Cryptocurrencies - The challenges for criminals and investigators

Cryptocurrencies, NFTs, tokens, DeFi, Smart Contracts; all these are terms that have one thing in common – they are based on the blockchain technology, a technology with unlimited applications, including cryptocurrencies. Some people claim that the blockchain now is what was the internet in the 1990’s. The potential of blockchain is still unknown.

There is no doubt that cryptocurrencies and other blockchain-related projects have the potential to replace traditional banking products like bank accounts, cards, loans. More and more people are adopting these new innovative products. As a result, every year we see the specific sector gaining significant growth and new products and services popping up.

Cryptocurrencies and the innovative technology of blockchain could not be missed by criminals who are always the first to exploit the most recent technological tools to conceal the proceeds of their illegal activities.

It is interesting though that, according to studies, the use of cryptocurrencies for illegal activities seems to be only a small part of the overall cryptocurrency economy, and it appears to be “comparatively smaller than the amount of illicit funds involved in traditional finance”. (Chainanalysis - The 2021 Crypto Crime report). Studies also show that cash, remains the number one preferable method of money laundering since it is completely anonymous and leaves no traces. But there are some characteristics that make cryptocurrencies attractive to criminals.



Why cryptocurrencies may be attractive to criminals?

Pseudonymous: Instead of transacting using a name, cryptocurrencies allow you to transact with a digital wallet address comprising a mixture of numbers and letters. As a result, the transaction recorded on the blockchain is the wallet’s address rather than a name.

Difficult to trace: It is not impossible, but it is difficult to trace. Traditional methods of tracing movement of funds are not effective in the crypto area. Specific analytic tools are required to perform an investigation on blockchain, and these tools are not available to everyone. Additionally, criminals are using other methods to enhance anonymity which makes it even more challenging for investigators to trace transactions involving illegal funds.

Relatively unregulated: The crypto sector is still relatively unregulated compared to traditional fiat currencies. We have seen some response from FATF and the European Commission that require countries to bring the crypto asset service providers under the AML regulatory scope. However, many countries do not have effective regulatory standards for the crypto industry. Criminals take advantage of these regulatory gaps and are looking to transact using jurisdictions with an unregulated crypto market.

Fast transfers: Transfers between wallets take seconds to be completed. This allows transactions to be conducted fast, and funds to be transferred in multiple jurisdictions within a very short timeframe which allows criminals to quickly move their funds to disguise the audit trail and make it difficult for the authorities to link the funds with the crime or the criminal.


Transactions on blockchain leave traces

Initially, with the development of Bitcoin, criminals felt safe when processing their transactions in Bitcoins due to their pseudonymous nature. However, every bitcoin transaction is recorded on the blockchain. Due to the immutability of a blockchain, a transaction is practically impossible to be erased or amended from the blockchain as soon as it is recorded.

However, the development of Blockchain analytic tools over the years, enabled law enforcement and crypto companies to identify and deanonymize data on the blockchain. These tools, using a complex algorithm, visually represent data on a blockchain providing useful information about the different transactions on the blockchain.

The development of blockchain analytic tools resulted to several successful law enforcement crypto investigations by following the traces on the blockchain.

Soon, criminals realized that, simply transferring Bitcoins from one wallet to another, was not enough to provide anonymity to the payer and the payee. Additional tools were and still are used by criminals to enhance anonymity.


Methods used by criminals to conceal their anonymity of transactions on blockchain

Mixers or tumblers: These are services that blend cryptocurrencies of various users and then send the cryptos to another wallet, as instructed by their “customer”. As a result, investigators can see that a person has sent some cryptos to a mixer and that another person received cryptos, but they cannot see if there is a direct connection between the two. This is a very popular method amongst criminals.

Nested exchanges: A nested exchange (i.e. OTC broker) maintains accounts with various popular cryptocurrency platforms and lets people (its customers) to trade using those accounts. The nested exchange usually offers immediate access to all features without KYC requirements. This type of exchanges in many cases provide money laundering services to scammers, fraudsters and could potentially be used for ransomware payments. It is an attractive method for criminals to bypass the KYC and AML requirements.

Unregulated exchanges: These are exchanges that are not regulated and therefore not subject to AML requirements. In many cases, these exchanges are in high-risk countries with low AML standards. These exchanges in many cases are not obliged to provide information to foreign authorities when requested as part of a money laundering investigation.

Privacy coins: Since Bitcoin might be traced, many criminals have turned into the so-called privacy coins such as Monero and ZCash. Monero encrypts the recipient’s address on the blockchain and generates fake addresses to obscure the real sender. It also obscures the amount of the transaction, making it extremely difficult for money laundering investigators to “follow the money”. Although those privacy coins are not acceptable the same way Bitcoin is, they are popular on the dark web due to the anonymity they provide.

Peer-to-Peer (P2P) crypto networks: P2P decentralized networks allow the users to exchange cryptocurrencies or crypto assets without the involvement of a crypto exchange that applies KYC requirements. There were cases where criminals used unsuspected users (money mules) to send funds to other addresses and finally to an exchange in a country with little AML standards.

