The rapid and groundbreaking developments in the field of cryptocurrency and blockchain also have a dark side. Crime related to technology is a growing problem that is receiving increasing attention from law enforcement agencies around the world. From money laundering to ransomware attacks and even large-scale cybercrime; the rise of crypto has ushered in a new era of crime. But what are the implications of this trend for the future of blockchain and the security of digital transactions? And how can we counter this growing threat?
Chainalysis is the largest Software as a Service (SaaS) company in the cryptocurrency industry. Through its solutions, it helps organizations, ranging from governments such as the intelligence agencies like the US FBI to crypto exchanges and banks, to provide real-time insight into matters such as compliance, monitoring and analysis. In the run-up to the Dutch Blockchain Days, we spoke with speaker Bas Lemmens, General Manager International of the company.
Bas, besides offering solutions to map crime, you also look at the positive side of technology; the adoption. If we look at the countries that stood out in your Global Cryptocurrency Adoption Index last year, Vietnam is at the top. Is this because of the new trend in blockchain land; ‘Play2Earn’ (P2E) and platforms in that area, such as Axie Infinity?
Taking a deep dive into our subrankings, Vietnam displayed extremely high purchasing power and population-adjusted adoption across centralized, DeFi, and P2P cryptocurrency tools. Other sources have also noted Vietnam’s love of cryptocurrency. A poll from 2020 found that 21% of Vietnamese consumers reported using or owning cryptocurrency, second only to Nigeria at 32%, and the adoption rate has likely only grown since then.
Cryptocurrency-based gaming, including games following the play to earn (P2E) and move to earn (M2E) models, are gaining tremendous traction in Vietnam and are one of the key growth drivers that have led to the country’s top spot on this year’s index. We found that 23% of Vietnamese citizens have played a P2E game. This popularity is not just for users, but for builders too. The top-grossing P2E game Axie Infinity is based in Ho Chi Minh City, with its success inspiring more crypto gaming startups to find success in Vietnam.
Another growth driver is the fact that Vietnam is a massive remittance market, with remittance inflows accounting for 5% of the country-wide gross domestic products. Cryptocurrency has provided a convenient, accessible and efficient alternative to traditional remittance channels that some individuals may not have direct access to.
We see other regions as well, showing a lot of activity, like the Middle East & North Africa (MENA) region. Is this also due to remittance payments? Or do you see other ways of use, contributing to the adoption?
Middle East & North Africa (MENA) may be one of the smaller crypto markets in the 2022 Global Crypto Adoption Index, but it’s also the fastest growing. Besides remittance payments, use cases around savings preservation and increasingly permissive crypto regulations help explain why. For instance, in both Turkey and Egypt, fluctuating cryptocurrency prices have coincided with rapid fiat currency devaluations, strengthening the appeal of crypto for savings preservation. In Egypt particularly, remittance payments account for about 8% of the country’s GDP, and the national bank has already begun a project to build a crypto-based remittance corridor between Egypt and the UAE, where many Egyptian natives work. Egypt’s position at the intersection of growing crypto remittances and increased inflationary pressures help explain why it’s the fastest growing crypto market in all of MENA this year.
While Morocco’s inflation rates have been contained, the North African country’s notable levels of grassroots adoption seem to be more tied to the government’s newly permissive crypto stance than to any particular macroeconomic tailwinds. In 2017, the central bank of Morocco declared that “penalties and fines” will follow any crypto transaction within the country. But earlier this year, it struck a partnership with the IMF and the World Bank to create crypto regulations that emphasize innovation and consumer protection. Morocco has seen a 120% YoY growth in crypto transaction volume from 2021 to 2022.
When the Russian-Ukraine war started, lots of voices were raised about crypto being used by Russian citizens and organizations, to circumvent sanctions. In your analysis, do you see a big increase in the adoption of crypto, after the war started? Or is it still the same level of adoption as before?
Russia came in 9th on our Global Cryptocurrency Index 2022, a jump from 18th place in 2021. The war played a role in this jump, but in varying ways. Russia saw an initial increase in cryptocurrency transfers in March 2022, soon after the war began on February 24. Then, transactions grew and shrank within a relatively narrow range over the months following the war. It’s possible that Russian users’ cryptocurrency activity was impacted by restrictions placed on them by many services in response to the invasion.
