Chainalysis 2021 Crypto Crime Report Part One: Money Laundering, NFTs, Ransomware

In 2021, the overall trading volume of cryptocurrencies reached approximately $15.8 trillion, more than 5 times that of 2020. With the rapid increase in adoption rates, it has also led to a rise in criminal activities. Chainalysis recently released a report on cryptocurrency crime, categorizing the methods into different types. Let's take a look at the key points!

• First Section: Money laundering, NFTs, ransomware
• Second Section: Malware, fund theft
• Third Section: Fraud, darknet markets

Chainalysis 2021 Cryptocurrency Crime Report

Money Laundering

One of the essential steps in various cryptocurrency criminal activities is the process of transferring illegal profits while cashing out without being detected by regulatory authorities. This is why money laundering serves as the foundation for all cryptocurrency crimes. In 2021, the amount of cryptocurrency money laundering reached approximately $8.6 billion, showing a 30% increase from the previous year.

Note: Data only includes online criminal activities

During the process of converting cryptocurrency into cash, nearly 50% of illicit funds are transferred to centralized exchanges, while 17% are moved to DeFi protocols.

With the explosive growth of the DeFi industry since 2020, DeFi protocols received a total of $900 million from illicit addresses, a 20-fold increase from the previous year. Additionally, the amounts sent to high-risk exchanges and mixers have rapidly increased.

In the staggering money laundering activities, a high degree of concentration is observed. 54% of money laundering activities, totaling over $2.5 billion, involve amounts exceeding $1 million and are transferred to only 583 addresses; 4% of money laundering activities, amounting to $180 million, involve amounts less than $1,000 but are transferred to 3.6 million addresses.

Illegal NFT Activities

Chainalysis categorizes illegal activities related to NFTs into two types:

• Artificially inflating the value of NFTs through wash trading
• Using NFTs for money laundering

Among these, artificially inflating the value of specific NFT projects in the market through wash trading and then dumping them to retail investors is the most criticized issue in the current NFT market. To conduct these wash trades, criminals must hold multiple wallet addresses. Surprisingly, the top offender has as many as 830 addresses, according to data.

However, conducting these wash trades comes with the cost of Gas Fees incurred by exchanges. Chainalysis analyzed the behavior of individuals engaging in wash trading with 25 or more wallets to determine if they were profitable. The results showed that out of 262 individuals, fewer than half, 110 people, were able to profit from wash trading, with an average profit of $80,000 per person.

In real-world money laundering activities, using high-value art for fund transfers is a common method. Criminals purchase art with illicit funds and later sell it. This not only allows them to obtain clean money but may also result in tax deductions.

When NFTs first gained popularity, they were primarily recognized as art forms, making them a target for money launderers. The amount of illicit funds flowing into NFT platforms sharply rose in 2021, reaching $1.4 million, with a significant portion attributed to fraudulent fund inflows.

Ransomware

In Chainalysis' previous year's report on cryptocurrency crime, 2020 was dubbed the "year of ransomware" due to a significant increase in ransomware attacks, a trend that showed no signs of slowing down. Ransomware payments in 2022 amounted to a staggering $600 million.

The average payment per incident in 2022 was $118,000, with the highest ransom amounting to $40 million.

Of these ransom amounts, 16% were transferred to third-party illegal service providers to launch more efficient ransom attacks on victims.

Additionally, there are almost always over 140 active ransomware strains receiving payments from victims.

However, the average lifespan of these ransomware strains continues to decline, from nearly 1.5 years in 2017 to just two months currently. This trend is mainly due to criminal groups adopting a rebranding strategy, where even if they publicly claim to cease ransomware attacks, they reemerge under a new name.

Therefore, despite the existence of at least 140 active ransomware strains in 2021, many of these strains are actually operated by the same network of cybercriminals.