Cryptocurrency Crime Explained (Part 2): A Guide for Financial Crime Investigators
Ervin Zubic
0xf457
July 29th, 2024

Discover crypto-native money laundering, the importance of KYC/AML, and common scams. Essential insights for AML officers and FCC experts in part two of our series.

As we journey deeper into the labyrinth of cryptocurrency crime, it becomes evident that the complexities and challenges extend far beyond initial perceptions. In part one, we navigated the tumultuous waters of cryptocurrency’s evolution and its exploitation for various illicit activities. Now, in part two, we delve into the intricate mechanisms of crypto-native money laundering, the pivotal role of KYC (Know Your Customer) and AML (Anti-Money Laundering) measures, and the ever-growing landscape of cryptocurrency scams. Through this exploration, we aim to unravel the sophisticated tactics employed by criminals and the relentless efforts of regulators and law enforcement to stay one step ahead. Prepare to uncover the hidden layers and the multifaceted nature of digital crime as we continue our comprehensive investigation into the underworld of cryptocurrency.

For a complete understanding of cryptocurrency’s use in crime, make sure to read part one of this series.

Crypto Money Laundering: How Criminals Exploit Cryptocurrency

Whether we are talking about on-chain crypto laundering or off-chain money laundering, the purpose of this activity remains the same: to transform illicit gains into seemingly legitimate funds. In the cryptocurrency world, cybercriminals often link this practice to hiding the proceeds of on-chain crimes, like darknet market dealings and ransomware attacks. However, using cryptocurrency to launder money now spans a broader array of illegal activities beyond what is typically considered a crypto crime. Let’s delve into the stages of money laundering and how they unfold in the cryptocurrency ecosystem.

Definition and Stages of Money Laundering

At its core, money laundering involves three key stages: placement, layering, and integration. Each stage uniquely transforms “dirty” money into “clean” money that can be freely used within the legitimate economy. Regarding on-chain (cryptocurrency activity), we often talk about Illicit wallets (crypto addresses) holding funds from exchange hacks, crypto scams, and darknet market transactions.

This diagram outlines a potential workflow for on-chain laundering, showing the stages of placement, layering with crypto mixers and bridges, and integration into the legitimate financial system through exchanges or converting to fiat currency. Source: Money Laundering and Cryptocurrency, Chainalysis.
This diagram outlines a potential workflow for on-chain laundering, showing the stages of placement, layering with crypto mixers and bridges, and integration into the legitimate financial system through exchanges or converting to fiat currency. Source: Money Laundering and Cryptocurrency, Chainalysis.

The crypto-native money laundering process starts when the above-mentioned elicit wallets start utilizing conversion services, such as centralized exchanges, DeFi platforms, gambling sites, mixers, and bridges, to facilitate the exchange of cryptocurrencies for fiat, other digital currencies, or various services. The one major benefit of blockchain transparency is our ability to conduct faster and more accurate tracing and analysis of such on-chain activities compared to traditional financial systems.

  • Placement is the initial introduction of illicit funds into the financial system. This stage is crucial as it provides the entry point for criminals to begin obscuring the origins of their money. In traditional finance, this might involve depositing cash into a bank. However, in the cryptocurrency world, placement can start when an illicit actor obtains cryptocurrency as a result of a successful hack, scam, or darknet market sale.

  • Layering entails constructing a convoluted network of transactions to conceal the illicit origins of the money. This can include moving funds through various accounts, currencies, or countries to create distance between the money and its illegal source. When it comes to cryptocurrency, layering is done when the illicit actor starts swapping one cryptocurrency for another, jumping from one blockchain to another, or using mixing services to obscure the true origin of the funds.

  • Integration is the final step, where the laundered money is reintroduced into the economy in a way that appears legitimate. This might involve investing in businesses, purchasing assets, or converting cryptocurrency into fiat currency using a cryptocurrency exchange.

Placement in Cryptocurrency

Aside from the placement we discussed above in the cryptocurrency ecosystem, placement often begins with converting cash or assets into cryptocurrency. This can be done through various means, such as cryptocurrency exchanges, peer-to-peer platforms, or Bitcoin ATMs. One of the significant advantages for criminals at this stage is the relative ease with which cryptocurrency can be acquired and transferred. Unlike traditional banking systems, which have rigorous Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements, many cryptocurrency services still lack adequate oversight in some jurisdictions. This gap provides an opportunity for illicit actors to inject their dirty money into the digital financial system with minimal scrutiny.

This world map illustrates cryptocurrency regulations by country, with green representing mostly legal, orange indicating some significant concerns, and red marking mostly illegal regions. Source: Cryptocurrency regulations by country, Thomas Reuters.
This world map illustrates cryptocurrency regulations by country, with green representing mostly legal, orange indicating some significant concerns, and red marking mostly illegal regions. Source: Cryptocurrency regulations by country, Thomas Reuters.