However, if we take stock of the economic issues Russia was facing in 2022, including high inflation since the invasion and difficulties in international commerce such as exporting commodities like oil — due to its removal from the SWIFT banking network, looking at transactions as a whole may not be where we’d expect to find the most telling trends. When we expanded our data beyond crypto-to-crypto trades and looked at the trade volume denominated in the Russian ruble, the trend became stronger, especially in March. That month Russian ruble-denominated trade volume rose 35% to $805 million. Volumes dropped off after that, ebbing and flowing through August, but never reaching the March high.
Besides the positive adoption side of cryptocurrency, we also see the criminal activity increasing fast unfortunately. Let’s start with crypto crime in The Netherlands; is it really a problem? Or is it like other European / Western countries?
While we do not calculate per capita in the Chainalysis Cryptocurrency Adoption Index, it is interesting to note that the Netherlands does lead the Central, Northern and Western Europe (CNWE) region, based on population size per country. Per capita, the Netherlands tops almost all other nations, even countries outside CNWE.
In the CNWE chapter of our latest Geography of Cryptocurrency Report 2022, The Netherlands was ranked #4 by cryptocurrency received with a population of 17.5 million people. This is comparable to the UK who was ranked first with 67.3 million people, Germany in second with 83.2 million people and France in third with 67.7 million people. If we account for population sizes, it is a sizable difference between the Netherlands and the rest of these countries. This goes to show that the Netherlands, albeit being small in population, has astounding adoption and usage numbers for crypto. That said, when crypto adoption is booming, so is the scale of crypto crime.
There are a few factors that are contributing to the scale of crypto crime in the Netherlands. DeFi is growing at a tremendous rate – the country tops the charts in this area per capita. This partly explains the growth in crypto crime, especially as DeFi protocols accounted for 82.1% of all cryptocurrency stolen by hackers in 2022 — a total of $3.1 billion — up from 73.3% in 2021. We have also seen the Dutch National Police building their capabilities in combating crypto crime. This could contribute to the bigger numbers of crime reported as people are more willing to declare crypto crimes and the country is more willing to prosecute crypto crime.
The future will likely be marked by the growing adoption of crypto across most sectors of the economy. As a result, we expect the total amount of crypto crime to continue to rise over time, but the share of this activity relative to total on-chain transfers of economic value to fall.
Crime might increase but relative to everything else that is happening on-chain, it will be a shrinking share of the pie. We have seen the Dutch National Police successfully tackle ransomware cases and we are optimistic about seeing more successes in the future.
Besides providing monitoring and analysis tools, you also worked pro-actively with the Dutch Police recently on an operation. Can you tell us more about that?
Chainalysis worked with the Dutch National Police on an operation against Deadbolt – a ransomware strain that has taken in more than $2.3 million from an estimated 4,923 victims, with an average ransom payment size of $476, compared to over $70,000 for all ransomware strains. Deadbolt is different from most ransomware gangs as they target small businesses and even individuals in high numbers with a relatively small ransom.
Deadbolt instructs victims to pay a set amount to a specific Bitcoin address in a message that appears when the victim attempts to access the infected device. Once the victim pays, Deadbolt automatically sends them the decryption key via the blockchain,sending a low-value Bitcoin transaction to the ransom address with the decryption key written into the transaction’s OP_RETURN field. Blockchain analysis suggests that Deadbolt’s developers pre-programmed transactions to send a negligible sum of .0000546 BTC (about $1 USD) to its own ransom payment wallet each time a victim pays, so that funds are available to then send transactions necessary to communicate the decryptor to each victim upon receipt of their ransom.
While looking through the transactions in Chainalysis, Cyber investigators with the Dutch National Police (Cybercrimeteam Oost-Nederland and Cybercrimeteam Oost-Brabant) had saw that in some cases, Deadbolt was providing the decryption key before the victim’s payment was actually confirmed on the blockchain. This meant that a victim could send the payment to Deadbolt, wait for Deadbolt to send the decryption key, and then use replace-by-fee (RBF) to change the pending transaction, and have the ransomware payment go back to the victim.
