Quick Look at Chainalysis Annual Crypto Crime Report: Fraud and Stolen Funds Drop Significantly
TechFlow Selected TechFlow Selected
Quick Look at Chainalysis Annual Crypto Crime Report: Fraud and Stolen Funds Drop Significantly
Contrary to the overall trend, ransomware and dark web markets saw significant revenue growth in 2023.
Navigating Web3 tides with focused insightsAuthor: Chainalysis Team
Translation: Luffy, Foresight News
2023 was a year of recovery for cryptocurrency, as the industry gradually rebounded from a series of scandals, collapses, and price declines in 2022. With rising crypto prices and growing market activity throughout 2023, many believe that the crypto winter has ended and a new phase of growth may be approaching.
But what does this mean for cryptocurrency-related crime? Let’s first examine the trends from an industry-wide perspective.
In 2023, cryptocurrency addresses linked to illicit activities received significantly less value—totaling $24.2 billion. As always, we must emphasize that these figures are based on inflows to illicit addresses identified by us so far, representing a lower bound estimate. In the coming year, as we identify additional illegal addresses and incorporate their historical activity into our data, the total will almost certainly rise. For example, when we published our cryptocurrency crime report last year, we estimated that illicit crypto transaction volume in 2022 was $20.6 billion. A year later, our updated estimate for 2022 has increased to $39.6 billion. This increase is largely due to identifying previously unknown but highly active addresses hosted by sanctioned services, as well as adding transaction volumes associated with services in sanctioned jurisdictions to our totals.
Beyond discovering new illicit wallet addresses, another key reason for the higher revised total is that we have now included an $8.7 billion creditor claim related to FTX in our 2022 calculations. In last year’s report, we stated we would delay including transaction volumes related to FTX and other companies that collapsed in 2022 due to alleged fraud until legal proceedings formally concluded. Since then, a jury has convicted former FTX CEO SBF of fraud charges.
Typically, our statistics on illicit activity include only measurable on-chain activity. In the case of FTX, it is not possible to isolate the scope of fraudulent activity using on-chain data alone, as user funds were commingled. Therefore, we consider the $8.7 billion in creditor claims against FTX to be the best available estimate. Given the scale and impact of the FTX incident, we are treating it as an exception to our usual on-chain methodology. If courts reach convictions in similar ongoing cases, we plan to include such events in our future illicit transaction data.
All other totals exclude revenues from crimes that are not natively crypto-based, such as traditional drug trafficking where cryptocurrency is used as a payment method. Such transactions are practically indistinguishable from legitimate transactions in on-chain data. Of course, law enforcement agencies with off-chain intelligence can still use Chainalysis solutions to investigate these activities. Where we can confirm such information, we do classify these transactions as illicit in our datasets—but in most cases, such confirmation is unavailable, so these numbers are not reflected in the totals reported in our annual study.
Beyond the absolute decline in the value of assets involved in illicit activity, our estimate of the share of cryptocurrency transaction volume tied to illicit activity relative to all crypto transaction volume has also decreased—from 0.42% in 2022 to 0.34% in 2023. [1]
We’ve also observed shifts in the types of assets involved in cryptocurrency-based crime.
Throughout 2021, Bitcoin dominated as cybercriminals’ preferred cryptocurrency, likely due to its high liquidity. However, this has changed over the past two years, with stablecoins now accounting for the majority of all illicit transaction volume. This shift aligns with the recent growth in stablecoins’ share of overall cryptocurrency activity—including legitimate transactions. However, stablecoin dominance does not apply across all forms of crypto-related crime.
Certain forms of illicit crypto activity, such as darknet market sales and ransomware payments, still occur primarily in Bitcoin. [2] However, in other areas—such as scams and transactions linked to sanctioned entities—there has been a shift toward stablecoins. These happen to be the largest categories of crypto crime by transaction volume, driving the broader trend. Entities under sanctions or operating in sanctioned jurisdictions, including those involved in terrorist financing, also have greater incentives to use stablecoins, as they may face challenges accessing U.S. dollars through traditional channels while still wanting to benefit from dollar stability. However, stablecoin issuers can freeze funds when misuse is detected, as Tether recently did with addresses linked to terrorism and war activities in Israel and Ukraine.
