SECURITY

Chainalysis: Exchanges Becoming Preferred Channels for Illicit Cashouts, North Korean Hacker Group Switches to New Privacy Coin Protocol YoMix

share
Chainalysis: Exchanges Becoming Preferred Channels for Illicit Cashouts, North Korean Hacker Group Switches to New Privacy Coin Protocol YoMix

The data research firm Chainalysis pointed out in its 2023 Crypto Crime Report that while the scale of money laundering activities is gradually decreasing, criminals are increasingly using sophisticated methods to conceal their tracks. Groups such as the North Korean hacker organization Lazarus Group have been turning to new coin mixing protocols and utilizing more deposit and withdrawal addresses to evade detection.

Scale of Money Laundering Funds Weakening

Firstly, the cryptocurrency money laundering activities in 2023 decreased from $31.5 billion in 2022 to $22 billion.

The report attributes the decrease in the mentioned amount to an overall decline in cryptocurrency market trading volume in 2023. However, it can be observed that the decrease in money laundering activities is larger at 29.5%, while the total trading volume only decreased by 14.9%.

Centralized Exchanges Remain the Top Choice for Illicit Fund Withdrawals

Additionally, the following figure shows that centralized exchanges (CEX) are still the primary destination for transferring funds to illegal addresses, a proportion that has remained stable over the past 5 years.

However, over time, there has been a gradual increase in illegal funds flowing into DeFi protocols, as well as funds shifting towards gambling services and cross-chain bridges, mainly due to the flourishing development in the DeFi sector in recent years:

Nevertheless, we are also aware that the transparency of data in DeFi makes it generally unsuitable for obfuscating the flow of funds.

Significant Increase in Money Laundering Addresses

The report also points out that in 2022, 40 addresses each received over $10 million worth of illegal cryptocurrency, totaling less than $2 billion. However, last year, there were 109 exchange deposit addresses that received over $10 million worth of illegal cryptocurrency, totaling $3.4 billion in illegal cryptocurrency received.

In other words, crypto criminals seem to be diversifying and complicating money laundering and criminal activities through more on-chain mixing services and a larger number of deposit and withdrawal addresses to evade tracking by law enforcement agencies and compliance teams of exchanges:

As a result, teams combating money laundering in cryptocurrencies may need a deeper understanding of on-chain activities, as money laundering activities become more dispersed.

North Korea Adjusts Money Laundering Strategy

The report also mentions the notorious North Korean hacking group Lazarus Group, which, after various mixing protocols like Tornado Cash and Sinbad being sanctioned or shut down by multiple countries, seems to have found new channels for money laundering.

U.S. Fully Regulates Mixing Services! Financial Institutions Must Report Relevant Transactions

Turning to New Mixing Protocol: YoMix

The report states that despite the escalating enforcement actions by regulatory authorities, crypto criminals often quickly find many alternative solutions.

Statistics show that the usage of the new mixing protocol YoMix saw significant growth in 2023, with the inflow of funds increasing over 5 times that year.

Chainalysis states:

Approximately one-third of the funds in YoMix come from wallets associated with crypto hackers. The sharp increase in the protocol's usage is closely related to the adoption by Lazarus Group, showing that even when old mixing services are sanctioned, criminals can immediately find alternative money laundering channels.

Frequent Use of Cross-Chain Bridges

Moreover, data shows that crypto criminals frequently use cross-chain transfers to obfuscate the flow of funds, with the scale of illicit funds crossing chains reaching nearly $744 million last year, more than double that of 2022.

Previously reported, the United Nations indicated through a report that North Korean hackers seem to be funding the country's nuclear weapons program by conducting numerous cyber attacks and stealing funds, with total criminal proceeds exceeding $3 billion in 7 years.

United Nations Report: North Korea Steals Cryptocurrency Through Hacking to Raise $3 Billion for Nuclear Development