The Dutch National Police hatched a plan to send and retract payments for as many Deadbolt victims as possible in order to get them their decryption keys. They found as many Deadbolt victims as possible who had yet to pay their ransom, and worked with Europol to find victims in other countries as well — 13 in total. The Dutch National Police then wrote a script to automatically send a transaction to Deadbolt, wait for another transaction with the decryption key in return, and use RBF on their payment transaction. They tested this on testnets to make sure it worked.
Finally, they deployed their script and started the process of sending and retracting payments for Deadbolt victims. The Deadbolt team quickly realized what was happening and halted their automated OP_RETURN transactions. But in that time, the Dutch National Police retrieved decryption keys for nearly 90% of the victims who reported Deadbolt payment addresses via Europol, depriving Deadbolt of hundreds of thousands of dollars.
While Deadbolt remains active, it’s been forced to adopt a more manual process for providing decryption keys via Bitcoin transaction OP_RETURNs, which raises Deadbolt’s overhead. Overall, the Dutch National Police operation against Deadbolt is a valuable reminder that blockchain analysis has applications beyond tracing the flow of funds. In this case, police were able to discover a crucial vulnerability in Deadbolt’s modus operandi by closely reviewing its transaction patterns and digging into the metadata of the transactions.
If we look on a global scale, we see crime rates within the ecosystem rising fast, especially around Decentralized Finance (DeFi) and things like ‘Pump and Dump’. What are the exact numbers here and why is criminality taking place so often in the DeFi space?
Crime within the DeFi space has increased, but it is important to note that the illicit activity we see is primarily due to hacks, and not other illicit activity such as money laundering.
DeFi protocols as victims accounted for 82.1% of all cryptocurrency stolen by hackers — a total of $3.1 billion — up from 73.3% in 2021. DeFi protocols are publicly viewable by default, but that same transparency is also what makes DeFi so vulnerable — hackers can scan DeFi code for vulnerabilities and strike at the perfect time to maximize their theft. The data on DeFi hacks makes one thing clear: Whether achieved through regulation or voluntary adoption, DeFi protocols will greatly benefit from adopting better security in order for the ecosystem to grow, thrive, and eventually penetrate the mainstream.
We have seen pump and dump schemes becoming common in the crypto world. This is largely due to the relative ease with which bad actors can launch a new token and establish an artificially high price and market capitalization for it “on paper” by seeding the initial trade volume and controlling the circulating supply.
Teams launching new projects and tokens can also remain anonymous, which makes it possible for serial offenders to carry out multiple pump and dump schemes. Of the 40,521 tokens launched in 2022 that gained sufficient traction to be worth analyzing, 9,902, or 24%, saw a price decline in the first week, indicative of possible pump and dump activity.
Pump and dump schemes are uniquely destructive in the cryptocurrency world due to the ease with which new tokens can be launched and the social media-driven nature of crypto investment news and discussion. Many believe that cryptocurrency is approaching an inflection point that could spark mass adoption, but that could be difficult if the general public perceives cryptocurrency as rife with pump and dump schemes designed to prey on newcomers.
Are there any other noteworthy, new types of crime that are not (often) seen or mentioned? Also with impact on the Netherlands?
Pig butchering scams are a growing issue that came to light in 2022. Pig butchering scams are a slow-burn scam focused on building trusting relationships. Most of these operations function in similar fashion. Scammers find targets with whom they develop relationships over time. They create fake social media accounts via WeChat, WhatsApp, and even LinkedIn and dating site profiles showcasing lavish lifestyles to send random messages to connect with victims.
As for pig butchering scam victim profiles, those run the gamut from elderly to millennial and across genders, too. Asian Americans are often targeted because it’s easier for scammers to communicate with them using a common language. Pig butchering also preys on people’s kindness and vulnerability; one woman was targeted after she responded to a Facebook ad about adopting a dog.
Do you also see a lot of crime happening with Non Fungible Tokens (NFT)?