To keep up-to-date with cryptocurrency regulations in various jurisdictions, bookmark the Atlantic Council’s Cryptocurrency Regulation Tracker.

Layering Techniques

Layering in the cryptocurrency world is a masterclass in obfuscation. Criminals employ several techniques to break the chain of transactions and disguise their money’s origins.

Division involves splitting large sums of cryptocurrency into smaller, less noticeable amounts. These smaller amounts are then transferred across multiple wallets, making it harder to trace the original source.

Transformation refers to converting one type of cryptocurrency into another. This can be done through decentralized exchanges or by using privacy coins like Monero, which offer enhanced anonymity features. By frequently changing the form of the currency, criminals add layers of complexity that can thwart blockchain analysis.

Attenuation is about creating distance. This involves conducting a series of transactions, often across different jurisdictions, or different blockchains to confuse the trail. Each transaction adds another layer that investigators must unravel, making it significantly more challenging to follow the money.

These layering techniques are particularly effective in the digital currency space, where transactions can be executed rapidly and across borders with ease.

Integration Methods

Integration is the final step in the laundering process, where criminals seek to legitimize their ill-gotten gains. Converting cryptocurrency back into fiat currency is a common method, but it comes with its own set of challenges.

Crypto-native Money Laundering Red Flags: Insights for Investigators and Compliance Managers

Let’s review some common crypto-native money laundering red flags that every financial crime investigator and compliance manager should know.

  • Key red flags include frequent transactions just below reporting thresholds, which are often used to avoid scrutiny. For example, if a series of transactions repeatedly falls just under the $10,000 threshold, this could warrant a closer look as it could signal an attempt to evade mandatory reporting requirements. To understand crypto Travel Rule compliance and transaction thresholds, check out NOTABENE’s Crypto Travel Rule 101 Guide.
The graph illustrates the distribution of cryptocurrency transactions under $12,000 moved to centralized exchanges throughout 2024, categorized by different bucket sizes, highlighting the varying transaction volumes across different ranges. Source: Money Laundering andCryptocurrency, Chainalysis.
The graph illustrates the distribution of cryptocurrency transactions under $12,000 moved to centralized exchanges throughout 2024, categorized by different bucket sizes, highlighting the varying transaction volumes across different ranges. Source: Money Laundering andCryptocurrency, Chainalysis.
  • Using multiple intermediary wallets to obscure fund origins is another common tactic. For instance, criminals might send funds through a web of personal wallets before reaching the final destination, adding layers of complexity to the transaction chain. This was evident in the Atomic Wallet exploit, where funds moved through countless wallets before integration.
This diagram illustrates the Atomic Wallet exploit, where stolen funds are laundered through numerous wallets. The process involves sweeping low-value Ethereum addresses with a smart contract, programmatically laundering Ether through intermediaries, disbursing it to new addresses, swapping wrapped Ether for wrapped Bitcoin via Avalanche, and finally converting it to Bitcoin. Source: Inside North Korea’s Crypto Heists: $200M in Crypto Stolen in 2023; Over $2B in the Last Five Years, TRM Labs.
This diagram illustrates the Atomic Wallet exploit, where stolen funds are laundered through numerous wallets. The process involves sweeping low-value Ethereum addresses with a smart contract, programmatically laundering Ether through intermediaries, disbursing it to new addresses, swapping wrapped Ether for wrapped Bitcoin via Avalanche, and finally converting it to Bitcoin. Source: Inside North Korea’s Crypto Heists: $200M in Crypto Stolen in 2023; Over $2B in the Last Five Years, TRM Labs.
  • Consolidation wallets aggregate funds from multiple sources. Illicit actors often move funds through numerous intermediary wallets and then reconsolidate them in a single wallet before cashing out at an exchange. Observing funds flowing through several separate wallets and then combining into a single wallet may indicate an effort to evade detection.
The image illustrates the consolidation of stolen funds from CoinEx and Stake.com thefts in September 2023 into a single address, depicting the flow and amounts of cryptocurrency transferred. Source: How the Lazarus Group is stepping up crypto hacks and changing its tactics, ELLIPTIC.
The image illustrates the consolidation of stolen funds from CoinEx and Stake.com thefts in September 2023 into a single address, depicting the flow and amounts of cryptocurrency transferred. Source: How the Lazarus Group is stepping up crypto hacks and changing its tactics, ELLIPTIC.
  • High transaction volumes through unregulated OTC brokers also signal potential laundering. Over-the-counter (OTC) crypto brokers facilitate large, private trades, often offering better prices for high-volume transactions by connecting buyers and sellers directly through broker-dealer networks or trading desks, bypassing public order books. While most OTCs are legitimate, some lack proper KYC procedures and cater to laundering illicit funds. These shady OTCs operate globally and are challenging to identify, requiring both off-chain and on-chain intelligence.
A graphic illustrating the process of laundering illicit funds via OTC brokers and trading desks, showing the flow of money through various stages, including cryptoasset purchase, wallet transfer, and conversion back to cash overseas. Source: Unregistered OTC Crypto Brokers, NCA.
A graphic illustrating the process of laundering illicit funds via OTC brokers and trading desks, showing the flow of money through various stages, including cryptoasset purchase, wallet transfer, and conversion back to cash overseas. Source: Unregistered OTC Crypto Brokers, NCA.
  • Suspiciously large fees paid to process transactions can indicate an urgent need to obfuscate funds quickly. For instance, following a prominent hack, hackers paid abnormally high fees to move their illicit gains through Tornado Cash, highlighting their prioritization of speed over cost. For instance, if the average fee over the past month is $5, a fee of $500 would be unusually high and warrant a closer look.
A graph illustrating total fees per outgoing transaction from Tornado Cash, with categories indicating the level of suspicion: normal, somewhat suspicious, suspicious, and highly suspicious. The graph highlights the association of anomalously large fees with stolen fund inflows to the mixer, with clear spikes in suspicious activity. Source: Money Laundering and Cryptocurrency, Chainalysis.
A graph illustrating total fees per outgoing transaction from Tornado Cash, with categories indicating the level of suspicion: normal, somewhat suspicious, suspicious, and highly suspicious. The graph highlights the association of anomalously large fees with stolen fund inflows to the mixer, with clear spikes in suspicious activity. Source: Money Laundering and Cryptocurrency, Chainalysis.
  • Rounded transaction amounts and cross-chain transfers further complicate tracing efforts. Similarly, using cross-chain bridges to move assets across different blockchains can mask the true origin of funds, making it challenging for investigators to follow the money trail.
This bar chart displays the total number of personal wallets categorized by the number of rounded transactions sent, with the highest frequency in the 3–5 transaction range, followed by declining numbers in higher transaction ranges. Source: Money Laundering and Cryptocurrency, Chainalysis.
This bar chart displays the total number of personal wallets categorized by the number of rounded transactions sent, with the highest frequency in the 3–5 transaction range, followed by declining numbers in higher transaction ranges. Source: Money Laundering and Cryptocurrency, Chainalysis.

