This article is more than nine months old

Criminals, terrorists, and money launderers are ditching Bitcoin

  • Criminals are abandoning Bitcoin in favour of other digital assets.
  • However, the fiat value of crypto crimes remains steady as online thugs diversify their scams, creating new threats for investors and projects.

Despite plunging prices in crypto’s winter, the fiat dollar value of crypto-related crime remained steady. That’s possibly because Bitcoin is no longer the only game in town for hackers, scammers, and terrorists.

As the cryptoverse has grown more diversified, with Bitcoin losing some of its overall market dominance, cyber thugs have followed suit.

“Over the last few years we have seen a gradual shift from Bitcoin to an explosion of new assets and blockchains,” Sondra Magness, head of communications at blockchain intelligence firm TRM Labs, told DL News. “We have seen this from lawful users and by illicit actors.”

As of 2022, Bitcoin’s share of illicit volumes plunged from 97% in 2016 to just 19%, as wrongdoers embrace a new multi-chain reality. In the same time, crypto hack volumes on Ethereum and Binance Smart Chain reached 68% and 19% respectively. Terrorists, who almost exclusively relied on Bitcoin in 2016, now conduct 92% of their transactions through assets on the TRON blockchain.

These are some of the findings from a new report by TRM Labs. It showed how digital thugs have shifted away from the world’s leading cryptocurrency to stay ahead of law enforcement agencies and launch new ways to attack investors and projects.

The report is an attempt to map the criminal activities that generate crypto proceeds, and how the crypto ecosystem is used to launder money.

“[The move away from Bitcoin] has been a gradual shift that began in earnest in 2021-ish, but we have really seen a true shift in the last year or so,” TRM head of policy Ari Redbord told DL News.

Year of the bridge hack

Cybercriminals have also shifted gears due to police forces having amped up their efforts to catch them.

Join the community to get our latest stories and updates

“Like the age old cat and mouse game, while we have seen illicit actors move from Bitcoin to other chains, we have also seen authorities adapt and adjust,” Magness said. “Some of the biggest cases today — from DeFi Ponzi schemes to terrorist financing, bridge hacks to the use of stablecoins to move funds — have been made by law enforcement following the flow of funds in this post Bitcoin era.”

The shift away from Bitcoin has also given rise to new threats, such as bridge hacks. Last year saw an outbreak of attacks on cross-chain bridges that saw some $2 billion in assets stolen, according to TRM’s data.

TRM competitor Chainalysis reported the same figure in August, noting these hacks accounted for 69% of total funds stolen in 2022.

North Korea’s Lazarus Group accounted for many of the bridge hacks, including the $600 million hack of the Ronin bridge and $100 million stolen from Horizon. The White House said this month that crypto hacks have funded about half of the rogue nation’s ballistic missile programme, for a total of $3 billion.

NOW READ: North Korea accelerates nuclear missile programme with ‘treasure sword’ — $1.7bn from crypto heists

Other hackers, like whoever made off with $325 million from the Ether-Solana “Wormhole” bridge, remain unidentified.

Blockchain bridges also provide digital thugs with an opportunity to stay ahead of crime-fighting agencies, cover their tracks and launder money as they allow them to pass assets from one blockchain to another with ease.

NOW READ: How hackers turn stolen crypto into cash

Criminals can also use other methods, such as mixers and privacy coins to muddy the trail. These obfuscation methods, alongside with the fact that not every hack is reported, nor every wallet identified, make it nigh impossible for blockchain analysis to give a complete picture of all activity.

Monthly crypto hacks.

Criminals still use Bitcoin

While there has clearly been a shift away from Bitcoin, the world’s leading cryptocurrency is still the payment method of chocie in ransomware attacks, Kim Grauer, director of research at Chainalysis, told DL News.

“Ransomware is still heavily Bitcoin-dependent despite efforts to shift to privacy coins, because Bitcoin is much easier for victims to acquire for payment,” Grauer said.

But, she added, “We’ve seen a shift to stablecoins for many scammers and hacking is more diversified given the majority of victims are DeFi platforms.”

Government response

Crypto’s critics, such as Senator Elizabeth Warren, have seized on illicit financing in crypto to push for tougher anti-money laundering rules.

“We need to deal with the crypto payments that have become the payments of choice for these drug traffickers,” Warren said at a Senate Banking Committee mark-up on anti-fentanyl legislation last week.

But Redbord said that crypto exchanges operating within the US and much of the west are already bound by strict AML and know your customer rules. US and international authorities use their troves of information to identify and prosecute wrongdoers, and have continued to do so as illicit flows move away from Bitcoin.

“Some of the biggest cases today — from DeFi Ponzi schemes to terrorist financing, bridge hacks to the use of stablecoins to move funds — have been made by law enforcement following the flow of funds in this post-Bitcoin era,” Redbord told DL News. “The US and other governments have reacted to this shift by continuing to follow the money.”

Additional reporting by Eric Johansson and Joanna Wright.