Opponents of cryptocurrencies often claim that crypto coins are massively being used in money laundering, drug trafficking, weapons sales, financial crimes, and terrorist financing. The media regularly publish articles about new hacker attacks on crypto exchanges or money laundering through Bitcoins. We figured out what is behind such infamy and what the scale of the problem really is.
Hacks of Exchanges and Wallets
Most fraudsters steal from exchanges, as often they are easier to hijack than a single wallet, and the potential income is disproportionately higher. According to Group-IB, CipherTrace, and Carbon Black, in 2018, hackers stole cryptocurrencies in the amount of $1.1 to $1.7 billion, of which $960 million came from crypto exchanges and payment systems. The number of such cases increased by 3.5 times compared with 2017, and 7 times compared with 2016. 56% of crypto thefts occurred on the exchanges of South Korea and Japan.
The biggest thefts of 2018:
$532 million from Coincheck
$60 million from Zaif
$40 million from Coinrail
$31 million from Bithumb
In most cases, the reasons for the theft were the vulnerability of hot wallets that held user funds.
Hackers Work in Teams, Not Alone
Interestingly, most hacker attacks are carried out not by loners but by teams. According to a recent study by analytical company Chainalysis, two groups of hackers were behind 60% of all registered crypto thefts and stole cryptocurrencies worth more than $1 billion.
The researchers identified the hacker groups as Alpha and Beta. Alpha is a huge, tightly controlled organization that pursues not only financial goals. Beta is less organized, monitors security worse, and is entirely focused on money.
Both groups operate differently with the stolen cryptocurrencies. Alpha transfers the coins immediately after hacking, and Beta does it within 18 months. The hackers wait at least 40 days until the interest in the theft subsides, after which they try to cash out as quickly as possible. 50% of all stolen funds are cashed out within 112 days.
Usually, the hackers steal coins worth $90 million at a time, but the number of “minor thefts” has increased by $20 to $30 million. After the theft, on average, they pass the stolen cryptocurrencies about 5,000 times through a system of wallets, exchanges, and peer-to-peer transactions before exchanging them for fiat currency.
Sometimes even regulated exchanges that follow strict AML procedure are used to cash out. It is difficult to track down stolen or laundered money, as it is possible to learn about the origin of the money only after the fact, not in real time.
The researchers believe that both groups are likely still active.
ICO Fraud and Fake Accounts on Twitter
According to various sources, about half to 80% of ICOs were initially created as fraudulent, as their organizers were aware that their projects could not be realized, and much of the funds raised were spent on personal or advertising purposes. At the same time, in 2017, from $5.6 to $6.2 billion was attracted using ICOs. Since ICOs are not regulated at all, their organizers have no responsibility toward investors. According to the European Cybercrime Center, in 2017–2018, scam projects led to the loss of $1.4 billion by investors.
Perhaps the most striking example of ICO fraud in 2018 was the American project Centra. In the spring, a project that was advertised by boxer Floyd Mayweather and other celebrities raised $32 million by deceit, after which the leadership tried to flee the country. In November, a funny incident occurred with the Pure Bit scam project, as the startup founder first ran away with $2.7 million, and then repented and returned the money to the users.
In 2018, so-called advance-fee scams were also popular on Twitter as a type of fraud when fake celebrity accounts promise to distribute coins for free in exchange for a small payment. Such deception is quickly revealed, but the fakes can earn a few thousand dollars, and the whole “industry,” according to some estimates, brings from $50,000 to $100,000 per day.
Phishing, Cryptojacking, and Extortion
One of the most popular schemes to trick users is phishing creating clone sites of famous exchanges, ICO projects, and wallets (86% of fakes are MyEtherWallet). When users enter their data in a phishing program, the attackers gain full access to the victim’s account. According to the data from Kaspersky Lab, every quarter, criminals steal from $2 to $3 million in this way.
Illegal mining, or cryptojacking, is also common when criminals use an infected computer for imperceptible mining to their advantage. The number of such cases in 2018 increased by 4 times, as about 13 million devices were infected with viruses. At first, cryptojacking was used for mining, and over time, it was also used to carry out DDoS attacks and other cyber crimes. The primary victims of cryptojacking are companies. According to Carbon Black, attacks on businesses accounted for one-fifth of all hacker attacks.
Cyberextortion is another new form of cybercrime. Viruses encrypt files on the infected computer and then require a ransom in cryptocurrency for the decryption key. Among vivid examples are CryptoWall, Locky, KeRanger, XCodeGhost, WannaCry, and NotPetya. According to estimates by the Cyber Threat Alliance, ransomware viruses could sum up a total of $325 million from their victims.
Due to the anonymity and legal uncertainty of cryptocurrencies, it is customary to accuse them of money laundering. According to Europol and the U.K., $5.5 billion a year is laundered through cryptocurrencies. 97% of criminal Bitcoins are laundered through exchanges with weak AML policy.
According to the U.N., the annual volume of illegal transactions is $1 to $2 trillion. Against this background, $1– $2 billion seems insignificant. The total capitalization of Monero, Dash, and ZCash is $2.2 billion at the moment. Obviously, the money laundered through cryptocurrency funds is negligible.
Terrorists and Drugs
Cryptocurrencies have been linked with drugs since the days of Silk Road. According to official data, the turnover of the site was about $1.2 billion, the revenue was $90 to $126 million, and it was used by several thousand illegal sellers and more than 100,000 buyers worldwide.
According to the Foundation for Defense of Democracies (FDD), drug trafficking accounts for up to 90% of all illegal cryptocurrency transactions. The annual turnover of such trade can be $4–$5 billion and reach 0.5% to 1% of the total turnover, and cover up to a third of all buyers.
As for terrorism, according to the Europol report and the U.K. government commission, Bitcoin and other cryptocurrencies have not been used recently to finance terrorist attacks in Europe, and it is unlikely that the situation will change in the next five years. A study by the Center of a New American Security suggests that terrorists do not understand cryptocurrency technology well and prefer cash and bank transfers as more convenient and secure. But experts warn that the situation may change if terrorists “try out” the technology and begin to trust it.
Crime Will Be Fine without Cryptocurrencies
Due to the anonymity of transactions, the speed of transfers to bypass financial organizations, and the lack of need to pay taxes, cryptocurrencies seem to be ideal means for avoiding taxes, money laundering, and buying weapons. But in fact, they are not as convenient for criminals as it may seem. The numbers say that cryptocurrencies are not as popular among criminals as is commonly believed.
The experience of fighting the darknet shows that the state can combat cybercrime, and the anonymity of cryptocurrencies is greatly exaggerated, as anonymously exchanging money is becoming more difficult, and the security services can associate transactions with a specific user, something that even super anonymous coins cannot save from. In such conditions, cryptocurrencies are a superfluous intermediary link, because cash is more difficult to track.
If we combine the figures mentioned above, then over the past two years, it is very possible to say that $13 to $16.7 billion of funds circulating on the crypto market can be considered of criminal origin. Is that much or not? Well, it depends on the total crypto market capitalization. With a capitalization of $700 billion, this is only 2%, and with a capitalization of $100 billion, this already 13% to 16%. But it is obvious that this is an insignificant value against criminal trillions of dollars.
Fiat cash is used by criminals hundreds of times more often, but this is not a reason for its prohibition. It is clear that cryptocurrencies are much less versatile and convenient than their traditional counterparts as an instrument of crime.