Cybercriminals managed to launder at least $8.6 billion worth of cryptocurrency in 2021, according to a new report from blockchain analytics company Chainalysis.
The company said the $8.6 billion represents a 30% increase in money laundering activity over 2020 but is dwarfed by 2019, which saw at least $10.9 billion laundered. Chainalysis said cybercriminals had laundered $33 billion worth of cryptocurrency since 2017.
Chainalysis explained that these figures only represent funds derived from “cryptocurrency-native” crime, meaning cybercriminal activity such as darknet market sales or ransomware attacks in which profits are almost always derived in cryptocurrency rather than fiat currency.
Chainalysis does not have a way to measure the fiat currency from drugs or crime that is converted into cryptocurrency after the fact.
Kim Grauer, head of research at Chainalysis, told ZDNet that to give a sense of the importance of the $8.6 billion, there is no way to quantify the amount of money laundering in the fiat world.
The report notes that while billions of dollars’ worth of cryptocurrency move from illicit addresses every year, most of it ends up at a small group of services, many of which “appear purpose-built for money laundering based on their transaction histories.”
2021 represents the first year since 2018 where centralized exchanges didn’t receive the majority of funds sent by illicit addresses, with DeFi protocols making up much of the difference. DeFi protocols received 17% of all funds sent from illicit wallets — $900 million — in 2021 compared to just 2% in 2020.
“Many of the hacks we saw this year were of DeFi protocols, so it makes sense that the funds were sent to DeFi services that can handle large amounts of liquidity from really any token you can imagine,” Grauer said. “We also know that criminals are always the fastest to adapt to the use of new technologies to evade detections, and this year was no different.”
The report says addresses associated with theft sent just under half of their stolen funds to DeFi platforms — over $750 million worth of cryptocurrency in total. As Chainalysis previously reported, North Korea-affiliated hackers were responsible for $400 million worth of cryptocurrency hacks last year and used DeFi protocols extensively for money laundering.
“This may be related to the fact that more cryptocurrency was stolen from DeFi protocols than any other type of platform last year. We also see a substantial amount of mixer usage in the laundering of stolen funds,” the researchers explained.
“Scammers, on the other hand, send the majority of their funds to addresses at centralized exchanges. This may reflect scammers’ relative lack of sophistication. Hacking cryptocurrency platforms to steal funds takes more technical expertise than carrying out most scams we observe, so it makes sense that those cybercriminals would employ a more advanced money laundering strategy.”
Grauer added that while it was not totally unexpected, the growth in the use of mixers to move funds was striking this year.
“The amount of money going to mixers, particularly from bad actors such as North Korean hacking groups, continues to grow in significance,” Grauer said.
Money laundering is also concentrated to a small number of services and a small number of deposit addresses, according to Chainalysis. The company found that 58% of all funds sent from illicit addresses moved to five services last year, compared to 54% in 2020.
Just 583 deposit addresses received 54% of all funds sent from illicit addresses in 2021, the researchers found, and each of those 583 addresses received at least $1 million from illicit addresses. In total, they received just under $2.5 billion worth of cryptocurrency.
“An even smaller group of 45 addresses received 24% of all funds sent from illicit addresses for a total of just under $1.1 billion. One deposit address received just over $200 million, all from wallets associated with the Finiko Ponzi scheme,” the researchers explained.
“While money laundering activity remains quite concentrated, it’s less so than in 2020. That year, 55% of all cryptocurrency sent from illicit addresses went to just 270 service deposit addresses. Law enforcement action could be one possible reason money laundering activity became less concentrated.”
The report cites the US Treasury Department’s sanctions against Russia-based OTC broker Suex and P2P exchange Chatex as one example of law enforcement action leading to money laundering activity becoming less concentrated.
Chainalysis said several addresses associated with both services appeared in the 270 they identified as the biggest laundering addresses in last year’s report. The researchers theorized that cybercriminals began to disperse their money laundering after some of the services closed or after seeing the law enforcement action against certain platforms.
“There is a consolidation point of funds flowing to laundering services, oftentimes hosted on exchanges, that are able to handle the movement of large quantities of funds,” Grauer said.
“The key takeaway for us is that the criminal landscape might not be as large as you think. We have found this in years past and continue to highlight the relevance of structural money laundering in the cryptocrime landscape.”
The report added that the 20 biggest money laundering deposit addresses received just 19% of all Bitcoin sent from illicit addresses, compared to 57% for stablecoins, 63% for Ethereum, and 68% for altcoins.