Source: Chainalysis; Compiled by Baishuei, Jinse Finance
In recent years, cryptocurrencies have become increasingly mainstream. While on-chain illicit activities were previously mainly focused on cybercrime, cryptocurrencies are now also being used to fund a variety of threat vectors, from national security to consumer protection. As cryptocurrencies gain more recognition, on-chain illicit activities have also become more diversified. For example, some illicit actors primarily operate off-chain but move funds on-chain for money laundering.
We report on certain defined categories each year - stolen funds, dark web markets, and ransomware, to name a few. However, as crypto crime diversifies to include all types of crime, the on-chain illicit ecosystem has witnessed increasing professionalization, with more and more illicit cryptocurrency users and networks, and their operations becoming more complex. In particular, we are seeing the emergence of large-scale on-chain services that provide infrastructure to support a variety of illicit actors in their money laundering efforts.
How are these developments unfolding on-chain? Let's look at the data and overall trends.
According to our current metrics, the value received by illicit cryptocurrency addresses appears to decline to $40.9 billion in 2024. However, 2024 could be a record year for illicit inflows, as these figures are based on a lower-bound estimate of the illicit address inflows we have identified so far.
A year from now, as we identify more illicit addresses and incorporate their historical activity into our estimates, these totals will be higher. For example, when we released last year's Crypto Crime Report, we reported $24.2 billion for 2023. A year later, our latest estimate for 2023 is $46.1 billion. Most of the growth came from various types of illicit actor organizations, such as service providers like Huione that provide on-chain infrastructure and money laundering services to high-risk and illicit actors.
It makes sense that illicit cryptocurrency transaction volumes will exceed 2023 in 2024. Since 2020, our annual estimates of illicit activity (including attribution evidence and Chainalysis Signals data) have grown by an average of 25% during the annual reporting period. Assuming a similar growth rate from now to next year's Crypto Crime Report, our 2024 annual total could exceed the $51 billion threshold.
Generally, our totals do not include revenues from non-crypto native crimes, such as traditional drug trafficking and other crimes that may use cryptocurrencies as a payment or money laundering method. Such transactions are nearly indistinguishable from legitimate transactions in on-chain data, although law enforcement with off-chain information can still use Chainalysis solutions to investigate these crimes. If we were able to confirm such information, we would count these transactions as illicit in our data. For example, since the conviction of the former FTX CEO for fraud, our 2022 data has included the $8.7 billion in creditor claims against that exchange. But in many cases, we simply do not have such confirmation, so these figures are not reflected in our totals.
How Large Will Crypto Crime Be in 2024?
The currently known value received by illicit addresses is $40.9 billion, but based on historical trends, we estimate the total could approach $51 billion
Representing 0.14% of total on-chain transaction volume
Estimates of illicit transaction activity include:
Funds sent to addresses we have identified as illicit
Cryptocurrency stolen by hackers
Estimates of illicit transaction activity do not include:
Funds sent to addresses we have not yet determined to be illicit. Why? Because we don't yet know they are illicit. But as we do more identification, we will roll-update our numbers.
Funds from non-crypto native crimes, except for cases where clients have alerted us. Why? Because without more information, these transactions cannot be definitively proven illicit.
Funds related to extremist groups. Why? Because the definition of what constitutes extremism is often subject to interpretation and inconsistent across different jurisdictions.
Funds related to crypto platforms accused of fraud, without a court conviction. Why? Because only a judge and jury can make that determination.
Transaction volumes related to potential market manipulation. Why? Because our research heuristic approach aims to capture suspicious market manipulation instances based on on-chain behavior, but is not definitive.
At the time of publication, we see the absolute value of illicit activity declining year-over-year; however, based on historical growth rates, we suspect that as attribution improves, this figure will ultimately exceed last year's total. Additionally, our estimate of the share of all attributed cryptocurrency transactions related to illicit activity (as shown in the chart below) has declined from 0.61% in 2023 to 0.14%. Similarly, we expect this ratio to rise over time, although historically these ratios have always been below 1%.[1]
We also see continuing trends in the asset types involved in crypto crime.
By 2021, BTC was undoubtedly the cryptocurrency of choice for cybercriminals, likely due to its high liquidity. However, since then, we have observed a steady diversification of BTC, with stablecoins now accounting for the vast majority of all illicit transaction volume (63% of all illicit transactions). This new reality is part of a broader ecosystem trend in which stablecoins also account for a significant portion of all crypto activity, as evidenced by the approximately 77% year-over-year growth in stablecoin activity. In our 2024 Crypto Geography Report, we highlighted the wide range of real-world use cases for stablecoins, such as store of value, remittances, facilitating cross-border payments, and international trade. Additionally, if stablecoin issuers become aware of illicit actors using these funds, they often freeze the funds. For example, Tether has frozen addresses of concern related to fraud, terrorist financing, and sanctions evasion, which may make stablecoins a poor tool for illicit actors to move value.