Below, we explore three major trends that defined cryptocurrency crime in 2023—trends critical to the industry’s future development.
Sharp Decline in Scam and Stolen Funds
In 2023, both scam revenues and proceeds from hacks declined sharply, falling 29.2% and 54.3% respectively.
As we’ll discuss later in the scams section, many individuals engaged in cryptocurrency scams have now adopted targeted social engineering tactics—building relationships with specific victims before pitching fraudulent investment opportunities, rather than casting wide nets. This makes them harder to detect. While FBI data shows a year-over-year increase in reported crypto investment scams in the U.S. through 2022, our on-chain indicators suggest that globally, scam revenues have been on a downward trend since 2021. We believe this aligns with a long-term pattern: scams thrive when markets are rising, excitement is high, and people fear missing out on quick riches. Emotional scams remain devastating for individual victims, and their consequences should not be underestimated. While increased reporting (at least in the U.S.) is a positive sign, we still believe emotional scams are severely underreported. We assume the true harm from scams exceeds both FBI reports and our on-chain metrics—but overall, considering broader market dynamics, scam activity has still declined.
On the other hand, cryptocurrency hacks are harder for criminals to conceal, as industry observers can quickly detect unusual fund outflows from a service or protocol at the time of an attack. As we’ll discuss, the drop in stolen funds was primarily driven by a sharp decline in DeFi hacks. This may represent a reversal of a troubling long-term trend and could indicate that DeFi protocols are improving their security practices. That said, the stolen funds metric is heavily influenced by outliers—one large hack could reverse this trend again.
Ransomware and Darknet Market Activity on the Rise
Conversely, ransomware and darknet markets—two of the most prominent forms of cryptocurrency crime—saw increases in revenue in 2023, contrasting with the overall downward trend. The rise in ransomware income is surprising following the sharp decline in this area we reported last year, suggesting that ransomware actors may have adapted to improvements in organizational cybersecurity—a trend we first reported earlier this year.
Similarly, the increase in darknet market revenue this year comes after a decline in 2022. That prior drop was largely due to the takedown of Hydra, which had been the world’s dominant darknet market, accounting for over 90% of all darknet market revenue at its peak. Although no single market has yet emerged to replace it, the sector as a whole is rebounding, with total revenue climbing back to 2021 highs.
Sanctioned-Entity-Related Transactions Drive Majority of Illicit Activity
Perhaps the most striking trend in illicit transaction volume is the exceptional activity linked to sanctioned entities. In 2023, transactions involving sanctioned entities and jurisdictions totaled $14.9 billion, accounting for 61.5% of all illicit transaction volume we tracked that year. Much of this was driven by cryptocurrency services subject to sanctions from the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) or located in sanctioned jurisdictions. These entities continue operating because they reside in jurisdictions that do not enforce U.S. sanctions.
While these services may—and have been—used for criminal purposes, this also means that part of the $14.9 billion in transaction volume linked to sanctioned entities includes activity from ordinary crypto users who happen to reside in these jurisdictions. For example, Russia-based exchange Garantex, sanctioned by both OFAC and the UK’s OFSI for facilitating money laundering by ransomware attackers and other cybercriminals, was one of the largest drivers of sanctioned-entity-related transaction volume in 2023. Garantex continues to operate because Russia does not enforce U.S. sanctions. Does this mean all of Garantex’s transaction volume is tied to ransomware and money laundering? Not necessarily. However, any association with Garantex poses significant sanctions compliance risks for platforms under U.S. or UK jurisdiction, meaning these platforms must remain vigilant and screen for connections to Garantex to stay compliant.
Stay tuned for further research from us on cryptocurrency-based crime, including deeper insights and reports on ransomware, hacking, crypto money laundering, and more.
Footnotes: [1] Transaction volume measures all economic activity—the turnover of funds. We remove peel chains, internal service transactions, change outputs, and any other transaction types not considered economic exchanges between distinct parties.
[2] These statistics exclude privacy coins such as Monero.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
Chainalysis
