Crypto crime

Scams and friends

Cryptoasset activity is sometimes quite hastily associated with criminal affairs. Let's delve into crypto crime and try to shed some light on this hot topic.

Scams

A scam is a malicious technique perpetrated by a scammer to induce the victim to transfer funds to the scammer's account or to directly steal the funds that the victim has on their wallets or has deposited somewhere. Types of scams include:

  • Phishing: a method of identity theft that relies on individuals unwittingly volunteering personal information (like private keys of wallets) that can be used to steal the founds of the victim. It is often carried out through the creation of a fraudulent website or email appearing to represent a legitimate firm.

  • Ponzi scheme: a fraudulent investment scheme in which an operator pays returns on investments from capital derived from new investors, rather than from legitimate investment profits. Ponzi scheme operators entice new investors with abnormally high short-term rates of return. Ponzi schemes generally fall apart when there is not enough new capital to pay the ever-growing pool of existing investors. The scheme is named for Charles Ponzi of Boston, Massachusetts. In the 1920s, Ponzi launched a scheme that guaranteed investors a 50% return on investments in postal coupons.

  • Rug pull: it entails developers creating new tokens and promoting them to investors, who trade for the new token in the hopes the token will rise in value, which also provides liquidity to the project. Eventually, the developers drain the funds from the liquidity pool, sending the token’s value to zero, and disappear. Rug pulls are prevalent in DeFi because with the right technical know-how, it’s cheap and easy to create new tokens on the blockchain and get them listed on decentralized exchanges without a code audit.

  • Code exploits. It happens when hackers take advantage of a bug in the the code of a DeFi protocol, like a decentralized exchange or lending and borrowing platform, to drain the deposited funds. Open-source development is a staple of DeFi applications since DeFi protocols move funds without human intervention, hence users need to be able to audit the underlying code in order to trust the platform. But this also stands to benefit cybercriminals, who can analyze the scripts for vulnerabilities and plan exploits in advance.

Malware and Ransomware

Malware refers to malicious software that carries out harmful activity on a victim’s device, usually without their knowledge. Examples of malware families include:

  • Info stealers: Collect saved information (like credentials) from compromised computers

  • Clippers: Can insert new text into the victim’s clipboard, replacing text the user has copied. Hackers can use clippers to replace cryptocurrency addresses copied into the clipboard with their own, allowing them to reroute planned transactions to their own wallets

  • Cryptojackers: Make unauthorized use of victim device’s computing power to mine cryptocurrency

  • Trojans: Virus that looks like a legitimate program but infiltrates victim’s computer to disrupt operations, steal, or cause other types of harm.

Malware are typically exploited by less sophisticated hackers spamming millions of potential victims and stealing smaller amounts from each individual tricked into downloading the malware. Many of these malware strains are available for purchase out-of-the-box on the darknet.

In particular, ransomware is a type of malware that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid, usually in Bitcoin.

Most ransomware attacks appear to be financially motivated. However, others appear to be motivated by geopolitical goals. That’s exactly what we saw in a recent ransomware attack on Ukrainian government agencies by hackers believed to be associated with the Russian government. The attack occurred on the night of January 13, 2022, and disrupted several government agencies’ ability to operate. Apparently, Russian hackers used a ransomware whose code is similar to a previous one exploited to target Russia itself, so that it appears to be of Ukrainian rather than Russian origin — a type of attack called false flag attack.

Other types of crypto crimes

  • Market manipulation. This includes different strategies to influence the market to make a profit.

    • Pump and dump: influencers encourage investors to buy crypto assets in little-known cryptocurrency projects whose prices can be easily influenced, based on false information. The price of the assets subsequently rises and the scammers sell their own shares, earning a profit and leaving the victims with worthless shares

    • Wash trade: an investor simultaneously sells and buys the same financial instruments to create misleading, artificial activity in the marketplace. First, an investor will place a sell order, then place a buy order to buy from themself, or vice versa. This may be done for a number of reasons, including artificially increase trading volume in an exchange of cryptocurrencies or the price of a Non Fungible Token (NFT) associated with a digital asset, giving the impression that the asset is more in demand than it actually is

  • Darknet markets. The darknet is an overlay network to the internet that can only be accessed by specialized software, configurations and special authorizations, and often makes use of non-standard communication protocols in order for it to be deliberately inaccessible by the internet. Darknet markets include fraud shops, which broker the sale of stolen logins, credit cards, exploit kits, and more, as well as drug-focused markets

  • Terrorism financing. This refers to terrorist organizations that have attempted to finance their operations with cryptocurrency. For instance, in 2019 and 2020, al-Qaeda raised cryptocurrency through Telegram channels and Facebook groups, and in early Spring of 2021, al-Qassam Brigades, Hamas’ military wing, collected donations in cryptocurrencies

  • Sanctions evasion. This is the attempt to elude state or international sanctions using cryptocurrencies. For instance, in 2020 some in the Iranian government have called for the country to use cryptocurrency to circumvent these sanctions, and Bitcoin mining may provide the perfect opportunity to do so. As one of the world’s largest energy producers, Iran has the low-cost electricity needed to mine cryptocurrencies like Bitcoin cheaply, providing an injection of monetary value that sanctions can’t stop. Moreover, Russia used cryptocurrencies to elude international sanctions determined by the invasion in Ukraine

Good news

Chainalysis is a blockchain analysis company providing data and analysis to government agencies, exchanges, and financial institutions across 40 countries. It compiles every year a rigorous report about crypto crime. According to the Chainalysis 2023 crypto crime report (based on 2022 activity):

  1. transactions involving illicit addresses amount to the all-time high $20.6 billion, but they represent just 0.24% of cryptocurrency transaction volume

  2. cybercriminals laundered $23.8 billion worth of cryptocurrency. Meanwhile, the UN Office on Drugs and Crime estimates that up to $2 trillion – 5% of global GDP – is laundered every year through the traditional financial system in fiat currencies, two orders of magnitude greater than crypto laundering

Next is the full 2023 crime report:

PreviousElectricity consumption of blockchainsNextDigital identity

Last updated