Crypto Crime

Cryptoasset activity is sometimes quite hastily associated with criminal affairs. Let's delve into crypto crime and try to shed some light on this hot topic.

Types of crimes

Two main types of crypto crimes by frequency and volume are scams and malware. Let's see them in detail.


A scam is a malicious technique perpetrated by a scammer to induce the victim to transfer funds to the scammer's account or to directly steal the funds that the victim has on their wallets or has deposited somewhere. Types of scams include:

  • Phishing: a method of identity theft that relies on individuals unwittingly volunteering personal information (like private keys of wallets) that can be used to steal the founds of the victim. It is often carried out through the creation of a fraudulent website or email appearing to represent a legitimate firm.
  • Ponzi scheme: a fraudulent investment scheme in which an operator pays returns on investments from capital derived from new investors, rather than from legitimate investment profits. Ponzi scheme operators entice new investors with abnormally high short-term rates of return. Ponzi schemes generally fall apart when there is not enough new capital to pay the ever-growing pool of existing investors. The scheme is named for Charles Ponzi of Boston, Massachusetts. In the 1920s, Ponzi launched a scheme that guaranteed investors a 50% return on investments in postal coupons.
  • Rug pull: it entails developers creating new tokens and promoting them to investors, who trade for the new token in the hopes the token will rise in value, which also provides liquidity to the project. Eventually, the developers drain the funds from the liquidity pool, sending the token’s value to zero, and disappear. Rug pulls are prevalent in DeFi because with the right technical know-how, it’s cheap and easy to create new tokens on the blockchain and get them listed on decentralized exchanges without a code audit.
  • Code exploits. It happens when hackers take advantage of a bug in the the code of a DeFi protocol, like a decentralized exchange or lending and borrowing platform, to drain the deposited funds. Open-source development is a staple of DeFi applications since DeFi protocols move funds without human intervention, hence users need to be able to audit the underlying code in order to trust the platform. But this also stands to benefit cybercriminals, who can analyze the scripts for vulnerabilities and plan exploits in advance.

Malware and Ransomware

Malware refers to malicious software that carries out harmful activity on a victim’s device, usually without their knowledge. Examples of malware families include:

  • Info stealers: Collect saved information (like credentials) from compromised computers.
  • Clippers: Can insert new text into the victim’s clipboard, replacing text the user has copied. Hackers can use clippers to replace cryptocurrency addresses copied into the clipboard with their own, allowing them to reroute planned transactions to their own wallets.
  • Cryptojackers: Make unauthorized use of victim device’s computing power to mine cryptocurrency.
  • Trojans: Virus that looks like a legitimate program but infiltrates victim’s computer to disrupt operations, steal, or cause other types of harm.

Malware are typically exploited by less sophisticated hackers spamming millions of potential victims and stealing smaller amounts from each individual tricked into downloading the malware. Many of these malware strains are available for purchase out-of-the-box on the darknet.

In particular, ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid, usually in Bitcoin. Most ransomware attacks appear to be financially motivated. However, others appear to be motivated by geopolitical goals. That’s exactly what we saw in a recent ransomware attack on Ukrainian government agencies by hackers believed to be associated with the Russian government. The attack occurred on the night of January 13, 2022, and disrupted several government agencies’ ability to operate. Apparently, Russian hackers used a ransomware whose code is similar to a previous one exploited to target Russia itself, so that it appears to be of Ukrainian rather than Russian origin — in other words, a false flag attack.

