Crime is not the only use case for crypto. But reading the 2025 Chainalysis Crypto Crime Report, it appears to be one that is booming.

As its authors note, crime existed before the advent of cryptocurrencies. However:

Historically, tracing these financial relationships required infiltrating closed networks, navigating opaque banking systems, or relying on siloed intelligence. Now, blockchain transactions provide a clear record of payments between cartel-linked wallets and international suppliers, revealing not just individual transactions, but the broader financial infrastructure that sustains this fatal trade.

Yay the blockchain!

The authors have so far tracked over $40bn of crypto transfers to illicit addresses made in 2024, though they reckon the final total will be north of $51bn. Their data is fascinating, surprising, and more than a bit disturbing. What’s more, they’ve made charts that are too good not to share.

How does this crime break down?

Some content could not load. Check your internet connection or browser settings.

Let’s explore some of the categories.

We are constantly hearing about crypto funds being stolen from exchanges, so we’ll start with stolen funds. Last year saw $2.2bn of crypto pilfered, with state-sponsored North Korean hackers taking over 60 per cent of the total.

Around half of North Korea’s hacks typically involve worker-related theft by North Korean IT workers who’ve infiltrated crypto and web3 companies. Frankly, we had no idea this was such a big deal, though we obviously have not been paying attention. A massive UN report published last year on sanctions violations reckoned that their surreptitious WFH tech army generates up to $600mn each year in salaries from western firms to finance the development of WMDs. And an investigation by Coindesk last year reported on an epidemic of (unwitting) sanctions-violations by crypto firms, with one prominent blockchain developer estimating that:

The percentage of your incoming resumes, or people asking for jobs, or wanting to contribute – any of that stuff – that are probably from North Korea is greater than 50% across the entire crypto industry.

So here’s Chainalysis’s first cool crypto crime chart, showing the distribution of stolen funds by event, split between North Korean and other addresses.

Basically, if your exchange or DeFi project has lost $100mn of crypto, it’s almost certainly sitting on a computer in Pyongyang.

Crypto scams have also been booming. Around $5bn of the $9.9bn of scams traced are associated with firms promising high-yield investments, aka crypto ponzis [ed: tautology?], some of which have been dodging the authorities for over a decade. This number excludes pump-n-dump’ing, wash-trading, general memecoin shilling, and all the sort of practices more traditionally associated by FUD-peddling no-coiners [ed: ah] with pretty much the entire crypto ecosystem. As far as we can tell, it’s counting only the investment scams promising some specific return.

But pig butchering (aka extortive romance scamming) as a category looks set to overtake investment scams, growing at a 40 per cent pace year-on-year. The details are horrific not only for the victims, but also for those forced into being perpetrators. Reports on how thousands have been trafficked into vast compounds, held by force, and then tortured if they fail to meet revenue targets set by their captors, are harrowing. And according to a report by the United States Institute of Peace last year, this is how a fair portion of the estimated 300,000 cyber scammers in the Mekong region are controlled.

But crypto crime is not booming everywhere. Despite a record $75mn ransom being paid to the Dark Angels gang in the first half of the year, ransomware has had a rubbish year — bringing in only around $800mn, a 35 per cent decline. At least some of this looks to have been due to good work by UK and US police. But it’s also fascinating to see the changing nature of ransomware payments, with a plethora of micro-ransoms being replaced by a rise in big-ticket ransoms. Either that, or inflation’s even worse than we thought.

Just as a Morningstar style box helps you tell your Baillie Gifford Global Alpha from your BlackRock US Mid-Cap Value, this chart helps you tell your Blackbyte from your Blacksuit:

Darknet markets (primarily online drug sellers) and fraud shops (typically selling compromised credit card information and personally identifying information) also had a poor year, recording $2bn and $250mn respectively, the latter down 50 per cent. These are the successors to Silk Road, run by Ross Ulbricht (aka Dread Pirate Roberts) before his arrest, imprisonment and recent Presidential pardon. The landscape is still finding its feet after Hydra, the more recently dominant darknet market, was taken down in 2022.

But there is now a competitive landscape of darknet markets offering to supply narcotics to anyone, wherever they are in the world. Here’s a typical listing for a synthetic opioid 20 times stronger than fentanyl on special offer, which includes free shipping to the US:

An administration so focused on tackling the ongoing opioid crisis that it is willing to burn its diplomatic relations as well as its own economy in an attempt to stop the flow of fentanyl over land borders might want to redouble efforts to combat this strain of crypto crime instead. Especially as the report’s authors, in examining transaction sizes, estimate that wholesale purchases by drug dealers account for around three-quarters of the traffic.

We’ve so far left out the two biggest categories for illicit crypto in the report — sanctions and ‘illicit actor’.

Chainalysis describes the $10.8bn ‘illicit actor’ category as:

[O]ur catch-all term for wallets of services and individuals both directly committing cybercrime like hacking, extortion, trafficking, or scams, as well as those facilitating this activity by selling the underlying infrastructure, tools, and services needed to commit crime and profit, including laundering-as-a-service.

Of course, just because you happen to make a BTC or two out of the odd ransomware attack or pig-butchering racket, that might not mean that all the rest of your crypto income wasn’t 100 per cent legit. So maybe assuming these flows are proceeds from crypto crime is a bit of a push. But we can see the logic for doing so.

Sanctioned entities and jurisdictions are the other big category, accounting for a further $15.8bn of crypto transactions. It may seem a bit unfair to conflate entities and jurisdictions. Doing so means including individuals and firms unlucky enough to find themselves in authoritarian sanctioned regimes that are just trying to build and preserve wealth. But, as the authors note: 

From a regulatory standpoint, the distinction between state-directed sanctions evasion and individual use has little impact, as broad sanctions prohibit nearly all financial interactions between U.S. persons and entities in sanctioned jurisdictions, regardless of intent.

Businesses and individuals in countries like Iran that are cut off from the international banking system have increasingly used crypto to evade sanctions. Indeed, Iranian crypto outflows surged 70 per cent to $4.2bn in 2024. It appears that the government in Tehran has retained some control of this portal to sanctions-evasion, as evidenced by their shutdown of Iranian exchanges in December in an effort to support the rial.

What’s the bottom line? Is this yet another article bemoaning bitcoin as a tool for criminality? Actually, when it comes to crime crypto increasingly does not mean bitcoin. Stablecoins are taking over the crypto crime scene — accounting for 63 per cent of illicit transactions in 2024, up from less than 20 per cent in 2020. Much of this appears to be associated with widespread use in sanction evasion, but not all.

Sure, bitcoin retains a dominant market share in ransomware and darknet market sales. But it’s expensive and slow to transact, as well as stupidly volatile. This makes it a terrible medium of exchange. Criminals, just like other humans, would much prefer something nice and stable. And according to the data, they are voting with their wallets.

Further reading:
— Crypto Strategic Reserves may look larger in the rear-view mirror than they are



Source link

Tags:,

author

Leave a Reply

Your email address will not be published. Required fields are marked *

What is Donald Trump’s plan for the US dollar?

Millennials lead in insurance grievances, says Insurance Samadhan report

Related Posts

Barrick Gold must pay Ian Hannam’s firm mn in deal dispute

Barrick Gold must pay Ian Hannam’s firm $2mn in deal dispute

By  
Depositors at NICB on tenterhooks, worried over how they will pay salaries

Depositors at NICB on tenterhooks, worried over how they will pay salaries

By