Alex -

Chainalysis: Cryptocurrency crime reaches all-time high

While illicit activity peaked at $14 billion in 2021, Chainalysis said it's a drop in the bucket compared with overall transactions amid 'roaring adoption' of cryptocurrency.

Illicit cryptocurrency proceeds nearly doubled in 2021, according to new research by Chainalysis.

In a blog post last Thursday, the blockchain analytics vendor reported that "cryptocurrency-based crime hit a new all-time high in 2021" with a 79% increase from 2020. But Chainalysis said the increase was surprisingly low compared with the 567% increase in overall cryptocurrency transactions last year, which reached $15.8 trillion.

Chainalysis determined that illicit addresses received $14 billion in 2021, up from $7.8 billion in 2020. A rise in decentralized finance (DeFi) led to more stolen funds and scams, including a relatively new type of fraud dubbed "rug pulls," which contributed to the significant increase in cryptocurrency crime.

Cybercriminals use cryptocurrency for the anonymity it provides, particularly the ability to obfuscate funds. Its use has become increasingly popular for exploiting victims of ransomware attacks. However, Chainalysis said law enforcement's tracing efforts are bearing fruit in the war on cryptocurrency crime. For example, in June, law enforcement seized a portion of the $4.4 million ransom Colonial Pipeline had paid following a DarkSide ransomware attack by obtaining a private key to the cryptocurrency account.

In September, the Office of Foreign Assets Control issued the first sanction against a virtual currency exchange when it added Russia-based cryptocurrency broker Suex to the sanctions list.

While tracking cryptocurrency transactions over the year, Chainalysis was not surprised to find that the increase in activity and popularity resulted in more cybercriminals using the virtual currency. However, the vendor emphasized that illegal activity remained small compared with legal transactions.

"In fact, with the growth of legitimate cryptocurrency usage far outpacing the growth of criminal usage, illicit activity's share of cryptocurrency transaction volume has never been lower," the blog post said.

Contributing factors to the increase

Though the volume decreased, cybercriminals still made hefty profits. In a breakdown of the $14 billion in total cryptocurrency received by illicit addresses, the top vectors were scams, stolen funds, dark web markets and ransomware.

While examining the causes behind the significant uptick in cryptocurrency crime, Chainalysis examined the activity around several threats and attack types. Though cryptocurrency is commonly used in ransomware demands, those transactions appeared to represent a small amount of the illegal activity in 2021, based on charts in the report. Chainalysis told SearchSecurity that more exact figures on ransomware transactions will appear in an upcoming ransomware report.

One figure the report provided was stolen funds, which skyrocketed in 2021 compared with 2020, when cybercriminals scammed victims out of $7.8 billion worth of cryptocurrency.

Screenshot of chart from the Chainalysis cryptocurrency crime report
According to illicit activity tracked by Chainalysis, scams like 'rug pulls' and stolen funds were the biggest contributors to the $14 billion in cryptocurrency crime last year.

A large portion of that total, $2.8 billion, came from one type of fraud known as "rug pulls" and was attributed to one fraudulent exchange, Thodex, whose CEO disappeared after cutting off users from withdrawals.

"[It's] a relatively new scam type in which developers build what appear to be legitimate cryptocurrency projects -- meaning they do more than simply set up wallets to receive cryptocurrency for, say, fraudulent investing opportunities -- before taking investors' money and disappearing," the blog said.

The Thodex scam accounted for 90% of the total value lost to rug pulls, but Chainalysis found that the remaining involved DeFi projects. Funds stolen from DeFi platforms rose another 1,330% in 2021.

"In other words, as DeFi has continued to grow, so too has its issue with stolen funds," the blog said.

One reason the blog provided was the "hype around the space" -- DeFi transaction volume grew 912% in 2021. The second reason was even more alarming.

"At the same time, it's very easy for those with the right technical skills to create new DeFi tokens and get them listed on exchanges, even without a code audit," the blog said.

Code audits are useful because they provide another level of verification. According to Chainalysis, it ensures the developers don't run off with investors' funds. However, it appears that code audits are not commonly enacted.

"Many investors could likely have avoided losing funds to rug pulls if they'd stuck to DeFi projects that have undergone a code audit -- or if DEXes [decentralized exchanges] required code audits before listing tokens," the blog said.

In addition, a majority of the cryptocurrency theft -- about $2.2 billion out of a total $3.2 billion in 2021 -- was stolen from DeFi protocols. Chainalysis also observed its increasing use for laundering illicit funds.

One example of a more recent attack occurred in December when cybercriminals stole more than $100 million from DeFi app BadgerDAO. However, with such a massive amount and little known about the specific scams or thefts involved, it appears these attacks are not always publicized.

Kim Grauer, director of research at Chainalysis, told SearchSecurity that while some of the larger scams like PlusToken in 2019, Mirror Trading in 2021 and Squid Game coin in 2021 have caught media attention, many smaller scams are not as well known.

Though the report covered 2021, Chainalysis also provided a glimpse into the new year.

"As of early 2022, illicit addresses hold at least $10 billion worth of cryptocurrency, with the vast majority of this held by wallets associated with cryptocurrency theft," the blog said.

Next Steps

Cryptocurrency exchange hit by cyber attack

Mandiant, Netgear X accounts hijacked for crypto scam

Chainalysis observes decrease in cryptocurrency crime in 2023

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing