While the ransomware market is rising and cybercriminals continue to rack up bitcoin payments, illicit cryptocurrency activity is declining, according to new research from Chainalysis.
The cryptocurrency analytics vendor released the introduction to its "2024 Crypto Crime Trends" report on Thursday, detailing an evolving ecosystem that might be trending in a positive direction. Funds sent to illicit cryptocurrency addresses dropped from $39.6 billion in 2022 to $24.2 billion in 2023. Although the decrease was significant, Chainalysis noted the "figures are low-bound estimates."
In addition to the total value sent to illicit addresses, the estimated percentage of cryptocurrency transaction volume connected to illicit activity also decreased from 0.42% to 0.34% in 2023. Chainalysis attributed the decreases to a drop in cryptocurrency scamming and hacking, which might signify improved security, especially for decentralized finance (DeFi) protocols.
In 2022, Chainalysis found cryptocurrency crime had reached an all-time high with a rise in the DeFi industry as a main contributor. The attack against Beanstalk Farms in 2022 was one example where threat actors abused the protocol's governance system, leading to dire consequences for the DeFi platform and its users.
"The dropoff could represent the reversal of a disturbing, long-term trend, and may signify that DeFi protocols are improving their security practices. That said, stolen funds metrics are heavily outlier-driven, and one large hack could again shift the trend," Chainalysis wrote in the report.
In terms of large hacks or thefts, Chainalysis referred to the notorious cryptocurrency exchange and hedge fund FTX Trading Ltd., which shut down in November 2022. Chainalysis initially held off on including the $8.7 billion in credit claims against FTX as part of its 2023 report. However, following the conviction of founder and former CEO Sam Bankman-Fried on several fraud charges last year, Chainalysis added FTX funds to 2022's total, which helped push the previously published figure from $20.6 billion to $39.6 billion.
DeFi security improving?
Eric Jardine, cybercrime research lead at Chainalysis, told TechTarget Editorial that there are many DeFi security challenges, including basic human error and fraud. However, DeFi protocols also require more auditing of smart contracts, he said, compared to other areas of the cryptocurrency economy. Moving toward increased auditing of those contracts could alleviate some security challenges, which Jardine said appears to be happening.
Though Chainalysis tracked an upward trend for DeFi in 2023, it could swing the other way depending on security mindsets.
"New participants could behave like the current participants who are trending towards taking security a little bit more seriously. But it's possible that the new entrants might come in and say, 'I want to make some money and do the code first, security second approach'," he said.
While the introduction addresses broader cryptocurrency crime trends, Jardine said the data showcases ongoing improvements for on-chain attribution. More coverage of on-chain activity means Chainalysis can make more refined estimates.
"We did see both significant revision upwards of last year's total as well as a drawdown from last year to this year in terms of illicit flows," he said. "The drawdown suggests there's not necessarily a change in trend. We're probably trending upwards overtime, but the degree to which that's the case is starting to modulate a little throughout 2023 and into 2024."
Chainalysis's report documented promising changes in the cryptocurrency crime ecosystem, but the vendor also found alarming trends. For example, sanctions issued by the Office of Foreign Assets Control (OFAC) have not been entirely effective. In 2022, OFAC sanctioned Tornado Cash, a cryptocurrency mixer that let threat actors obfuscate illicit funds, as well as the Russian virtual currency exchange Garantex. Suex, a Russian cryptocurrency broker known for laundering ransomware payments, was also sanctioned in 2021.
"Perhaps the most obvious trend that emerges when looking at illicit transaction volume is the prominence of sanctions-related transactions. Sanctioned entities and jurisdictions together accounted for a combined $14.9 billion worth of transaction volume in 2023, which represents 61.5% of all illicit transaction volume we measured this year," the report read.
For 2023, Chainalysis attributed Garantex as "one of the biggest drivers of transaction volume." Jardine said because the exchange is based in Russia and doesn't serve U.S. customers or adhere to U.S. jurisdictions, its operations will continue.
OFAC sanctioned Garantex for laundering $100 million, including many funds for ransomware groups that continue to demand payments in bitcoin while other cybercriminals have switched to stablecoins. However, Chainalysis said that doesn't mean Garantex's total transaction volume is associated with ransomware and money laundering alone.
The report also noted a rise in total ransomware revenue despite a decline Chainalysis observed in 2022 when payments dropped from $766 million to $457 million. Chainalysis said the increase suggests that ransomware threat actors "have adjusted to organizations cybersecurity improvements." That was further supported by the vendor's 2023 "Crypto Crime Mid-year Update" that showed payments surged to $449.1 million.
The number of ransomware attacks continued to skyrocket throughout 2023. But Jardine said it's tough to say if more victim organizations are giving into ransom demands. That's partly because Chainlysis only tracks wallets where victim organizations make ransom payments and are involved in incident response investigations.
"[Payments] dropped into the $500-$600 million range in 2022, and we're certainly higher than that amount in 2023," he said.
Additional sections of the 2024 report are forthcoming.
Arielle Waldman is a Boston-based reporter covering enterprise security news.