In addition to the red flags and techniques discussed, it’s crucial to understand how traditional money laundering methods adapt to blockchain. This adaptation expands the toolkit for both criminals and investigators. Monitoring financial flows for suspicious activity often relies on heuristics and thresholds, like those outlined in the Financial Action Task Force (FATF) ‘s Red Flag guidance. Furthermore, the Financial Crimes Enforcement Network (FinCEN) highlights that unusual surges in value flows and other atypical transaction patterns can indicate potential money laundering and sanctions evasion. Recognizing these patterns and understanding criminals’ evolving tactics enables investigators to pinpoint and combat illicit activities more effectively.

Strengthening Defenses: KYC, AML, and Blockchain Analytics in Crypto Compliance

In cryptocurrency’s vast, decentralized realm, compliance is the crucial barrier that maintains the balance between financial innovation and chaos. The significance of Know Your Customer (KYC) and Anti-Money Laundering (AML) measures cannot be underestimated. These regulations are the foundation of financial security, ensuring the cryptocurrency landscape remains a reliable and integral part of the global economy.

Importance of KYC and AML in Cryptocurrency

KYC and AML protocols are critical in defending against financial crimes. KYC ensures customer identities are verified, confirming they are who they claim to be. At the same time, AML encompasses a broader set of practices aimed at detecting and preventing money laundering activities. In the cryptocurrency sphere, these measures are vital due to the pseudonymous nature of digital transactions, which can otherwise provide a veil of secrecy for illicit actors.

Without stringent KYC and AML procedures, cryptocurrency platforms risk becoming conduits for money laundering, terrorist financing, and other criminal activities. Effective compliance protects the integrity of the financial system and builds trust among users, regulators, and the broader public.

A bar chart compares FATF compliance levels on AML/CFT requirements for virtual assets (VAs) and virtual asset service providers (VASPs) across jurisdictions for 2023 and 2024. The chart shows the number of jurisdictions classified as Compliant, Largely Compliant, Partially Compliant, and Not Compliant, indicating improvements or declines in compliance over the two years. Source: TARGETED UPDATE ON IMPLEMENTATION OF THE FATF STANDARDS ON VIRTUAL ASSETS AND VIRTUAL ASSET SERVICE PROVIDERS, FATF.
A bar chart compares FATF compliance levels on AML/CFT requirements for virtual assets (VAs) and virtual asset service providers (VASPs) across jurisdictions for 2023 and 2024. The chart shows the number of jurisdictions classified as Compliant, Largely Compliant, Partially Compliant, and Not Compliant, indicating improvements or declines in compliance over the two years. Source: TARGETED UPDATE ON IMPLEMENTATION OF THE FATF STANDARDS ON VIRTUAL ASSETS AND VIRTUAL ASSET SERVICE PROVIDERS, FATF.

