets have cooled and settled, it looks likely that criminal activity will move away from overhyped investment scams.

It is suggested that criminals will move toward using decentralized platforms, like encrypted messaging apps.

Furthermore, criminals will continue to integrate the use of cryptocurrencies in their efforts to move and launder money around the world.

These trends are likely to lead to the continual development of regulations for the space.

CipherTrace offers a similar perspective. In certain countries, existing anti money-laundering (AML) and Know Your Customer (KYC) regulations apply to cryptocurrency exchanges, which has helped curb some instances of crypto money laundering.  

In order to combat this practice in a virtual environment, sophisticated programs and tools are needed to even begin tackling money laundering through cryptocurrency transactions.