A 2023 mid-year snapshot of cryptocurrency crimes found that money directed to wallets tied to known or suspected criminal activity have seen a revenue downtick in nearly every category of crime.
The insights from a Chainalysis report revealed the biggest revenue dips were tied to cryptocurrency scams, a category that includes investment scams, romance scams, pig butchering and fraudulent cryptocurrency services. Wallets associated with scammers have received about $1 billion so far this year, a $3.3 billion drop from the $4.3 billion they took in through the first six months of 2022.
Similar but lesser drops were also seen for wallets associated with hacks ($1.12 billion), cybercriminal administrators ($839 million), darknet markets ($59.8 million), fraud shops ($44.1 million) and child abuse material ($246,241).
Data from the first half of 2023 show significant drops for many types of cryptocurrency-enabled crime. (Source: Chainalysis)
Chainalysis noted that the big drop in money flowing to scammers in 2023 follows a similarly steep fall observed between the first six months of 2021 and 2022. Even more notable, the 2023 drop is happening at a time when cryptocurrency prices are rising, something that usually correlates with higher levels of scammer revenue as newer, less experienced buyers enter the market in an attempt to capitalize.
What's behind the numbers?
Kim Grauer, director of research for the firm, told SC Media the nearly across the board drop seen in cryptocurrency revenues to criminals is likely due to a number of factors, such as an increased focus on the sector from law enforcement and regulators, the use of more advanced technologies to identify and correlate different crimes and higher general awareness about the risks surrounding the cryptocurrency space.
That message of risk could be particularly potent in the wake of high-profile investment firms like FTX and Celsius that collapsed following widespread accusations and charges of fraud.
“I think that there’s a general feeling that those types of offers might in some instances be too good to be true,” Grauer said.
The sudden disappearance of two major cryptocurrency investment scams - Vidilook and the Chai Tai Tianqing Pharmaceutical Financial Management – that have collectively stolen hundreds of millions of dollars from victims may explain part of the revenue fall.
Still, Chainalysis said it would normally expect new scams to quickly rush to fill in the void left by Vidilook and Chai Tai. The especially sharp downturn following their exit could be a sign that consumers are becoming more wary of the cryptocurrency space overall as it has garnered an unsavory reputation over the years.
Representative Elissa Slotkin, D-Mich., who sits on the House Armed Services subcommittee on cybersecurity and sponsored legislation last year that would require members of Congress and their families to be more transparent when disclosing cryptocurrency holdings or transactions, said average everyday Americans are increasingly perceiving the cryptocurrency space in a negative light.
“There are a lot of people who really associate cryptocurrency - at least in the state of Michigan - exclusively with crime and criminality and as a way to pay bad guys,” Slotkin said at a ransomware conference in May. “They don’t understand the underlying blockchain technology that might be super interesting. Right now, they associate it with the bad stuff.”
Ransomware remains an outlier
There is a fairly large caveat to Chainalysis’ findings. The one type of cryptocurrency-based crime that actually saw money flow increase compared to 2022 was in ransomware, perhaps the greatest scourge in cybersecurity today.
Wallets linked to ransomware operators saw nearly $450 million flow into their coffers through June, putting the criminal industry on pace for its second-largest ever annual haul behind 2021, when ransomware actors took home a combined $939 million. The data also shows increases in both very large and very small ransom payments, as well as higher payment ranges that indicate the cost ceiling of ransomware is continuing to rise.
Distribution of ransomware payments between 2020 and 2023 (Source: Chainalysis)
That represents a stark reversal from January, when the firm reported that ransomware revenue had apparently dropped precipitously, but still generally in line with what other companies with unique datasets around ransomware and cyber insurers have found, namely that activity appeared to dip noticeably in 2022 only to come roaring back starting sometime in the first quarter of 2023.
Here too, the reasons behind why are complex and not fully understood, with Chainalysis citing global law enforcement takedowns and disruptions of ransomware gang activities, a desire to lay low following high-profile attacks against Colonial Pipeline, JBS and Kaseya in 2021 and Russia’s invasion of Ukraine temporarily scrambling the priorities and freedom of movement of the many ransomware gangs operating within Russian borders.
Grauer also noted that it’s not uncommon for extortion groups like Cl0p, which just this year carried out one of the largest and most impactful supply chain hacks ever that resulted in the theft of sensitive data for hundreds of businesses, to undergo long periods of “hibernation” as they retool and restructure before coming eventually resurfacing with a vengeance.
“I think we were all surprised to see just how much it’s come back. I think we’re going to be hitting all-time highs this year for ransomware [and] I think it’s one of the most important stories from this report,” said Grauer.