Compliance Weaknesses and Their Exploitation

Despite the critical role of compliance, many cryptocurrency businesses fail to implement robust KYC and AML measures. Some platforms, driven by the ethos of decentralization and privacy, resist stringent regulation. Others may lack the resources or expertise to enforce comprehensive compliance frameworks.

These weaknesses are not lost on criminals. They exploit gaps in regulatory oversight, using platforms with lax KYC requirements to funnel illicit funds through the system. The lack of consistent global standards further complicates the situation, allowing bad actors to operate in jurisdictions with weaker enforcement.

This image illustrates the various approaches to cryptocurrency regulation across different countries and regions, highlighting specific measures such as licensing, AML/KYC regulations, stablecoin regulation, consumer protection, marketing guidance, and decentralized activities. Source: Cryptocurrency regulations are changing across the globe. Here’s what you need to know, WORLD ECONOMIC FORUM.
This image illustrates the various approaches to cryptocurrency regulation across different countries and regions, highlighting specific measures such as licensing, AML/KYC regulations, stablecoin regulation, consumer protection, marketing guidance, and decentralized activities. Source: Cryptocurrency regulations are changing across the globe. Here’s what you need to know, WORLD ECONOMIC FORUM.

Enhanced Due Diligence and Blockchain Analytics

To counter these vulnerabilities, enhanced due diligence (EDD) and advanced blockchain analytics have become indispensable tools. EDD involves thorough background checks and ongoing monitoring of high-risk customers, ensuring that suspicious activities are identified and addressed promptly.

Blockchain analytics tools have revolutionized compliance in the cryptocurrency space. These sophisticated technologies can trace transactions across multiple blockchains, identifying patterns and connections that human analysts might miss. By mapping the flow of funds, blockchain analytics can flag potentially illicit activities and provide valuable intelligence to law enforcement.

For instance, blockchain analytics can detect mixing services, commonly known as “mixers,” which are used to obscure the origins of cryptocurrency. Mixers break the transaction trail by pooling and redistributing funds, making it difficult to trace the original source. However, advanced analytics can often penetrate these layers of obfuscation, revealing the underlying criminal activity.

Products and Services with Heightened Money Laundering Risk

Certain products and services within the cryptocurrency ecosystem are particularly susceptible to money laundering. These include privacy coins, peer-to-peer exchanges, and decentralized finance (DeFi) platforms. Privacy coins such as Monero and Zcash offer advanced anonymity features, making them attractive to illicit actors. While fostering financial innovation, peer-to-peer exchanges and DeFi platforms often operate with minimal regulatory oversight, creating fertile ground for money laundering.

Mixers and Their Role in Cryptocurrency Crime

Mixers, also known as tumblers, play a pivotal role in cryptocurrency crime by providing a service designed to enhance anonymity. They mix various transactions, scrambling the trail and making it difficult for investigators to follow the money. While some users employ mixers for legitimate privacy concerns, their potential for misuse in money laundering and other illicit activities is significant.

For example, in April 2022, mixers peaked in popularity, processing over $1.5 billion in value. Despite a dip after sanctions in 2022, services like Tornado Cash have rebounded strongly, showing significant growth throughout 2023 and 2024. This resurgence aligns with the general increase in market activity, as noted in the Chainalysis 2024 Crypto Crime Report. Conversely, Samourai Wallet growth potential was cut short by the Department of Justice’s actions against its founders and CEO in April 2024.

Bar chart illustrating the quarterly value of funds sent to cryptocurrency mixers from illicit addresses, categorized by types such as stolen funds, scams, ransomware, and more, from Q1 2019 to Q2 2022. Source: Crypto Mixer Usage Reaches All-time Highs in 2022, With Nation State Actors and Cybercriminals Contributing Significant Volume, Chainalysis.
Bar chart illustrating the quarterly value of funds sent to cryptocurrency mixers from illicit addresses, categorized by types such as stolen funds, scams, ransomware, and more, from Q1 2019 to Q2 2022. Source: Crypto Mixer Usage Reaches All-time Highs in 2022, With Nation State Actors and Cybercriminals Contributing Significant Volume, Chainalysis.

Case Study: Tornado Cash

In a significant enforcement action, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the virtual currency mixer Tornado Cash on August 8, 2022. Tornado Cash was implicated in laundering over $7 billion in virtual currency since its inception in 2019, including $455 million stolen by the North Korean Lazarus Group. Despite claims of privacy protection, Tornado Cash consistently failed to implement effective controls to prevent misuse by cyber criminals.

