Crypto crime is spreading and hard to solve, says report
We examine why some of the claims made for cryptocurrencies are nonsense, and why some financial crimes are spreading.
Digital currencies’ proponents have long claimed that crypto and other tokens on the blockchain, including stablecoins, represent a superior alternative to traditional finance. A people’s financial system, no less, open to everyone with a phone or computer, free of the influence of geopolitics, national banks, wealthy financiers, insider dealing, cartels, fraudsters, and other criminals.
Until this year, some even claimed that crypto would be free of the drops in value of fiat currencies that often occur in financial crises, while others have long claimed that the supposed transparency and inviolability of blockchains would make it harder to commit fraud, theft, and financial crime.
While no one denies that digital tokens have positive applications, such as programmable money, financial inclusion, tech innovation, and speedier, cheaper cross-border transfers – or that blockchain has its own (dull) uses – evangelists’ loftiest claims have largely been bunkum. Indeed, the highfalutin rhetoric about crypto has often been more of a smokescreen for currency speculators’ vanity than a credo for the future.
That said, who can blame anyone for wanting to gamble or make a quick buck these days? Or to be rich enough to heat their homes and eat? Inflation is soaring, wartime energy prices are handing record profits to multinationals, and our seas are full of plastic and excrement. Meanwhile, few people can afford to live in cities anymore. So, why not invent a better, fairer capital system?
Sadly, in the Spring, many crypto coins’ years of gains were wiped out almost overnight. Even some stablecoins lost their dollar pegs – in one case becoming valueless. And until China clamped down on Bitcoin last year, roughly two-thirds of all miners were located in that country, many powered by coal – hardly a market free of geopolitics, therefore. (It remains the world number two destination for crypto-mining activities.)
And that’s not all: multibillionaires have been able to tweet up their holdings in obscure coins with apparent impunity, using social media as a form of networked insider trading – legally – via millions of devoted acolytes.
A new opportunity for criminals
So much for the little guy in this brave new world. But what about the criminal use of cryptocurrencies: all those financial crimes that, theoretically, will be stopped for good?
A new report from research group SSRN reveals that an “entire criminal ecosystem” has been built on top of the cryptocurrency boom, and to a large extent enabled by it.
Crimes include hacking, money laundering, scams, ransomware, ‘sextortion’, and a soaring trade in illegal goods, with the authors adding, “obviously the data on these crimes are pretty murky”. Wait, what? You mean blockchain doesn’t just hand people’s names to Interpol? Shocking!
The report says:
While the advent of cryptocurrencies and digital assets holds promise for improving and disrupting financial systems through offering a cheap, quick, and secure transfer of value, it also opens up new payment channels for cybercrimes.
Assembling a diverse set of public, proprietary, and hand-collected data, including dark web conversations in Russian, the researchers conducted “the first detailed anatomy of crypto-enabled cybercrimes” and highlight the economic issues that arise from them. The report adds:
Our analyses reveal that a few organized ransomware gangs dominate the space and have evolved into sophisticated, corporate-like operations with physical offices, franchising, and affiliation programs. Their techniques also have become more aggressive over time, entailing multiple layers of extortion and reputation management.
However, the authors explain:
Blanket restrictions on cryptocurrency usage may prove ineffective in tackling crypto-enabled cybercrime and hinder innovations. Instead, blockchain transparency and digital footprints enable effective forensics for tracking, monitoring, and shutting down dominant cybercriminal organizations.
Qualified good news, it seems. But what is a ‘crypto-enabled cybercrime’, which is the focus of the report? It explains:
Decentralization, privacy, and anonymity have been the building blocks of the cryptocurrency movement since its inception over a decade ago. While the technology has spurred many innovations, cybercriminals’ adoption of cryptocurrencies has become a central issue in the crypto-regulation debate.
Ransomware attacks, money laundering activities, and various crypto-based scams have recently surged, prompting the US president to issue an executive order requiring agencies to establish a course of action. According to the Federal Trade Commission, cryptocurrency is the most reported payment method in frauds – surpassing bank transfers, wire transfers, and credit cards – accounting for $728.8 million (33.5%) of the 2022 year-to-date reports.
The growth of cryptocurrencies has provided brand new opportunities for criminals, it continues. For example, hackers exploit weaknesses in either centralized organizations, such as crypto-exchanges, or decentralized algorithms, and use these to siphon out coins. But they have to be careful, the report adds:
In these types of attacks, coins are transferred to a blockchain address. Given that these transactions and addresses do not require real names, the attackers are initially anonymous. Indeed, the exploit is available for anyone to see, given that the ledger of all transactions is public here.
