2022 Hits All-Time High For Crypto Crimes; Russian Sanctions, North Korean Hackers Lead The Pack

2022 Hits All-Time High For Crypto Crimes; Russian Sanctions, North Korean Hackers Lead The Pack

As cryptocurrency has a record year for usage, so too do illegal elements using crypto for illicit ... [+] purposes. AFP via Getty Images

While 2022 was another huge year for crypto adoption (with global ownership growing by 39% according to Crypto.com), it was also an industry record year for a less desirable factor: crime.

Crypto-related crime reached its highest-ever level in 2022, according to blockchain data platform, Chainalysis, cumulatively reaching $20.6 billion in illicit funds transferred. This marks a 15% growth from 2021, and a 145% increase from just two years ago.

This growth was driven both by highly sophisticated crimes—such as the high-profile Axie Infinity Ethereum ETH hack— and quite simple ones, such as impersonators scamming marks into sending their crypto funds in the belief that they are aiding important persons, government officials, or romantic companions.

The largest segment of rising “crime” however was not traditional crime, but sanctions by the Office of Foreign Assets Control (OFAC) against entire crypto exchanges known for money laundering and illicit services. Together the volume of transactions on these exchanges— primarily darknet market Hydra, decentralized mixer Tornado Cash, and Russia-based cryptocurrency exchange Garantex—accounted for 43% of all criminal activity recorded by Chainalysis in 2022.

As a central phase all illicit crypto funds need to undergo, laundered money serves as a good proxy ... [+] for other illict activity on the blockchain Chainalysis

The level and type of illicit activity differed on designated exchanges. Virtually all funds flowing through Tornado Cash came from scams or hacks, while Garantex had a mix of risky, illicit and non-illicit addresses (primarily Russian civilians). Before Hydra’s servers were seized by German Police in April of last year, it was known as one of the most extensive darknet markets, used for everything from drug dealing to laundering money from ransomware attacks.

The volume of transaction on these exchanges was directly propelled by funds from crypto hacking—which had its largest year on record, with an estimated $3.8 billion stolen from businesses in 2022. DeFi protocols led the pack as the preferred target for hackers, accounting for 82% of all cryptocurrency stolen last year. DeFi hacks occurred largely through hacks of cross-chain bridges, a process by which a smart contract on one chain attempts to lock assets to mint equivalent assets on a second chain. These concentrated transfers of value present a high reward opportunity to hackers, a digital equivalent of robbing cargo trucks on the highway.

DeFi protocols far outpaced centralized services for hacks in 2022, representing a reversal from ... [+] 2016-2020Chainalysis

While cross-chain bridges present an alluring hacking opportunity, DeFi isn’t by nature necessarily more vulnerable to hacks than other protocols. Rather, according to cybersecurity firm Halborn, it’s the result of prioritizing growth over security.

“The DeFi community generally isn’t demanding better security — they want to go to protocols with high yields. But those incentives lead to trouble down the road,” says Halborn COO David Schwed. “A big protocol should have 10 to 15 people on the security team, each with a specific area of expertise.”

These lax protocols have allowed professionally organized groups, such as North Korean criminal syndicate Lazarus Group to profit immensely from hacks. Last year, Lazarus group shattered its previous record for theft, stealing an estimated $1.7 billion worth of cryptocurrency over the course of the year. Included in these was the $80 million Qbridge hack—South Korea’s single largest hack of 2022. The hack in essence allowed North Korean hackers to mint an unlimited amount of qXETH (meant to represent bridged Ethereum) without actually owning any Ethereum, and then borrow BNB BNB tokens off the exchange, based on the value of the fraudulent qXETH.

Much of North Korea’s stolen funds were historically laundered through Tornado Cash, showing once again the intimate and functionally crucial relationship between illicit activities and money laundering exchanges. However once Tornado Cash was sanctioned, North Korean hackers began shifting their laundering activities to Sinbad, demonstrating the cat-and-mouse game with authorities that will likely be a fixture of crypto as new exchanges pop up to replace sanctioned ones.

The bar graph shows just how instrumental Tornado Cash was to laundering illicit funds in North ... [+] Korea, and also how quickly other services can pop up to fill the void in laundering. Chainalysis

The amounts stolen aren’t trivial. With the value of North Korea’s exports estimated at $142 billion in 2020, the $1.7 billion in stolen crypto funds represents 11 times the value of all foreign money the country received from outside trade. This nefarious cash is believed by experts to being used for the funding of the country’s nuclear weapons program, compounding the damage done from stealing the funds themselves.

Cumulatively these activities drove up crypto crimes both in absolute and relative terms—with illicit activity as a share of all cryptocurrency transactions rising for the first time since 2019. However, it’s also worth noting that despite these increases, criminal activity continues to represent a minuscule amount of the total crypto industry, accounting for just 0.24% of all market activity in 2022.

While all illegal transactions are by nature designed to be hidden, the design of public ledgers on the blockchain means that wallets used for illicit activity are often out in the open. However, Chainalysis maintains these activities are just a minimum guess of the total illegal crypto activity, and total amounts will likely be revised upwards.