A notice on Tornado Cash’s documentation website informs users that the US Treasury sanctioned Tornado Cash on August 8, 2022, making it illegal for US citizens to interact with the core and governance contracts. Source: Tornado Cash Documentation.
A notice on Tornado Cash’s documentation website informs users that the US Treasury sanctioned Tornado Cash on August 8, 2022, making it illegal for US citizens to interact with the core and governance contracts. Source: Tornado Cash Documentation.

This case underscores the critical role of blockchain analytics and international cooperation in tracing illicit funds through complex laundering schemes. Authorities successfully disrupted Tornado Cash’s operations, highlighting the importance of rigorous compliance measures in the cryptocurrency industry. The action against Tornado Cash exemplifies the Treasury’s commitment to combating cybercrime and protecting the financial system from exploitation by malicious actors.

The takedown of Tornado Cash demonstrates the effectiveness of blockchain analytics in uncovering sophisticated laundering networks, ensuring that even well-hidden illicit activities can be exposed and prosecuted.

Scammers swiftly adapt to emerging trends, and cryptocurrency is no exception. These scams target unsuspecting individuals by exploiting the novelty and complexity of digital currencies. Let’s delve into the various types of common cryptocurrency scams and examine their significant impact on consumers.

Overview and Typologies

In the rapidly expanding landscape of cryptocurrency, scams have evolved with ingenuity, exploiting the enthusiasm and naivety of investors. Here are some prevalent cryptocurrency scams that highlight the diverse strategies fraudsters employ.

Phishing Scams

Phishing scams involve fraudsters posing as legitimate entities to steal personal information. Victims receive fake emails or messages prompting them to click on malicious links, leading to compromised wallets or accounts.

The cryptocurrency phishing scammer known as Monkey Drainer has been active since late 2022, and is believed to have stolen up to $13 million in cryptocurrencies and NFTs during that time.

The Monkey Drainer Telegram channel boasts about their phishing success, detailing over 25,000 hits, significant profits, and multiple types of transactions, and invites new users to join their scheme. Source: Exposing Wallet Drainer Scammers: Zentoh & Co., CERTIK.
The Monkey Drainer Telegram channel boasts about their phishing success, detailing over 25,000 hits, significant profits, and multiple types of transactions, and invites new users to join their scheme. Source: Exposing Wallet Drainer Scammers: Zentoh & Co., CERTIK.

Rug Pulls

Rug pulls occur when developers of a cryptocurrency project suddenly withdraw all funds, leaving investors with worthless tokens. This scam typically targets decentralized finance (DeFi) projects and newly launched cryptocurrencies.

Founded in 2017, Thodex was a Turkish crypto exchange that vanished in April 2021, taking over $2 billion of investors’ funds. CEO Faruk Fatih Özer claimed cyberattacks forced the shutdown before disappearing. Turkey investigated Özer for fraud, arrested dozens of employees, and seized the firm’s assets. Interpol issued a red notice, and Özer was arrested in Albania in September 2022. About 90% of rug pull losses in 2021 were linked to Thodex. Prosecutors seek 40,564-year sentences for Özer and others involved, with over 2,000 complainants.

Faruk Fatih Ozer, the CEO of the now-defunct Thodex exchange, is seen in custody. He fled Turkey after the collapse of Thodex, which defrauded investors of millions of dollars. He and his two siblings have each been sentenced to 11,196 years in prison for their roles in the scam. Source: Thodex cryptocurrency boss jailed for 11,196 years in Turkey for fraud, BBC.
Faruk Fatih Ozer, the CEO of the now-defunct Thodex exchange, is seen in custody. He fled Turkey after the collapse of Thodex, which defrauded investors of millions of dollars. He and his two siblings have each been sentenced to 11,196 years in prison for their roles in the scam. Source: Thodex cryptocurrency boss jailed for 11,196 years in Turkey for fraud, BBC.

Pump and Dump Schemes

In pump-and-dump schemes, scammers boost the price of a cryptocurrency with false or misleading information. When the price peaks, they sell their holdings, causing the value to crash and leaving other investors with substantial losses.

On September 30, 2022, the SEC charged Arbitrade Ltd., Cryptobontix Inc., and their leaders for a pump-and-dump scheme with the cryptocurrency Dignity (DIG). They falsely claimed to have secured $10 billion in gold to back each DIG token, artificially inflating its value.

