This blog is a preview of our 2022 Crypto Crime Report. Sign up here to download your copy now!
Cryptocurrency-based crime hit a new all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, up from $7.8 billion in 2020.
But those numbers don’t tell the full story. Cryptocurrency usage is growing faster than ever before. Across all cryptocurrencies tracked by Chainalysis, total transaction volume grew to $15.8 trillion in 2021, up 567% from 2020’s totals. Given that roaring adoption, it’s no surprise that more cybercriminals are using cryptocurrency. But the fact that the increase was just 79% — nearly an order of magnitude lower than overall adoption — might be the biggest surprise of all.
In fact, with the growth of legitimate cryptocurrency usage far outpacing the growth of criminal usage, illicit activity’s share of cryptocurrency transaction volume has never been lower.
Transactions involving illicit addresses represented just 0.15% of cryptocurrency transaction volume in 2021 despite the raw value of illicit transaction volume reaching its highest level ever. As always, we have to caveat this figure and say that it is likely to rise as Chainalysis identifies more addresses associated with illicit activity and incorporates their transaction activity into our historical volumes. For instance, we found in our last Crypto Crime Report that 0.34% of 2020’s cryptocurrency transaction volume was associated with illicit activity — we’ve now raised that figure to 0.62%. Still, the yearly trends suggest that with the exception of 2019 — an extreme outlier year for cryptocurrency-based crime largely due to the PlusToken Ponzi scheme — crime is becoming a smaller and smaller part of the cryptocurrency ecosystem. Law enforcement’s ability to combat cryptocurrency-based crime is also evolving. We’ve seen several examples of this throughout 2021, from the CFTC filing charges against several investment scams, to the FBI’s takedown of the prolific REvil ransomware strain, to OFAC’s sanctioning of Suex and Chatex, two Russia-based cryptocurrency services heavily involved in money laundering.
However, we also have to balance the positives of the growth of legal cryptocurrency usage with the understanding that $14 billion worth of illicit activity represents a significant problem. Criminal abuse of cryptocurrency creates huge impediments for continued adoption, heightens the likelihood of restrictions being imposed by governments, and worst of all victimizes innocent people around the world. In this report, we’ll explain exactly how and where cryptocurrency-based crime increased, dive into the latest trends amongst different types of cybercriminals, and tell you how cryptocurrency businesses and law enforcement agencies around the world are responding. But first, let’s look at a few of the key trends in cryptocurrency-based crime.
DeFi’s rise leads to new opportunities in crypto crime
What’s changed in the last year? Let’s start by looking at what types of cryptocurrency-based crime increased the most in 2021 by transaction volume.
Two categories stand out for their growth: stolen funds and, to a lesser degree, scams. DeFi is a big part of the story for both.
Let’s start with scams. Scamming revenue rose 82% in 2021 to $7.8 billion worth of cryptocurrency stolen from victims. Over $2.8 billion of this total — which is nearly equal to the increase over 2020’s total — came from rug pulls, a relatively new scam type in which developers build what appear to be legitimate cryptocurrency projects — meaning they do more than simply set up wallets to receive cryptocurrency for, say, fraudulent investing opportunities — before taking investors’ money and disappearing. Please keep in mind as well that these figures for rug pull losses represent only the value of investors’ funds that were stolen, and not losses from the DeFi tokens’ subsequent loss of value following a rugpull.
We should note that roughly 90% of the total value lost to rug pulls in 2021 can be attributed to one fraudulent centralized exchange, Thodex, whose CEO disappeared soon after the exchange halted users’ ability to withdraw funds. However, every other rug pull tracked by Chainalysis in 2021 involved DeFi projects. In nearly all of these cases, developers have tricked investors into purchasing tokens associated with a DeFi project before draining the tools provided by those investors, sending the token’s value to zero in the process.
We believe rug pulls are common in DeFi for two related reasons. One is the hype around the space. DeFi transaction volume has grown 912% in 2021, and the incredible returns on decentralized tokens like Shiba Inu have many excited to speculate on DeFi tokens. At the same time, it’s very easy for those with the right technical skills to create new DeFi tokens and get them listed on exchanges, even without a code audit. A code audit is a process by which a third-party firm or listing exchange analyzes the code of the smart contract behind a new token or other DeFi project, and publicly confirms that the contract’s governance rules are iron clad and contain no mechanisms that would allow for the developers to make off with investors’ funds. Many investors could likely have avoided losing funds to rug pulls if they’d stuck to DeFi projects that have undergone a code audit – or if DEXes required code audits before listing tokens.
