Illicit cryptocurrency transactions fell in dollar terms as token prices slumped in the first half of 2022, but legitimate trades dropped more than twice as much, suggesting criminals are more resilient, though law enforcement is getting better at catching them, according to a report by U.S. data aggregation firm Chainalysis Inc.

Activity linked to criminals fell 15% to US$8 billion compared to the same period in 2021, while legitimate transactions fell more than twice that, 36%, to US$4.5 trillion, the report found. The total crypto market cap fell roughly 60% from the start of the year to just under US$900 billion by the end of June. 

“A lot of illicit activity is price inelastic,” Chainalysis Head of Research Kim Grauer said in an interview with Forkast. “It doesn’t ebb and flow with the price of cryptocurrency; your decision to purchase goods on a darknet marketplace is very much a use case-based activity.” 

These may be unwelcome findings for an industry that has struggled to shrug off associations with illegal activities, such as use of crypto on the now-defunct website Silk Road, which reportedly handled as much as US$1 billion in illegal drugs and other criminal services before being shut down in 2013. 

A closer examination of the data tells a more complex story, however, as Grauer says global law enforcement has made some real wins this year when it comes to crime in the industry.

“Last year a lot of law enforcement agencies and government agencies around the world tended to have that one crypto nerd in the basement that would run their investigations,” she said. “Now, they’ve expanded their forces; they’ve grown their crypto forensics and blockchain analysis capabilities.”

Bad neighborhoods

While total losses to illicit activities declined during the period, the value lost to hacks of decentralized finance (DeFi) protocol rose significantly.

The report found that US$1.9 billion was stolen from protocols from January through June this year, compared to US$1.2 billion at the same point last year.

DeFi exploded in 2021 with new protocols and innovative projects, reaching a peak in May with a total market cap of over US$125 billion — a 16x growth from the previous year.

With DeFi priding itself on decentralization and transparency, many publish open-source code and when new projects start, they use this code for their platforms. 

This makes finding vulnerabilities all too easy for cybercriminals, Grauer said, and the surge in hacks we are seeing now is the lag effect of bad actors making their way through new code as it is published.

Another recent report from Chainalysis said that cross-chain bridges — protocols that link separate blockchain networks to allow for transactions between them — are uniquely vulnerable to criminals, a sentiment Grauer shared with Forkast. 

“Effective bridge design is still basically an unresolved technical challenge,” she said, “whenever you have a brand-new technology, you’re going to do your best, but you’re going to find vulnerabilities in it. The problem is that [hackers] are looking for those vulnerabilities.”

The scam crowd

Crypto scams get a lot of publicity, but losses to such illegal schemes fell 65% to just US$1.6 billion in the first half, while the number of individual transactions sucked into scams hit a four-year low of just over 900,000. The figures in 2021 were more than double that.

“Scammers are being forced into changing their methods and I think that is a long-term change where you’re not going to get rid of scamming,” Grauer said, “[but] they are becoming more sophisticated in how they come after a target.” 

Grauer said that past popular scams involved building fake websites with promises of high returns, and that when crypto was in a boom cycle in previous years, many people were lured in with hopes of getting rich quick.

Now there is greater awareness of these tactics, she added, and so scammers had to switch to more intensive schemes targeting individuals over long periods of time rather than the scatter-shot approach of the past. 

Transaction value on the darknet — a section of the internet accessed with specialized software or authorization and often used for illicit activity — fell 43% compared to where it was in June 2021. Chainalysis attributes this “almost certainly” to the U.S. Treasury Department sanctioning the Russian darknet platform Hydra in April, claiming it was a marketplace for illicit ransomware and hacking software.

Conversely, individual transactions to other darknet sites have since increased, which Chainalysis says is likely due to former Hydra clients moving funds onto other platforms. 

“Law enforcement efforts work to some degree, but a lot of times they have a displacement effect or the Whac-A-Mole problem,” Grauer said, “we are seeing some migration happening to new marketplaces.” 

The U.S. Treasury Department also recently took steps to combat money laundering using cryptocurrencies with the Office of Foreign Assets Control (OFAC) adding the crypto mixer Tornado Cash to its Specially Designated Nationals list. 

While some advocacy groups are pushing back by arguing the move infringes upon their right to privacy, the OFAC has claimed Tornado Cash has laundered more than US$7 billion since its creation in 2019 and is used by rogue states. 

“This is a step showing that OFAC is extremely willing and eager to rise to the occasion and use some more advanced methods to stop funds from making it out to North Korea,” Grauer said.