U.S. and Canadian regulators have accused Bermuda’s Arbitrade and its insiders, including Troy Hogg, Stephen Braverman, Max Barber, and James Goldberg, of a $51 million cryptocurrency investment fraud, as detailed in the complaint filed in the Southern District of Florida. Source: U.S. and Canadian regulators accuse Bermuda’s Arbitrade & insiders of ‘$51M crypto investment fraud’, OffshoreAlert.
U.S. and Canadian regulators have accused Bermuda’s Arbitrade and its insiders, including Troy Hogg, Stephen Braverman, Max Barber, and James Goldberg, of a $51 million cryptocurrency investment fraud, as detailed in the complaint filed in the Southern District of Florida. Source: U.S. and Canadian regulators accuse Bermuda’s Arbitrade & insiders of ‘$51M crypto investment fraud’, OffshoreAlert.

Fake Exchanges

Fake exchanges lure victims by offering attractive rates and services. Once users deposit their funds, the scam operators disappear, taking the money with them.

In 2017, South Korean authorities uncovered BitKRX, a notorious fake cryptocurrency exchange. Named to mimic Korea Exchange (KRX), BitKRX exploited KRX’s reputation to lure investors. Many believed BitKRX was run by KRX, but when they tried to access their funds, they found their money had vanished.

This image contrasts the authentic Bittrex login page on the left with a fake, fraudulent version on the right, highlighting how cybercriminals replicate legitimate sites for scams. Source: Fake Bittrex cryptocurrency exchange site stealing user funds, HACK Read.
This image contrasts the authentic Bittrex login page on the left with a fake, fraudulent version on the right, highlighting how cybercriminals replicate legitimate sites for scams. Source: Fake Bittrex cryptocurrency exchange site stealing user funds, HACK Read.

Ponzi Schemes

Ponzi schemes promise substantial returns with minimal risk. Early investors are paid with the funds of newer investors, creating an illusion of profitability until the scheme collapses, resulting in substantial losses for participants.

PlusToken was one of the largest Ponzi schemes in the crypto world. Promising 10–30% monthly returns, it lured over 3 million investors, mainly from China, South Korea, and Japan, using the Chinese app WeChat. The scheme focused on crypto education and a wallet service, convincing investors to buy its token, PlusToken. After a year, the PlusToken team shut down the scheme in 2019, escaping with over $3 billion in cryptocurrencies.

A grid of six photos shows the faces of the individuals arrested for their involvement in the PlusToken Ponzi scheme, a massive cryptocurrency fraud that deceived investors out of billions. Source: How the PlusToken Scam Absconded With Over 1 Percent of the Bitcoin Supply, Bitcoin Magazine.
A grid of six photos shows the faces of the individuals arrested for their involvement in the PlusToken Ponzi scheme, a massive cryptocurrency fraud that deceived investors out of billions. Source: How the PlusToken Scam Absconded With Over 1 Percent of the Bitcoin Supply, Bitcoin Magazine.

Impersonation Scams

In impersonation scams, fraudsters pose as celebrities or influencers, promising to multiply the cryptocurrency sent to them. Victims are convinced by the seeming legitimacy and urgency, leading to significant financial losses.

In one example, emails were sent to potential victims, offering a $600 return on a $100 deposit. These emails include PDFs promoting Elon Musk’s fake investment platform or inviting recipients to a “community” with an ad featuring Melinda and Bill Gates. The PDFs link to fraudulent news sites.

A fraudulent website screenshot features Elon Musk’s image promoting a fake 5000 BTC giveaway, misleading users into participating in a non-existent event to steal their cryptocurrency. Source: 25 Elon Musk Impersonator Scams On Social Media People Actually Fell For, Forbes.
A fraudulent website screenshot features Elon Musk’s image promoting a fake 5000 BTC giveaway, misleading users into participating in a non-existent event to steal their cryptocurrency. Source: 25 Elon Musk Impersonator Scams On Social Media People Actually Fell For, Forbes.

Malware Scams

Malware scams involve software designed to infiltrate victims’ devices, stealing sensitive information or cryptocurrency. These scams often come disguised as legitimate applications or software updates.

An email scam example showing a message that demands $1400 in Monero cryptocurrency as ransom, threatening to release compromising information allegedly obtained through malware. The email includes detailed instructions on purchasing and transferring Monero, along with a Monero wallet address for the payment. Source: INKY Protects Users from “New” Cryptocurrency Scam, INKY.
An email scam example showing a message that demands $1400 in Monero cryptocurrency as ransom, threatening to release compromising information allegedly obtained through malware. The email includes detailed instructions on purchasing and transferring Monero, along with a Monero wallet address for the payment. Source: INKY Protects Users from “New” Cryptocurrency Scam, INKY.

Fake Initial Coin Offerings (ICOs)

Fake ICOs promise groundbreaking projects and high returns. Investors buy tokens in these supposed startups, only for the operators to vanish with the funds raised.

Pincoin, a Vietnamese cryptocurrency, raised about $870 million from 32,000 investors. Instead of cash returns, investors were given a new token called iFan. The team behind Pincoin then disappeared, taking all the invested money with them.