Other types of crypto crimes

  • Market manipulation. This includes different strategies to influence the market to make a profit. One popular technique is pump and dump: influencers encourage investors to buy crypto assets in little-known cryptocurrency projects whose prices can be easily influenced, based on false information. The price of the assets subsequently rises and the scammers sell their own shares, earning a profit and leaving the victims with worthless shares. Wash trade is a another form of market manipulation in which an investor simultaneously sells and buys the same financial instruments to create misleading, artificial activity in the marketplace. First, an investor will place a sell order, then place a buy order to buy from themself, or vice versa. This may be done for a number of reasons, including artificially increase trading volume in an exchange of cryptocurrencies or the price of a Non Fungible Token (NFT) associated with a digital asset, giving the impression that the asset is more in demand than it actually is.
  • Darknet markets. The darknet is an overlay network to the internet that can only be accessed by specialized software, configurations and special authorizations, and often makes use of non-standard communication protocols in order for it to be deliberately inaccessible by the internet. Darknet markets include fraud shops, which broker the sale of stolen logins, credit cards, exploit kits, and more, as well as drug-focused markets.
  • Terrorism financing. This refers to terrorist organizations that have attempted to finance their operations with cryptocurrency. For instance, in 2019 and 2020, al-Qaeda raised cryptocurrency through Telegram channels and Facebook groups, and in early Spring of 2021, al-Qassam Brigades, Hamas’ military wing, collected donations in cryptocurrencies.
  • Sanctions evasion. This is the attempt to elude state or international sanctions using cryptocurrencies. For instance, in 2020 some in the Iranian government have called for the country to use cryptocurrency to circumvent these sanctions, and Bitcoin mining may provide the perfect opportunity to do so. As one of the world’s largest energy producers, Iran has the low-cost electricity needed to mine cryptocurrencies like Bitcoin cheaply, providing an injection of monetary value that sanctions can’t stop. Moreover, Russia is currently considering the use of cryptocurrencies to elude international sanctions determined by the invasion in Ukraine.

Good practices

  • if something sounds too good to be true, it probably is: be wary of someone that promises a lot in exchange for a few. They will probably just want to steal that few;
  • don't trust, verify (aka, do your own research): check personally every single bit of information without giving anything for granted; never do something just because someone told you to do it but always do your own investigations;
  • not your keys, not your money: use a physical (cold) wallet to store the bulk of your funds as well as to sign important transactions;
  • put security first: save the seed phrase of your wallet on at least 3 cold storage media (like USB sticks, paper, engraved metal) and distribute them across different geographic places;
  • use dedicated devices: the computers and phones that you use to manage your cryptos should be used only for this;
  • be prepared for the worst-case scenario: share with a trusted person how to recover you funds in case of death or loss of memory.

Good news

Chainalysis is a blockchain analysis company providing data and analysis to government agencies, exchanges, and financial institutions across 40 countries. It compiles every year a rigorous report about crypto crime. According to the Chainalysis 2022 crypto crime report (based on 2021 activity):

  • cryptocurrency-based crime hits a new all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, up from $7.8 billion in 2020;
  • despite the raw value of illicit transaction volume reaching its highest level ever, transactions involving illicit addresses represented just 0.15% of cryptocurrency transaction volume in 2021, down from 0.62% in 2020 and from 1.54% on average of the last 4 years;
  • this discrepancy among absolute and relative figures is due to the fact that in 2021 overall transaction value in cryptocurrencies grew much more (567%) than illicit transaction volume (79%) with respect to the previous year;
  • overall, going by the amount of cryptocurrency sent from illicit addresses to addresses hosted by services, cybercriminals laundered $8.6 billion worth of cryptocurrency in 2021, compared to $6.6 billion in 2020;
  • meanwhile, the UN Office on Drugs and Crime estimates that up to $2 trillion – 5% of global GDP – is laundered every year through the traditional financial system in fiat currencies. Moreover, the transparency and immutability of public blockchains equips law enforcement with greater tracking capabilities than they have for fiat currency. Using these figures, the amount laundered through fiat currency is more than 232 times greater than the amount laundered through crypto.

Cover artwork

The cover artwork is an unpublished work created in Processing by hex6c inspired by an early generative piece called (DĂ©s)Ordres by Vera Molnar (1974). The artwork is part of the Generative Art Recoded initiative, an effort to preserve pioneering generative artworks by recoding them into a modern programming language.

Subscribe to hex6c
Receive the latest updates directly to your inbox.
This entry has been permanently stored onchain and signed by its creator.