NFT money laundering activity is small but visible. Value sent to NFT marketplaces by illicit addresses jumped significantly in the third quarter of 2021, crossing $1 million worth of cryptocurrency. The figure grew again in the fourth quarter, topping out at just under $1.4 million. We also saw roughly $284,000 worth of cryptocurrency sent to NFT marketplaces from addresses with sanctions risk in 2021. All of that was due to transfers from the P2P exchange Chatex, which was added to OFAC’s SDN list in 2021.
We have also seen instances of wash trading. NFT wash trading makes one’s NFT appear more valuable than it really is by “selling it” to a new wallet the original owner also controls. Most NFT wash traders have been unprofitable, but the successful NFT wash traders have profited immensely overall. NFT wash trading has yet to be the subject of an enforcement action. This could change as regulators shift focus and apply existing anti-fraud authorities to new NFT markets. We encourage NFT marketplaces to discourage this activity as much as possible. Blockchain data and analysis makes it easy to spot users who sell NFTs to addresses they’ve self-financed, so marketplaces may want to consider bans or other penalties for the worst offenders.
The money earned with crypto crime is often sent to countries such as North Korea. Now that there are ever better tools like yours; What happens with these crypto’s? It’s almost impossible to exchange it for fiat money as you provide realtime monitoring of these funds, isn’t it? Or are mixers, making transactions fully anonymously and impossible to trace really the key here?
North Korean-linked hackers and other criminals can still cash out their ill-gotten gains – usually at offshore exchanges that have low or no KYC requirements – but this is getting more difficult. For instance, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash in 2022 for its role in laundering over $455 million worth of cryptocurrency stolen from Axie Infinity. Since then, Lazarus Group has moved away from the popular Ethereum mixer, instead leveraging DeFi services to chain hop, or switch between several different kinds of cryptocurrencies in a single transaction. Bridges serve an important function to move digital assets between chains and most usage of these platforms is completely legitimate. Lazarus appears to be using bridges in an attempt to obscure the source of funds, but with blockchain analysis tools, these cross chain funds movements are easily traced. As a result, together with law enforcement and industry partners, Chainalysis announced last August that more than $30 million worth of cryptocurrency stolen by North Korean-linked hackers has been seized.
Underground money laundering services are on the rise: they’re typically accessible only through private messaging apps or the Tor browser, and usually only advertised on darknet forums. They’re similar to rogue OTC brokers – services that are often nested at large exchanges to take advantage of their liquidity and enable large trades, and while most OTC brokers are legitimate, some seem to turn a blind eye or even specialize in laundering illicit funds – but different in that they have brand names and custom infrastructure, which vary in terms of complexity. Some function simply as networks of private wallets, while others are more akin to an instant exchanger or mixer.
We have a lot of readers, working on Decentralized Finance (DeFi), Non Fungible Token (NFT) and Decentralized Autonomous Organizations (DAO) projects. Do you have recommendations for improving their security, to prevent things like hacks happening?
DeFi is one of the fastest-growing, most compelling areas of the cryptocurrency ecosystem, largely due to its transparency as the smart contract code governing DeFi protocols is publicly viewable by default. That’s especially attractive now in 2023, as many of the market blowups of the past year were due to a lack of transparency into the actions and risk profiles of centralized cryptocurrency businesses. But that same transparency is also what makes DeFi so vulnerable — hackers can scan DeFi code for vulnerabilities and strike at the perfect time to maximize their theft.
The data on DeFi hacks makes one thing clear: Whether achieved through regulation or voluntary adoption, DeFi protocols will greatly benefit from adopting better security in order for the ecosystem to grow, thrive, and eventually penetrate the mainstream. DeFi protocols should seek to improve security through initiatives like smart contract auditing, bug bounties, frequent penetration testing, and more.
The future will likely be marked by the growing adoption of crypto across most sectors of the economy. As a result, we expect the total amount of crypto crime to continue to rise over time, but the share of this activity relative to total on-chain transfers of economic value to fall.
Crime might increase but relative to everything else that is happening on-chain, it will be a shrinking share of the pie.