The Pincoin Community Project advertisement features a yellow sports car and promotes the development and promotion of blockchain technology and cryptocurrency within a global sharing economy, positioning it as a way to streamline commerce and create value. Source: Pincoin.io: The $660 Million Scam ICO Business, SecurityTrails.
The Pincoin Community Project advertisement features a yellow sports car and promotes the development and promotion of blockchain technology and cryptocurrency within a global sharing economy, positioning it as a way to streamline commerce and create value. Source: Pincoin.io: The $660 Million Scam ICO Business, SecurityTrails.

Social Media Cryptocurrency Giveaway Scams

In these scams, fraudsters hijack social media accounts or create fake profiles, promising to double any cryptocurrency sent to them. The allure of easy money draws in many victims who never see their funds again.

Scammers are exploiting TikTok’s popularity with fake cryptocurrency giveaways. These videos, posted hourly, often feature deep fake clips of Elon Musk being interviewed, promoting the scams. Some videos are more basic, showing how to log in to a website and enter a promo code to receive free Bitcoin.

This image shows two smartphones displaying TikTok search results for “Bitcoin giveaway” and “Ethereum giveaway,” with numerous videos falsely featuring Elon Musk promoting fake cryptocurrency giveaways. Source: TikTok flooded by ‘Elon Musk’ cryptocurrency giveaway scams, BleepingComputer.
This image shows two smartphones displaying TikTok search results for “Bitcoin giveaway” and “Ethereum giveaway,” with numerous videos falsely featuring Elon Musk promoting fake cryptocurrency giveaways. Source: TikTok flooded by ‘Elon Musk’ cryptocurrency giveaway scams, BleepingComputer.

Employment Offers and Fraudulent Employees

Scammers pose as legitimate companies offering high-paying remote jobs. Once hired, they request sensitive information or upfront fees for “training,” disappearing afterward.

Scammers pose as recruiters, posting attractive jobs online or contacting individuals with resumes posted on employment sites. Victims fill out a fake application that requests excessive personal information. Scammers conduct professional-sounding interviews via email or video calls to collect more details. They offer job positions, requesting additional personal and bank information. Occasionally, they ask for payments for training or office equipment, promising reimbursement after work starts.

An employment scam email falsely claiming to be from Coinbase, offering a remote project manager position and requesting personal information under the guise of processing the job application. The email is marked with a large red “SCAM” stamp to highlight its fraudulent nature. Source: Security PSA: employment scams, Coinbase.
An employment scam email falsely claiming to be from Coinbase, offering a remote project manager position and requesting personal information under the guise of processing the job application. The email is marked with a large red “SCAM” stamp to highlight its fraudulent nature. Source: Security PSA: employment scams, Coinbase.

Romance Scams

Romance scams exploit emotional vulnerability. Fraudsters build an online relationship with the victim, eventually requesting money for urgent expenses, travel, or medical bills, often insisting on cryptocurrency payments. These scams can cause both severe financial and emotional distress.

If you’re unfamiliar with Pig Butchering scams and do no feel like reading my article above, I highly recommend watching “Pig Butchering Scams: Last Week Tonight with John Oliver.”

Source: Pig Butchering Scams: Last Week Tonight with John Oliver (HBO), Last Week Tonight on YouTube.

Major Scam Themes and Their Impact on Consumers

The common thread in these scams is their ability to exploit trust, urgency, and the perceived anonymity of cryptocurrency. Victims often face not just financial loss but also emotional distress and a breach of trust. The anonymous nature of cryptocurrency transactions makes the recovery of funds nearly impossible, compounding the impact on consumers.

Case Study: Bitconnect

Bitconnect is a prime example of one of the most infamous cryptocurrency scams ever. Marketed as a high-yield investment through its “lending program,” Bitconnect enticed investors with promises of substantial returns using a supposedly proprietary trading algorithm. In reality, Bitconnect was a classic Ponzi scheme, where returns to earlier investors were paid using funds from new investors, creating a deceptive appearance of profitability. The scheme unraveled in 2018, leading to a massive loss of $2.4 billion for investors. This case highlights the necessity for vigilant due diligence and robust regulatory measures to protect against similar fraudulent schemes in the cryptocurrency space.

Carlos Matos, a well-known promoter of Bitconnect, is seen energetically speaking into a microphone on stage, embodying the high-spirited and persuasive marketing tactics that contributed to the infamous cryptocurrency scheme’s widespread impact. Source: The Lesson of Bitconnect: Promoters Can Be Liable, Coindesk.
Carlos Matos, a well-known promoter of Bitconnect, is seen energetically speaking into a microphone on stage, embodying the high-spirited and persuasive marketing tactics that contributed to the infamous cryptocurrency scheme’s widespread impact. Source: The Lesson of Bitconnect: Promoters Can Be Liable, Coindesk.

