More than half of the world’s cryptocurrency money laundering is made through 270 service deposit addresses, according to new research.
Chainalysis’ new Crypto Crime Report has revealed that criminals use a “surprisingly small group of service providers” to liquidate their crypto assets.
In total, 55% of cryptocurrency money laundering is done through these service providers, representing roughly $1.3bn worth of digital assets.
Chainalysis suggested that some of the deposit addresses may also be controlled by the criminals to begin with.
While some of these businesses appear to only have a small percentage of their total transaction volume being made with illicit funds, Chainalysis said some had such a high percentage “that it seems impossible the activity could be inadvertent, or that the service could even continue to operate without serving cybercriminals.”
The researchers also suggested that many “deposit addresses belong to third-party services who, sometimes explicitly or implicitly, provide money laundering services to cybercriminals.”
These third-party providers are referred to as nested services, which operate within one or several larger exchanges, enabling them to tap into their liquidity and trading pairs.
“From a blockchain analysis standpoint, this means that by default, nested services’ transactions will show up as having been conducted on the underlying platform that hosts the nested service,” Chainalysis said in a statement. “Common examples of nested services include [over the counter] brokers like itBit, nested at Paxos, and instant exchangers like Changelly, nested at HitBTC.”
The report also said that mainstream cryptocurrency exchanges were increasingly being used by criminals to launder their illicit cash.
Chainalysis noted an increase in risky services such as high-risk exchanges, gambling platforms, mixers and service providers headquartered in high-risk jurisdictions.
Scammers were particularly keen on utilising gambling platforms to launder their ill-gotten gains.
Looking at countries, the researchers found that ten countries received the highest volume of cryptocurrency from illicit addresses: the US, Russia, China, South Africa, the UK, Ukraine, South Korea, Vietnam, Turkey and France.
“Money laundering is the key to cryptocurrency-based crime,” Chainalysis said. “The primary goals of cybercriminals who steal cryptocurrency, or accept it as payment for illicit goods, are to obfuscate the source of their funds and convert their cryptocurrency into cash so that it can be spent or kept in a bank.”
Law enforcement agencies have forced criminals to obfuscate the sources of their money.
“Instead, they rely on a surprisingly small group of service providers to liquidate their crypto assets,” Chainalysis said. “Some of these providers specialise in money laundering services while others are simply large cryptocurrency services and money services businesses (MSBs) with lax compliance programmes.
“Investigators could significantly damage cybercriminals’ ability to convert cryptocurrency into cash by going after these money laundering service providers, thereby reducing the incentives for cybercriminals to use cryptocurrency in the first place.”
This is not the first time that cryptocurrency has been linked to criminal activity. For example, bitcoin was a key ingredient in the Twitter hack last summer that compromised the accounts of high-profile individuals such as Elon Musk, Kim Kardashian, Barack Obama and Jeff Bezos.
The breached accounts posted near-identical messages saying that they would send back the double amount in bitcoin sent to their accounts. In the end, the scammers got away with about $120,000.
Elsewhere there are signs that a Latin American cyber criminal industry has emerged thanks to cryptocurrencies being used to launder money, according to a report by IntSights, the threat intelligence company, and CipherTrace, the cryptocurrency intelligence firm.
“Cybercrime in LatAm happens out in the open, through open-source channels,” said Charity Wright, cyber threat intelligence advisor at IntSights. “This highlights the lack of government response and cultural acceptance of cybercrime as an alternative way to make money.
“These cybercriminals are not forming advanced persistent threat groups, but rather are partnering with local cartels and drug groups to expand businesses and opportunities.”
And in 2019, an official of the United Nations argued that cryptocurrencies are making it more difficult to prosecute criminals guilty of cyber crime, terror financing, money laundering and abuse of children.
That being said, attempts to toughen the requirements for cybersecurity exchanges have been met by contempt by both crypto exchanges themselves and the people using their services.
For instance, the US has introduced requirements for crypto exchanges trading in the country to include know your customer (KYC) checks.
When the Digitex exchange suffered a breach in 2020 that compromised its customers’ data, the CEO Adam Todd responded by cutting off all KYC checks for the exchange.
Noting that this would mean trading in the US would become illegal, Digitex banned US-based users from using the service by restricting American IP addresses and making people check a tick box to say that they are not from the country.
When explaining his decision, he argued that the notion that people would use crypto exchanges to launder money was “ridiculous.”
“People are not laundering ethereum into DGTX to fund international terrorism,” Todd argued. “[I] just sound stupid even saying that statement. It’s fucking ridiculous to even say it. So I am not going to waste your time talking about that side of the argument. It is obvious bullshit. It’s a crook of shit and I am calling it out for what it is.”
On the other end of the spectrum we have Binance. The exchange suffered a breach in 2019 that saw 7,074 bitcoins worth roughly $40m be stolen.
In the aftermath of the hack, the exchange announced that it would ramp up its security checks.
Nevertheless, far from all customers have been happy with the cryptocurrency exchanges pushing for enhanced KYC and AML. Several users have complained about it on Twitter and Reddit. When BitMEX advertised for an AML director in March 2020, several detractors were quick to predict it would mean the end of the exchange.
The news about Chainalysis’ research comes as bitcoin and other cryptocurrencies have soared to unprecedented levels, partly driven by increased popularity caused by the pandemic.
Chainalysis achieved unicorn status in November 2020 after closing a $100m Series C financing round led by Addition and supported by Accel, Benchmark, and Ribbit.
Copyright © 2018 RegTech Analyst