Source: Chainalysis; Compiled by: Baishui, Golden Finance
In recent years, cryptocurrency has become increasingly mainstream. Although on-chain illegal activities previously centered around cybercrime, cryptocurrencies are now also used to fund a variety of threat actors, from national security to consumer protection. As cryptocurrencies gain more and more acceptance, on-chain illegal activities have also become more diverse. For example, some illegal actors operate primarily off-chain but move funds on-chain to launder money.
We report on certain defined categories annually—stolen funds, darknet markets, and ransomware, to name a few. However, as crypto crime diversifies to include all types of crime, the on-chain illegal ecosystem has witnessed increasing professionalization, with more and more illegal actor organizations and networks using cryptocurrency and more sophisticated operations. In particular, we have seen the emergence of large-scale on-chain services that provide infrastructure for multiple types of illegal actors to help them launder money.
How are these developments unfolding on-chain? Let's take a look at the data and the overall trends.
Based on our metrics today, the value received by illicit cryptocurrency addresses in 2024 appears to have fallen to $40.9 billion. However, 2024 could be a record year for inflows from illicit actors as these numbers are lower-bound estimates of inflows based on the illicit addresses we have identified to date.
A year from now, these totals will be higher as we identify more illicit addresses and incorporate their historical activity into our estimates. For example, when we published last year’s Crypto Crime Report, we reported $24.2 billion for 2023. One year later, our latest estimate for 2023 is $46.1 billion. Much of the growth comes from various types of illicit actor organizations, such as vendors operating through Huione, which provide on-chain infrastructure and money laundering services to high-risk and illicit actors.
It makes sense that illicit cryptocurrency transaction volume in 2024 will exceed that in 2023. Since 2020, our annual estimates of illicit activity, including evidence attribution and Chainalysis Signals data, have increased by an average of 25% over the annual reporting period. Assuming a similar growth rate in crypto crime reporting between now and next year, our annual total for 2024 could exceed the $51 billion threshold.
In general, our totals do not include revenue from non-crypto native crimes, such as traditional drug trafficking and other crimes that may use cryptocurrency as a means of payment or money laundering. Such transactions are virtually indistinguishable from legitimate transactions in on-chain data, although law enforcement with off-chain information can still use Chainalysis solutions to investigate these crimes. If we can confirm such information, we count these transactions as illicit in our data. For example, our 2022 figures already include $8.7 billion in creditor claims against FTX since the exchange’s former CEO was convicted of fraud. However, it is almost certain that in many cases we do not have such confirmation, so these figures are not reflected in our totals. How big will crypto crime be in 2024?
Funds received by currently known illicit addresses are $40.9 billion, but based on historical trends, we estimate the total could be closer to $51 billion
0.14% of total on-chain transactions
The estimate of illicit trading activity includes:
The estimate of illicit trading activity does not include:
Funds sent to addresses we have not yet identified as illicit. Why? Because we don’t know they are illicit yet. But we will update our numbers on a rolling basis as we make more identifications.
Funds derived from non-crypto native crimes, except for cases brought to our attention by clients. Why? Because these transactions cannot be proven to be illegal without more information.
Funds associated with extremist groups. Why? Because the definition of what constitutes extremism is often subject to interpretation and is inconsistent across jurisdictions.
Funds associated with crypto platforms accused of fraud, without a court conviction. Why? Because only a judge and jury can make that determination.
Volumes associated with potential market manipulation. Why? Because our research heuristics are designed to capture suspected instances of market manipulation based on on-chain behavior, but are not conclusive.
At the time of publication, we are seeing a year-over-year decrease in the absolute value of illegal activity; however, based on historical growth rates, we suspect that this number will eventually exceed last year’s total as data attribution improves. Additionally, our estimate of the share of all attributable crypto trading volume associated with illicit activity (shown in the chart below) also decreases from 0.61% to 0.14% in 2023. Again, we expect this share to rise over time, though historically these rates have consistently been below 1%. [1]
We also see a continued trend in the types of assets involved in crypto crime.
By 2021, BTC was undoubtedly the cryptocurrency of choice for cybercriminals, likely due to its high liquidity. However, since then, we have observed a steady diversification of BTC, with stablecoins now accounting for the vast majority of all illicit transaction volume (63% of all illicit transactions). This new reality is part of a broader ecosystem trend, in which stablecoins also account for a significant proportion of all crypto activity, as evidenced by the approximately 77% year-over-year increase in stablecoin activity. In our 2024 Geography of Cryptocurrency report, we cover the wide range of real-world use cases for stablecoins across a range of markets, such as storing value, remittances, facilitating cross-border payments, and international trade. Additionally, if stablecoin issuers become aware of illicit actors using the funds, they will often freeze them. For example, Tether has frozen worrisome addresses associated with scams, terrorist financing, and sanctions evasion, which can make stablecoins a poor vehicle for illicit actors to transfer value.
