2020 was a record high for hidden, unreported crypto crime.
80% of crypto-related fraud and black hat hacking cases are not reported to law enforcement in the year that they occur and as many as 50% of claims never are. There is no global governmental repository of crypto crime that can combine information from local law enforcement agencies, legal offices and private sector forensic financial investigators.
But Coinfirm is in a unique position to know more, having built the world’s largest map of crypto crime with live tracing of fraudulent funds.
This is thanks to deploying advanced funds’ tracing methodologies and services which enable victims and witnesses of crypto crime to report cases and seek justice. During the trial period, these services cumulatively received 5,000+ valid claims, many of which are now the subject of investigations by the company and our partners.
The total value of assets under claim with these services is over 5 billion USD – growing along with new cases and the overall increase of crypto assets’ prices during the current bull run. More than 7 billion USD worth of crypto assets are annually misappropriated due to hacks, scams, ransomware, extortion, and unreliable enterprises.
Furthermore, between 1 to 2 billion USD annually relates to crypto-related illicit activities other than asset misappropriation, such as; terrorism financing, sanctions breaches, the darknet drugs trade, PEP-related corruption, human trafficking and slavery, etc.
Analysis shows that total crypto crime in 2020 amounted to just under 10.5 billion USD.
That’s enough money to buy 70,726,934 AK-47s – at a cost of 148 USD per locally produced model in Pakistan – which stacked end-to-end, could circumnavigate the Earth’s equator 1.6 times.
But this amount pales in comparison to total traditional financial crime.
Central bankers continue to take a negative view of Bitcoin and crypto assets, with the president of the ECB Christine Lagarde stating last month that BTC is used for “reprehensible money laundering”. However, crime in fiat is a far bigger problem – as last year’s FinCEN Files so vividly laid bare – with the annual cost of money laundering and associated crimes being 1.4 ~ 3.5 trillion USD according to EY.
By using just the lower band of 1.4 trillion USD of financial crime in the traditional markets, those funds could buy enough AK-47s stacked end-to-end that could make 21 trips to the Moon.
9.5 billion AKs, or forty-seven and a half of the world’s estimated supply of the gun, is a lot of well-armed terrorists.
Despite most of the ‘billion dollars crypto frauds’ found in 2019 and earlier, 2020 brought a significantly larger volume of smaller cases.
An example of hidden crypto fraud is the infamous vanity address generator scams that were especially popular amongst cybercriminals between the period 2014-2017, when in fact, the actual theft occurred only in 2020. In one case, 4000 BTC (185 million USD) of funds was traced to a single Singaporean-based exchange. Most of the victims are not yet even aware that their funds are missing from their wallets.
Fraud and scams are a particular problem that needs to be tackled as this accounted for 67.8% of crypto crime from 2020’s total.
Despite the seeming crackdown in crypto crime – in July of 2020 more than a hundred people in China were arrested in connection with the PlusToken crypto scam, in October of 2020 the owner of the Helix and Coin Ninja Bitcoin money laundering ‘tumblers’ was arrested in the US and in January of this year 30 individuals were charged in Japan for knowingly trading with 96 of the 560 million USD taken in the 2018 Coincheck hack – according to in-house estimates, 90%+ of criminal activity cases related to crypto-assets remain unsolved.
Law enforcement and governments still do not have the necessary tools to thwart even something as simple as maintaining an up-to-date sanctions list. Analysis by Coinfirm has found addresses associated with terrorism financiers and weapons proliferation actors holding up to 1 billion USD in crypto assets that had been missed by authorities on the OFAC list and others.
In addition to a lack of proficient tools, many jurisdictions do not yet have reporting requirements. For instance, it is only in the EU’s 6th AMLD that cybercrime is listed as a predicate offense – and thus a reporting requisite for firms suffering the consequences – however, this directive is not law in any member state as of the date of this post.
The graph below presents the breakdown by number and value of criminal activities between; scams, terrorism financing, sanctions breaches, ransomware, hacks, blackmail and darknet markets/drug trafficking during the period 2017 – 2020.
In the chart above, what is remarkable is the jump from 2018 to 2019 of crypto fraud. This is an outlier period due to the PlusToken crypto Ponzi scheme – one of the largest crypto frauds so far discovered – which scammed $2.9 billion from over 2.6 million unsuspecting victims in China and South Korea, through thousands of ‘investor levels’ (i.e. multi-level marketing, a common method to draw in more victims in pyramid schemes).
The value of crypto assets misappropriated due to frauds and scams per year more than doubled from 3.65 billion USD to 7 billion USD comparing 2017 over 2020. On average, of the years analyzed, crypto crime in the form of fraud comprises 77.6% of the total.
Whilst scams have not been a systemic risk to the crypto industry as hacks, the value of misappropriated assets from scams is significantly higher than that of hacks, at a multiple of 7 in 2020 (hacks comprised only 9.6% of the total from last year – Fig. 4).
In the visual above, the notable – almost vertical – increase of hack-related illicit activities is more clear, rising 944% from 98.5 million USD to over 1 billion USD between 2019 to 2020 – primarily due to the government-mandated lockdowns where victims were more often online, which criminals exploited.