Crypto ATM (Crypto Kiosk): Can be used to buy cryptocurrencies with cash i.e. buying Bitcoins with cash using a debit or credit card. Then, the crypto ATM provides a QR code, which the user can scan and send the cryptocurrencies to his digital wallet. This allows criminals to transfer cash to wallet addresses held in another location rather than physically transferring the cash abroad. In many cases, the criminals may send the funds to a “nested service provider” which will enhance further his anonymity.

Gambling platforms: Many online gambling platforms accept payments in crypto. Criminals may use online gambling sites to send cryptocurrencies from one country to a wallet address controlled by a criminal in another country. As a result, a criminal may purchase chips with cryptocurrencies, conduct a few transactions and then “cash” them out to a wallet address which is controlled by the same criminal, another associate or a “nested service provider”. Or, two associates, the buyer and the seller of illegal goods both hold a gambling account with the same provider. Then, they transfer between the gambling account as a player-to-player transfer. The seller then will “cash out” the money as gambling profits, where this is the profits for selling illegal goods.

Non-fungible tokens (NFTs): NFTs store data on various blockchains, most of them on the Ethereum blockchain. This data can be associated with digital artwork or other digital items and give the owner of the NFT an unchangeable ownership over the data with which the token is associated. They can be bought and sold using cryptocurrencies on specialized marketplaces. A recent study by the US Treasure Department found that the booming NFT market could be a target for money laundering and terrorist financing who want to “clean” illegally obtained funds. NFTs can be instantly transferred from one party to another without any geographical boundaries or regulatory restrictions. For example, a criminal can generate an anonymous NFT, list in for sale on the blockchain and then purchase it from himself through an anonymous and unregulated digital wallet which contains illegal funds in another jurisdiction. The NFT could at the end be sold to an unsuspected individual who will purchase the NFT with clean funds.


DeFi – The new trend

Defi stands for Decentralized Finance. It is a blockchain-backed financial innovation tool which allows its users to lend, trade, borrow financial on a P2P basis and, without traditional intermediaries such as banks.

This new form of finance has increased in popularity and, of course, criminals could not miss that opportunity. According to the “Chainanalysis – The 2021 Crypto Crime report”, “DeFi protocols received 17% of all funds sent from illicit wallets in 2021, up from 2% the previous year” – an increase of 1,964% from 2020.

DeFi are mostly used for legitimate purposes, but these types of protocols can be attractive to criminals because of the following characteristics:

  • They are unregulated and, there is no requirement to provide KYC information for anti-money laundering purposes.
  • The criminals can easily ensure control of the asset, accessed it anytime, trade or swap it, in many cases immediately after the crime.
  • Transactions on DeFi protocols are irreversible.
  • Assets on DeFi protocols are liquid enough to be converted into fiat currency at any time.


Hackers in many cases exploit vulnerabilities in newly developed DeFi platforms and manage to steal the money of users of DeFi protocols. Following the theft, criminals in many cases swap the stolen assets for clean assets in another DeFi platform or collaterise an illegally derived asset to obtain another token, making it difficult for law enforcement agencies to link the transactions.


How law enforcement agencies link the dots?

As already discussed, transactions that are recorded on a blockchain are immutable. This means that transactions on a blockchain cannot be deleted or amended. The money trail stays there forever and can be used as evidence by law enforcement agencies.

The main principle adopted by investigators of blockchain transactions is to “follow the money” and thus link transactions and addresses to real people. No matter which methods criminals are using to enhance anonymity of their transactions and wallet address, in many cases investigators start with a suspect and are trying to find out which cryptocurrency addresses the suspect controls through forensic analysis of the suspect’s devices.

In other cases, blockchain analysis solutions may be employed. Investigators with the use of these tools can obtain information on geolocation. If a cryptocurrency exchange is involved, investigators may request information about the owner(s) of the wallet addresses like they do in traditional financial firms. However, in some jurisdictions the cost of these blockchain analytic tools is an obstacle for successful investigations in the crypto environment.


The future of crypto

There is no doubt that the crypto industry will continue to grow and that criminals also will continue launder the proceeds of their crimes using cryptocurrencies. The continued advancements in the crypto industry will make it more challenging for law enforcement agencies to detect and fight criminal activity and even more challenging for criminals to launder illegally obtained funds.

As a result, it is important for governments, competent authorities, and law enforcement agencies to stay up to date with the methods adopted by criminals and take advantage of blockchain analytic tools to combat effectively money laundering with the use of cryptocurrencies and crypto assets.

The FATF and other international bodies recognize the potential benefits of the blockchain and the relevant innovative products and services. However, these bodies are aiming to take effective measures so as to mitigate the abuse of the blockchain from criminals. As a result, while it is expected that the crypto industry will grow significantly in the future, at the same time it is expected that it will be heavily regulated on a global level like other financial organizations.

The FATF has issued a revised ”Guidance for a risk-based approach for Virtual Assets (VA) and Virtual Asset Service Providers (VASPs)” aiming to provide guidance to countries on how to assess the ML/TF risks associated with VAs and take appropriate measure to mitigate those risks.

The truth is that, currently, the crypto industry is not effectively regulated. However, there is no doubt that, since there are significant money laundering and terrorist financing risk associated, the industry, sooner or later will come within the scope of the AML regulations, the same way the traditional financial industry is.