Nevertheless, despite these ecosystem-wide trends, certain forms of crypto crime (such as ransomware and dark web market (DNM) sales) remain BTC-dominant. The popular privacy coin Monero, while an increasingly important part of the DNM ecosystem, is not included in the analysis in this report. Other illicit activities (such as fraud or money laundering) often take a more eclectic approach and are diversified across all asset types. Other illicit activities (such as transactions related to sanctioned entities) have primarily shifted towards stablecoins. Sanctioned entities (including individuals operating in sanctioned jurisdictions) often have greater incentive to use stablecoins, as they seek to benefit from the stability of the US dollar while facing challenges in obtaining US dollars through traditional means.
Below, we'll take a closer look at three key trends defining crypto crime in 2024, which will be important areas of focus going forward.
Stolen Funds and Scams Remain Rampant
Stolen funds grew by approximately 21% year-over-year, reaching $2.2 billion. While the largest share of stolen funds came from decentralized finance (DeFi) services, the second and third quarters saw the most attention on centralized services.Private key compromises accounted for the largest share (43.8%) of crypto stolen in 2024, with North Korean hackers stealing more funds from crypto platforms than ever before: $1.34 billion, accounting for 61% of the total stolen for the year. Some of these incidents appear to involve North Korean IT workers increasingly infiltrating crypto and web3 companies, disrupting their networks, and using sophisticated tactics, techniques, and procedures (TTPs).
In 2024, high-tech and low-tech fraud and scams will be rampant, with high-yield investment fraud and pig-butchering scams being the most successful types of fraud and scams. We also observed the increasing application of artificial intelligence (AI) in the field of fraud and scams, such as highly personalized sextortion attacks. This use of AI is consistent with a broader trend of illegal cybercrime, as services that bypass Know Your Customer (KYC) requirements by leveraging AI have emerged. Fraud and scam operators are also utilizing escrow services like Huione (as described below), and crypto ATM fraud is becoming increasingly concerning, especially in relation to elder fraud.
Ransomware remains a focus, with Dark Web markets and fraud shops declining
Ransomware revenue continues to reach hundreds of millions of dollars, but a series of large-scale multilateral law enforcement interventions, coupled with a declining willingness of victims to pay ransoms, have disrupted the ecosystem. Nevertheless, 2024 was a productive year, as attack volumes remained relatively stable, and some ransomware groups still managed to collect ransom payments, albeit at lower amounts.
Dark Web markets generated $2 billion, compared to nearly $2.3 billion in 2023, while the number of fraud shops declined by more than half to $220.1 million. The significant decline in fraud shops was partly due to the large-scale shutdowns of Universal Anonymous Payment Systems (UAPS) in the US and the Netherlands, a type of crypto payment processor that facilitated transactions for hundreds of fraud shops, including Brian Dumps and Faceless.
The crypto crime landscape is becoming increasingly diversified and professionalized
A range of illicit actors, including transnational organized crime groups, are increasingly using cryptocurrencies for traditional crimes, such as drug trafficking, gambling, intellectual property theft, money laundering, human and wildlife trafficking, and violent crimes. Additionally, some criminal networks are turning to cryptocurrencies to facilitate multiple or varied types of crimes. In fact, of the $40.9 billion received by illicit crypto addresses in 2024, $10.8 billion came from "Illicit Actor Organizations," which is our term for the direct perpetrators of cybercrime (such as hacking, ransomware, trafficking, or fraud) and those who facilitate such activities by selling the infrastructure, tools, and services (including Money Laundering-as-a-Service) required to commit and profit from them.
Perhaps no entity better exemplifies the professionalization of the crypto crime ecosystem than the online marketplace Huione Guarantee. As we highlighted in our 2024 Crypto Crime Midyear Update, Huione and all the vendors operating on its platform have handled over $70 billion in crypto transactions since 2021. The platform provides the infrastructure to facilitate the sale of fraud tools and has processed on-chain transactions for pig-butchering scams and other frauds and cons, reported-stolen fund addresses, sanctioned entities like the Russian exchange Garantex, fraud shops, child sexual abuse material, and gambling sites and casinos.
Note:
[1] Transaction volume is a metric that measures all attributed economic activity, serving as a proxy for the turnover of funds. This year, we adjusted the methodology to only include transactions involving at least one attributed entity, while removing wash trades, internal service transactions, transfers between two personal wallets, change, and any other transaction types not considered economic transactions between distinct economic participants.