From 2019 to 2020, darknet markets experienced a 21.8% increase in fund flows, from 1.57 billion USD to 1.92 billion USD. During the same period, sanctions breaches continued to increase at a high rate of 45.5%, from 281 million USD to 409 million USD.
Although sanctions breaches made up just 3.9% of 2020’s total (see Fig 4.), when looking at this risk segment against others in Fig. 6, the rate of increase was more steady. This threat, alongside PEPs (Politically Exposed Persons) and SDNs (Specially Designated Nationals) are unlikely to abate as the sanctions and counter-sanctions by various trade wars raging around the globe continue.
The average increase in total crypto crime between the years analyzed above is 34.92%. If this rate remains steady, projections show that 2021 could see an annual value of 14.1 billion USD, 2025 at 46.5 billion USD and 2030 coming in at a total cost of a staggering 207.8 billion USD (of which crypto fraud would comprise 161.2 billion USD).
Fraud comes in all shapes and sizes and this holds true of the crypto-asset industry. Because fraud and scams in crypto accounted for most cases, it is worth a further look at this type of illicit activity. Here we identify 15 major schemes in crypto markets perpetrated by fraudsters.
Many blockchain analytics use only one tracing method, often treating all consecutive transactions as dirty or tainted funds (the so-called ‘Poison’method) or do not apply forensic accounting methods at all.*. Coinfirm’s investigation methodology applies multiple different tracing methods – by this validating the credibility of the funds tracing evidence. This includes methods widely adopted in bankruptcy law, such as first-in, first-out (FIFO), last-in, first-out (LIFO), pro-rata distribution (Proportional Distribution), lower intermediate balance rule (LIBR), but also a set of proprietary methods enhanced for the specifics of blockchain. The reported findings are defensible if they are supported by the results of multiple different forensic accounting methods.
Courts overseeing crypto crime cases tend to have different preferences when it comes to tracing methodologies. However, well-prepared, verifiable evidence of tracing analysis and impartial interpretation, such as multiple methods presenting similar findings, play a key role when it comes to court decisions.
Whether traced funds are received by a VASP-controlled wallet or not has an impact on our tracing analysis. Tracing of claimant’s misappropriated cryptocurrency continues until either those funds are received by a VASP-controlled wallet, or the funds are received by a wallet that still currently holds those funds (i.e. there has been no further onward dissipation of the funds).
Most VASPs operate ‘pooling addresses’ used to store customer deposits and to execute transfers. When a user of the VASP wishes to transfer cryptocurrency from their exchange account, often the exchange will use cryptocurrency held in one of its pooling addresses to settle the transaction, rather than transfer cryptocurrency held in a wallet that only includes that specific user’s cryptocurrency. In these cases, the records matching user account transactions to the movements on the blockchain showing which addresses have been used to settle the transaction are kept only by the exchange. These internal records are not publicly available. The tracing of the Claimant’s cryptocurrency must, therefore, stop once those funds are received by a wallet controlled by an exchange as we do not know which user account transactions relate to transfers from these wallets.
Achieving synergy between AML/KYC, fraud investigations and data ecosystems takes the security of blockchain and crypto financial markets to a level never before seen in traditional finance.
The key distinguishments from AML/KYC in the traditional financial sector and the crypto asset industry is a far more extensive use of technology – operating on complete datasets of transactions (public ledgers) and embracing forensic data and funds tracing methods directly into AML transaction monitoring. This has enabled Coinfirm to create a ‘three-pillar’ ecosystem, consisting of:
1. Anti-Money Laundering – a technological platform allowing VASPs and regulators to verify the risk of blockchain addresses, wallets, transactions and counterparties – across over 1500 public and private blockchains and assets – with 270+ high-tech risk detection algorithms, in order to meet all the regulatory obligations in various jurisdictions.
2. Fraud Investigations – end-to-end investigation and asset recovery services, including a technological breakthrough solution allowing to track all funds reported as lost in real-time, with use of multiple tracing methods for best evidence.
3. Data Ecosystem – the network and infrastructure of data collection and data reporting, incentivizing market players to report suspicious activities and allowing victims of crypto fraud from all around the world to report and claim lost funds; by this Coinfirm has created the world’s largest database of actively monitored blockchain entities and events – enabling fast reactions to crypto crime cases.
These platforms and solutions also allow the firm’s partners to also take an active role in combatting crypto crime.
To give an example, funds moving from sanctioned or hacked wallets are tracked automatically through hundreds of ‘layering’ transactions and immediate alerts are given to cooperating VASPs to freeze funds once funds reach accounts under their purview. Additionally, other wallets belonging to a sanctioned entity or a hacker are automatically identified and traced. Coinfirm works on the actual element of crypto crime-related data – not only behavioral or statistical patterns – and uses multiple fund tracing methodologies (both deterministic and AI-based) to provide actual evidence of a crime when it comes to SAR (Suspicious Activity Report) filing and litigation.