Cryptocurrency theft grew even more, with roughly $3.2 billion worth of cryptocurrency stolen in 2021 — a 516% increase compared to 2020. Roughly $2.3 billion of those funds — 72% of the 2021 total — were stolen from DeFi protocols. The increase in DeFi-related thefts represents the acceleration of a trend we identified in last year’s Crypto Crime report.
In 2020, just under $162 million worth of cryptocurrency was stolen from DeFi platforms, which was 31% of the year’s total amount stolen. That alone represented a 335% increase over the total stolen from DeFi platforms in 2019. In 2021, that figure rose another 1,330%. In other words, as DeFi has continued to grow, so too has its issue with stolen funds. As we’ll explore in more detail later in the report, most instances of theft from DeFi protocols can be traced back to errors in the smart contract code governing those protocols, which hackers exploit to steal funds, similar to the errors that allow rug pulls to occur.
We’ve also seen significant growth in the usage of DeFi protocols for laundering illicit funds, a practice we saw scattered examples of in 2020 and that became more prevalent in 2021. Check out the graph below, which looks at the growth in illicit funds received by different types of services in 2021 compared to 2020.
DeFi protocols saw the most growth by far in usage for money laundering at 1,964%.
DeFi is one of the most exciting areas of the wider cryptocurrency ecosystem, presenting huge opportunities to entrepreneurs and cryptocurrency users alike. But DeFi is unlikely to realize its full potential if the same decentralization that makes it so dynamic also allows for widespread scamming and theft. One way to combat this is better communication — both the private and public sectors have an important role to play in helping investors learn how to avoid dubious projects. In the longer term, the industry may also need to take more drastic steps to prevent tokens associated with potentially fraudulent or unsafe projects from being listed on major exchanges.
Illicit cryptocurrency balances are growing. What can law enforcement do?
One promising development in the fight against cryptocurrency-related crime is the growing ability of law enforcement to seize illicitly obtained cryptocurrency. In November 2021, for instance, the IRS Criminal Investigations announced that it had seized over $3.5 billion worth of cryptocurrency in 2021 — all from non-tax investigations — representing 93% of all funds seized by the division during that time period. We’ve also seen several examples of successful seizures by other agencies, including $56 million seized by the Department of Justice in a cryptocurrency scam investigation, $2.3 million seized from the ransomware group behind the Colonial Pipeline attack, and an undisclosed amount seized by Israel’s National Bureau for Counter Terror Financing in a case related to terrorism financing.
This raises an interesting question: How much cryptocurrency are criminals currently holding? It’s impossible to know for sure, but we can estimate based on the current holdings of addresses Chainalysis has identified as associated with illicit activity. As of early 2022, illicit addresses hold at least $10 billion worth of cryptocurrency, with the vast majority of this held by wallets associated with cryptocurrency theft. Addresses associated with darknet markets and with scams also contribute significantly to this figure. As we’ll explore later in this report, much of this value comes not from the initial amount derived from criminal activity, but from subsequent price increases of the crypto assets held.
We believe it’s important for law enforcement agencies to understand these estimates as they build out their blockchain-based investigative capabilities, and especially as they develop their ability to seize illicit cryptocurrency.
Let’s make cryptocurrency safer
DeFi-related crime and criminal cryptocurrency balances are just one area of focus for this report. We’ll also look at the latest data and trends on other forms of cryptocurrency-based crime, including:
- The ongoing threat of ransomware
- Cryptocurrency-based money laundering
- Nation state actors’ role in cryptocurrency-based crime
- NFT-related fraud
- And much more!
As cryptocurrency continues to grow, it’s imperative that the public and private sectors work together to ensure that users can transact safely, and that criminals can’t abuse these new assets. We hope that this report can contribute to that goal, and equip law enforcement, regulators, and compliance professionals with the knowledge to more effectively prevent, mitigate, and investigate cryptocurrency-based crime.
This blog is a preview of our 2022 Crypto Crime Report. Sign up here to download your copy now!
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making investment decisions.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.