Still, despite these ecosystem-wide trends, some forms of crypto crime, such as ransomware and darknet market (DNM) sales, remain dominated by BTC. The popular privacy coin Monero, while an increasingly important part of the DNM ecosystem, was not included in this report’s analysis. Other illicit activities, such as scams or money laundering, often take a more eclectic approach and are spread across all asset types. Other illicit activities, such as transactions related to sanctioned entities, have largely turned to stablecoins. Sanctioned entities, including individuals operating in sanctioned jurisdictions, often have a greater incentive to use stablecoins due to the challenges of obtaining USD through traditional means while hoping to benefit from its stability.
Below, we take a closer look at three key trends that will define crypto crime in 2024 and will be important trends to watch going forward.
Stolen funds and scams remain rampant
Stolen funds increased by about 21% year-on-year to $2.2 billion. Although the largest share of stolen funds came from decentralized finance (DeFi) services, centralized services received the most attention in Q2 and Q3.Private key leaks accounted for the largest share of stolen cryptocurrency in 2024 (43.8%), and North Korean hackers stole more funds from crypto platforms than ever before: $1.34 billion, or 61% of the total amount stolen throughout the year. Some of these incidents appear to be linked to North Korean IT workers, who are increasingly infiltrating crypto and web3 companies, compromising their networks, and using sophisticated tactics, techniques, and procedures (TTPs).
High-tech and low-tech fraud and scams are rampant in 2024, with high-yield investment scams and pig-killing scams being the most successful types of fraud and scams. We also observed the increasing use of artificial intelligence (AI) in fraud and scams, such as highly personalized sextortion attacks. This use of AI is consistent with a broader trend across a range of illegal cybercrime, as services that use AI to bypass know-your-customer (KYC) requirements have emerged. Fraud and scam operators are also taking advantage of guarantee services such as Huione (described below), while crypto ATM scams are a growing concern, especially in relation to elder fraud.
Ransomware remains a focus, with a decline in darknet markets and scam shops
Ransomware revenues continue to reach hundreds of millions of dollars, but a series of large-scale multilateral law enforcement interventions, coupled with a decline in victims' willingness to pay ransoms, have taken a toll on the ecosystem. Still, 2024 was a productive year, as attack volumes were relatively stable and some ransomware groups still managed to eke out ransom payments — albeit at lower amounts.
Darknet markets took in $2 billion, compared to nearly $2.3 billion in 2023, while scam shops fell by just over half, to $220.1 million. The apparent drop in scam shops was due in part to the massive shutdown of the Universal Anonymous Payment System (UAPS) in the United States and the Netherlands, a crypto payment processor that facilitated transactions for hundreds of scam shops, including Brian Dumps and Faceless.
The Crypto Crime Landscape Is Increasingly Diversified and Professionalized
A range of illicit actors, including transnational organized crime groups, are increasingly leveraging cryptocurrencies to conduct traditional crimessuch as drug trafficking, gambling, intellectual property theft, money laundering, human and wildlife trafficking, and violent crime. In addition, some criminal networks are resorting to cryptocurrencies to facilitate multiple crimes or multiple crime types. In fact, of the total $40.9 billion received by illicit crypto addresses in 2024, $10.8 billion came from “illegal actor organizations,” our umbrella term for services and individual wallets that directly commit cybercrime (such as hacking, extortion, trafficking, or scams), as well as those who facilitate such activities by selling the infrastructure, tools, and services needed to commit crimes and profit, including money laundering as a service.
Perhaps no entity better illustrates the professionalization of the crypto crime ecosystem than the online marketplace Huione Guarantee. As highlighted in our 2024 Mid-Year Crypto Crime Update, Huione and all vendors operating on its platform have processed over $70 billion in crypto transactions since 2021. The platform provides the infrastructure that facilitates the sale of scam technology and processes on-chain transactions for scams and other frauds and scams, addresses reported as stolen funds, sanctioned entities such as Russian exchange Garantex, scam shops, child sexual abuse material, and gambling sites and casinos.
Notes:
[1] Transaction volume is a measure of all attributed economic activity and is a proxy for money changing hands. This year, we adjusted our methodology to only include transactions involving at least one attributed entity, while removing spin-off chains, internal service transactions, transactions between two individual wallets, change, and any other transaction type that is not considered an economic transaction between different economic actors.
Miyuki