[However] while the original exploit is completely anonymous (assuming the address has not been used before), the exploiter needs to somehow ‘cash out’. Every further transaction from that address is also public, allowing for potential deployment of blockchain forensics to track down the attacker.
Note the ‘potential deployment’ of blockchain forensics. But by whom? Remember, these are invariably international operations that may be using networks of networks and fake IDs.
The report continues:
Beyond stealing cryptocurrency via exchange and protocol exploits, traditional cybercriminal activities are now also enabled with a new payment channel using the new technology – the second opportunity our research focuses on. The use of cryptocurrencies replaces potentially traceable wire transfers or the traditional suitcase of cash, and is popular for extortion.
Criminal organizations also use cryptocurrencies to launder money. According to Europol, criminals in Europe laundered approximately $125 billion in currency in 2018 and more than $5.5 billion through cryptocurrencies.”
Government response is a challenge
Increasing cryptocurrency adoption also facilitates other forms of cybercrime, say the authors, deepening the problem again:
Information about crypto-enabled cybercrimes is typically dispersed, private, and incomplete.
Quite. The report then shares some alarming statistics. It highlights:
Out of the 21,650 reported addresses [BTC addresses linked to criminal activities], sextortion leads the cybercrime report counts (33.8%), followed by blackmail scams (32.3%), and ransomware (23.9%). These three types of cybercrime jointly account for 94.4% of all reported entries on the Bitcoin Abuse system.
The number of reported related transactions provides a different picture concerning the most active type of cybercrime on the Bitcoin blockchain. Out of the total of 13.6 million crypto-crime-related transactions, ransomware leads most of the on-chain activity (42.5%), followed by Bitcoin tumbler [dispersing Bitcoin in multiple transactions and addresses] (32.0%) and others (22.4%).
Nearly 14 million crypto-crime-related transactions: how’s that for a fairer, crime-free system! But, what can anyone actually do about it? Again, the very nature of crypto markets and blockchains – as a distributed, global, people’s financial system – makes governments’ responses much harder. The report adds:
A one-size-fits-all solution, such as restricting or banning cryptocurrency usage by individuals or organizations, is problematic for three major reasons. First, this is not a national problem. Blockchains exist across multiple countries and harsh regulations in a particular country or jurisdiction have little or no effect outside that country. As we have seen from other global initiatives (e.g. carbon tax proposals), it is nearly impossible to get global agreement.
Second, while an important problem, cryptocurrency plays a small role in the big picture of illegal payments. Physical cash is truly anonymous and, indeed, this may account for the fact that 80.2% of the value of US currency is in $100 notes. It is rare the consumers use $100 bills, and it is equally rare that retailers are willing to accept them.
Third, and most important, expunging all cryptocurrency use in a country eliminates all of the benefits of the new technology. Even further, it puts the country at a potential competitive disadvantage. For example, a ban on crypto effectively eliminates both citizens and companies from participating in Web 3.0 innovation.
In short, once criminals have turned digital bits into analogue notes, you can kiss goodbye to your money. But, there’s a glimmer of hope, say the authors:
The analysis in our paper points to a different tactic. While addresses are anonymous initially, funds are often transferred from one address to another in order to ‘cash out’. All transactions are viewable and immutable – a key feature of blockchain technology.
This opens the possibility of deploying forensic tools with a focus on tracking, monitoring, and identifying the crypto transactions attributed to criminals. Indeed, our research provides a glimpse of what is possible given the transparent nature of blockchains.
Meet the new boss, same as the old boss? Not quite, but it seems that far from building a better, fairer, people’s system, digital finance has made chasing organized criminals just as complex and challenging as ever. And the solutions are still just potential ones: the future deployment of forensic tools by agencies unknown, operating in who knows what jurisdiction, and on behalf of… who knows?
So, the big-picture problem is obvious. Don’t expect nations and local police or security services to get your money back if you lost it gambling on the global roulette wheel. You can’t have it both ways.
• The report shares one amusing story. Powerful Russian cybercrime gang Conti was brought down after supporting Putin’s aggression against Ukraine. An angry Ukrainian insider leaked all their internal data online. Sometimes the real world still has a habit of asserting itself.