Case Study: $SQUID Token

The $SQUID token serves as a prominent example of the notorious “pump and dump” crypto scam. Drawing inspiration from the popular Netflix series “Squid Game,” $SQUID was marketed as a play-to-earn cryptocurrency, promising its use in a forthcoming video game based on the show. The token’s price skyrocketed to an astounding $2,861, only to collapse to $0 in a matter of seconds. This sudden drop, known as a “rug pull,” occurred when the developers cashed out their tokens, siphoning off $3.3 million from the liquidity pool. Following the scam, the developers vanished, erasing their online presence and leaving investors with significant losses. Despite the initial hype and significant investments, the $SQUID token debacle highlights the importance of caution and due diligence in the unpredictable cryptocurrency market.

The chart illustrates the $SQUID token’s price surge to an impressive $2,861, only to plummet to zero shortly after, exemplifying a “rug pull” scenario. Source: coinmarketcap.com.
The chart illustrates the $SQUID token’s price surge to an impressive $2,861, only to plummet to zero shortly after, exemplifying a “rug pull” scenario. Source: coinmarketcap.com.

Case Study: OneCoin and the ‘Cryptoqueen’

OneCoin, founded in 2014 by Ruja Ignatova and known as the “Cryptoqueen,” is one of the largest cryptocurrency scams. Marketed as a revolutionary cryptocurrency, OneCoin defrauded investors of approximately $4 billion. Ignatova promised a “Bitcoin killer,” luring millions with the prospect of high returns. However, OneCoins were worthless, and investors were left empty-handed. Ignatova disappeared in 2017, and her co-founder, Karl Sebastian Greenwood, was sentenced to 20 years in prison. Ignatova remains on the FBI’s Ten Most Wanted list, accused of multiple fraud charges.

The FBI’s Ten Most Wanted Fugitive poster for Ruja Ignatova, also known as the “Cryptoqueen,” who is charged with multiple counts of fraud and money laundering related to the OneCoin cryptocurrency scam, one of the largest in history. Source: Most infamous cryptocurrency fraud schemes of all time, Fox Business.
The FBI’s Ten Most Wanted Fugitive poster for Ruja Ignatova, also known as the “Cryptoqueen,” who is charged with multiple counts of fraud and money laundering related to the OneCoin cryptocurrency scam, one of the largest in history. Source: Most infamous cryptocurrency fraud schemes of all time, Fox Business.

Navigating the Crypto Crime Landscape: Challenges and Strategies for Financial Professionals

As we wrap up our exploration of cryptocurrency crime, let’s reflect on the journey. Part one delved into the dark origins of cryptocurrency, tracing back to Silk Road and Bitcoin’s illicit beginnings. We covered sanction evasion, terrorist financing, child sex abuse material, malware, ransomware, cryptojacking, and darknet markets. Each case study highlighted the evolving tactics of criminals and the relentless efforts of law enforcement to counter these threats.

In part two, we delved deeper into the complexities of crypto-native money laundering, detailing the stages of placement, layering, and integration within the digital currency ecosystem. We emphasized the crucial role of KYC and AML measures in the ongoing battle between regulators and illicit actors. Additionally, we explored various cryptocurrency scams, from IRS impersonations to elaborate investment schemes, each preying on unsuspecting individuals.

Together, these two parts offer a detailed view of cryptocurrency crime’s complexities. The digital frontier, while innovative, also harbors illicit activities due to its anonymity and decentralization, attracting both legitimate users and criminals.

Despite challenges, hope persists with advanced blockchain analytics, compliance measures, and global cooperation proving effective. The takedown of platforms like Silk Road, Hydra Market and many others shows the battle is tough but winnable. The future of cryptocurrency depends on balancing innovation with regulation. Vigilance and adaptability are crucial for financial crime professionals. Our mission: harness cryptocurrency’s potential while combating misuse for a safer financial system.

Explore Next

Master Bitcoin Basics: A comprehensive guide to understanding Bitcoin transactions, manual tracking methods, and tools for tracing illicit value across both virtual and physical spaces. Read on…

Discover how blockchain is transforming industries on the Blockchain Insights Hub. Follow me on Twitter for real-time updates on the intersection of blockchain and cybersecurity. Subscribe now to get my exclusive report on the top blockchain security threats of 2024. Dive deeper into my blockchain insights on Mirror.xyz.

Subscribe to Ervin Zubic
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
CCLCLupDUvjm32Y…5zd1X3tfrORf87M
Author Address
0xf457Ef3C52900d1…64E552bEA52F9da
Content Digest
TAoyrHS3AfrTC1J…TUHEA2BRmkBOk9w