2022 has been a tumultuous year for cryptocurrency markets, with significant price declines across all currencies in May and June. While there’s no telling if we’ve reached the bottom, as of now in early August, prices have been relatively stable for the last month, with Bitcoin holding between $20,000 and $24,000. But what effects has the market downturn had on illicit cryptocurrency activity?
Cryptocurrency transaction volumes this year for both illicit and legitimate entities are tracking behind 2021 through July. Overall, criminal activity appears to be more resilient in the face of price declines: Illicit volumes are down just 15% year over year, compared to 36% for legitimate volumes. However, the aggregate data doesn’t tell the whole story. If we dig into specific forms of cryptocurrency-based crime, we find that some have actually increased in 2022, while others have declined more than the market overall. Below, we’ll look at examples of both, and provide some thoughts on why they’ve reacted the way they have to market conditions.
Where illicit activity is dropping in 2022
Total scam revenue for 2022 currently sits at $1.6 billion, 65% lower than where it was through the end of July in 2021, and this decline appears linked to declining prices across different currencies.
Since January 2022, scam revenue has fallen more or less in line with Bitcoin pricing. And as we see on the chart below, it’s not just scam revenue falling — the cumulative number of individual transfers to scams so far in 2022 is the lowest it’s been in the past four years.
Those numbers suggest that fewer people than ever are falling for cryptocurrency scams. One reason for this could be that with asset prices falling, cryptocurrency scams — which typically present themselves as passive crypto investing opportunities with enormous promised returns — are less enticing to potential victims. We also hypothesize that new, inexperienced users who are more likely to fall for scams are less prevalent in the market now that prices are declining, as opposed to when prices are rising and they’re drawn in by hype and the promise of quick returns.
It’s also important to remember that scam revenue is often driven by large outliers, such as PlusToken, which netted over $2 billion from victims in 2019, or Finiko, which netted over $1.5 billion in 2021. So far in 2022, no scams identified thus far are approaching the level of either.
|2022’s Top 3 scams||2021’s Top 3 scams|
|Scam name||Total value received through July||Scam name||Total value received through July|
Note: Unique-exchange.co and PARAIBA.world are interconnected services with separate wallet infrastructures run by the same scammers — Paraiba is a multi-level marketing crypto investment scam, and Unique-Exchange is a cryptocurrency exchange run and promoted by the same group. We have combined their total value received into one figure above.
The biggest scam of 2022 so far has netted $273 million worth of cryptocurrency, just 24% of Finiko’s revenue through the end of July in 2021. However, there’s a flipside to this: Since total scam revenue in a given year is so often driven by one or two huge scams, it’s possible an outlier could emerge or be identified before the end of the year and reverse the trend of declining scam revenue that we currently see.
Darknet market revenue is also down significantly in 2022, and is currently 43% lower than where it was through July in 2021. Unlike with scams, however, this hasn’t been the case for the entire year — 2022 darknet market revenue was tracking above 2021 until April, at which point its rate of increase dropped off a cliff. This is almost certainly due to the April 5 shutdown and sanctioning of Hydra Marketplace, which for years had been the predominant darknet market, acting as a hub not just for drug sales, but for sales of hacking tools, stolen data, and money laundering services.
The message displayed on Hydra’s home page following its shutdown by German law enforcement
Interestingly, while overall darknet market revenue fell following Hydra’s shutdown, the remaining markets saw a significant uptick in the number of individual incoming transfers.
We suspect that this increase represents Hydra vendors and customers moving their funds to new markets in search of a replacement. Nevertheless, the decline in darknet market revenue — and indeed, cryptocurrency value received by all criminal categories — following Hydra’s shutdown shows the tangible impact of law enforcement’s growing ability to fight cryptocurrency-based crime.
Where illicit activity is increasing in 2022: Hacking and stolen funds
No area of cryptocurrency-based crime is bucking the 2022 trend of declining revenue like stolen funds.
Through July 2022, $1.9 billion worth of cryptocurrency has been stolen in hacks of services, compared to just under $1.2 billion at the same point in 2021. This trend doesn’t appear set to reverse any time soon, with a $190 million hack of cross-chain bridge Nomad and $5 million hack of several Solana wallets already occurring in the first week of August (neither is represented on the graph above as we’ve chosen July 31 as our cutoff point).
Much of this can be attributed to the stunning rise in funds stolen from DeFi protocols, a trend that began in 2021. As we’ve covered previously, DeFi protocols are uniquely vulnerable to hacking, as their open source code can be studied ad nauseum by cybercriminals looking for exploits (though this can also be helpful for security as it allows for auditing of the code), and it’s possible that protocols’ incentives to reach the market and grow quickly lead to lapses in security best practices. Furthermore, much of the value stolen from DeFi protocols can be attributed to bad actors affiliated with North Korea, especially elite hacking units like Lazarus Group. We estimate that so far in 2022, North Korea-affiliated groups have stolen approximately $1 billion of cryptocurrency from DeFi protocols.
Additionally, we shouldn’t expect theft to drop based on cryptocurrency market movements the way scamming does — as long as crypto assets held in DeFi protocol pools and other services have value and are vulnerable, bad actors will try to steal them. The only way to stop them is for the industry to shore up security and educate consumers on how to find safe projects to invest in. Law enforcement, meanwhile, must continue developing their ability to seize stolen cryptocurrency to the point that hacks are no longer worthwhile.
Crime is down but there’s still work to be done
Nobody likes a crypto bear market, but the one silver lining is that illicit cryptocurrency activity has fallen along with legitimate activity, albeit not as sharply. This is especially encouraging in scams, where the decrease in market hype seems to mean fewer are fooled by scammers, and in darknet markets, where law enforcement’s shutdown of Hydra Market appears to have dampened the entire sector. Still, with huge increases in stolen funds, we can’t afford to rest on our laurels. The public and private sectors must continue to work together and hone their ability to fight cryptocurrency-based crime. We look forward to diving deeper on all forms of cryptocurrency-based crime and seeing if current trends hold when we release our 2023 Crypto Crime Report early next year.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.