DeFi Takes On Bigger Role In Money Laundering

By Todd Lendfield, Country Manager, Chainanalysis Australia & New Zealand

All cryptocurrency cybercriminals share a common goal: to move their ill-gotten funds to a service where they can be kept safe from the authorities and eventually converted to cash. As such, money laundering underpins all other forms of cryptocurrency-based crime. Money laundering activity in cryptocurrency is also heavily concentrated. While billions of dollars’ worth of cryptocurrency moves from illicit addresses every year, most of it ends up at a surprisingly small group of services, many of which appear purpose-built for money laundering. Law enforcement can strike a huge blow against cryptocurrency-based crime and significantly hamper criminals’ ability to access their digital assets by disrupting these services.

2021 cryptocurrency money laundering activity summarised

Overall, going by the amount of cryptocurrency sent from illicit addresses to addresses hosted by services, cybercriminals laundered $8.6 billion worth of cryptocurrency in 2021. This represents a 30% increase in money laundering activity over 2020, which is unsurprising given the significant growth of both legitimate and illicit cryptocurrency activity in 2021. It is also important to note that these numbers only account for funds derived from “cryptocurrency-native” crime, meaning cybercriminal activity rather than crimes, such as drug dealing, that originate in fiat currency.

For the first time since 2018, centralized exchanges didn’t receive the majority of funds sent by illicit addresses last year, instead taking in just 47%.DeFi protocols received 17% of all funds sent from illicit wallets in 2021, up from 2% the previous year. Mining pools, high-risk exchanges, and mixers also saw substantial increases in value received from illicit addresses as well. It is interesting to note the difference in laundering strategies between the two highest-grossing forms of cryptocurrency-based crime in 2021: addresses associated with theft sent just under half of their stolen funds to DeFi platforms (over $750 million worth of cryptocurrency in total), whereas scammers send the majority of their funds to addresses at centralized exchanges.

Money laundering activity remains highly concentrated in 2021, but less so than in 2020

With fewer services used in 2021, money laundering concentration initially appears to have increased slightly. 58% of all funds sent from illicit addresses moved to five services last year, compared to 54% in 2020. However, money laundering activity is better viewed at the deposit address level rather than the service level. The reason for that is that many of the money laundering services used by cybercriminals are nested services, meaning they operate using addresses hosted by larger services in order to tap into those larger services’ liquidity and trading pairs.

A group of just 583 deposit addresses received 54% of all funds sent from illicit addresses in 2021. Each of those 583 addresses received at least $1 million from illicit addresses, and in total they received just under $2.5 billion worth of cryptocurrency. An even smaller group of 45 addresses received 24% of all funds sent from illicit addresses for a total of just under $1.1 billion. One deposit address received just over $200 million, all from wallets associated with the Finiko Ponzi scheme. Comparatively, in 2020 55% of all cryptocurrency sent from illicit addresses went to just 270 service deposit addresses. One reason for the change in concentration could be that due to law enforcement action, some money laundering services ceased operations after seeing those and other actions taken against illicit platforms, forcing cybercriminals to disperse their money laundering activity to other operators. It’s also possible that money laundering services have continued to operate but spread their activity across more deposit addresses, which would contribute to the lessening concentration we see above.

We also see differing levels of concentration in money laundering depending on the asset, as well as depending on the type of cybercriminal. Regarding assets, Bitcoin’s money laundering activity is the least concentrated by far. The 20 biggest money laundering deposit addresses receive just 19% of all Bitcoin sent from illicit addresses, compared to 57% for stablecoins, 63% for Ethereum, and 68% for altcoins. Regarding types of cyber criminals, money laundering activity for scammers and darknet market vendors and administrators is much less concentrated compared to other crime categories.

Next Steps: Investigations and KYC

While the ability to launder money underpins a cybercriminal’s ability to profit from their scheme, it is important to take steps to identify and stop money laundering. First, given regulations like the Travel Rule, cryptocurrency businesses in many countries must conduct additional compliance checks, reporting, and information sharing related to transactions above $1,000 USD in value. As you might expect, illicit addresses send a disproportionate number of transfers to exchanges just below that $1,000 threshold. Exchanges using Chainalysis would be able to see that these funds are coming from illicit addresses regardless of transfer size. But more generally, compliance teams should consider treating users who consistently send or receive transactions of that size with extra scrutiny.

Second, teams behind DeFi protocols must also work to prevent their products from being abused by cybercriminals. One way they can do that is by screening the wallets interacting with their smart contracts for prior transactions with known illicit addresses. With the Chainalysis API, DeFi teams can automate the screening process and ensure that their protocols aren’t being used to facilitate money laundering. If you work in DeFi, contact us here to learn more about automated wallet screening.

Third, law enforcement - not just those tasked with cybercrime cases - must understand cryptocurrency and blockchain analysis as it can supplement more established investigative techniques, as well allow investigators to become more proficient in analysing DeFi transactions.

Todd Lendfield, Chainalysis
Todd Lendfield, Chainalysis

Read more on cryptocurrency in 'Is cryptocurrency really a safe haven for money launderers?