Bad guys’ crypto. How cryptocurrency is used for illegal purposes
Earlier this year, Europol’s operation Tulipan Blanca saw dozens of arrests and investigations into the workings of an international organized crime ring that used credit cards and cryptocurrencies to launder illegal funds obtained mainly from their drug business.
This brought up, once again, the topic of crypto’s potential for enabling criminal activities. Whether by “traditional” methods like Tulipan Blanca’s smurfing (splitting illegal gains into small batches that are then deposited into hundreds of third bank accounts) or cryptojacking (slowing down computers) or various other techniques, it is undeniably true that some part of crypto is used for nefarious purposes. However, how much is still under debate.
A study by a team of Australian researchers claimed as much as 44% of Bitcoin transactions are for ilegal purposes; however, their data was from 2017, although the report made headlines earlier this year.
A more up-to-date assessment comes from Lilita Infante, a DEA special agent and one of a 10-strong Cyber Investigative Task Force focusing on dark web and virtual-currency related investigations, in collaboration with various US bureaus and organizations. While the volume of transactions has increased enormously, Infante states, the ratio of illegal to legal transactions has decreased. In fact, it has reversed from several years ago, when the ratio was 90-10%. Now the entire crypto market is booming, yet the nefarious use cases across the field are 10-90%. Most of the market, Infante explains, now belongs to cryptocurrency speculators.
How, then, is crypto used for illegal purposes? Here are some of the most common ones, some of a more general variety, some more narrow-scale.
Theft. This is the most obvious one, and possibly the most profitable if done on a large scale. Theft is committed not just by usurping users’ keys through fishing or cold stealing, but by a myriad techniques, from fraudulent ICOs and get-rich-quick schemes to the one method with massive immediate returns: hacking exchanges. Unfortunately for cryptocurrency, exchanges are hackable and centralization works against them. Once you hit the mothership, the fleet does down. So much so, that some speculate the boom-and-bust of December 2017 had something to do with Mt. Gox finally releasing lots of tokens onto the market to get liquidity and cover its losses after the infamous 2014 hack, flooding the market and causing the price to flop.
Tax evasion. In April 2017, an IRS John Doe summons to Coinbase required the exchange to provide information on all its users for the year 2015. It was a blanket request, and Coinbase quickly reacted by claiming the order overreached. However, it is hard to argue with the IRS’s reasoning, since only 802 people had filed taxes mentioning crypto activity, where are all the others? Presumably, evading taxes.
True, for many taxpayers it was long unclear what cryptocurrency actually was, although its classification as property rather made it clear early on. Many didn’t even think to check, assuming it was decentralized and therefore untraceable and exempt from taxation. Not so. Form 8949 should be the US crypto traders’ go-to for IRS purposes.
Extortion. Adultery, adult site and other forms of blackmail have become increasingly common. Blackmailers claim relatively low amounts in exchange for their silence to spouses or employers. Hoever, on a larger scale, the most common extortion technique is through ransomware attacks, which have doubled each year over the past couple of years, to become “the most popular form of malware used in cyberattacks”. Ransomware encrypts a computer’s data until a crypto sum is paid into the attackers’ wallet. Cryptocurrency has long been the payment token for such attacks, but crypto itself is transparent and immutable, so ransomware gains are easily spotted by law enforcement tracking the ransom wallets. In the infamous WannaCry attack, the Bitcoin deposited into three wallets by various victims went untouched for almost three months, possibly until the wallet owners figured out how to safely launder the money. Bitcoin’s inherent transparency is, in fact, playing against them.
Cryptojacking is stealing a networked computer’s power to mine for various types of cryptocurrency. You are partly protected if you run adblockers or antivirus software, but cryptojackers are also inventing new methods, including delivering freebies to your computer.
Crypto phishing. This is most often done through impersonation of a famous crypto personality, a reliable website, or any other form a “brand” may take. Phishers tout a very enticing offer on a platform that appears reliable, either social media or a mirror website, then victims enter their private keys and – voila, they’ve just given away their wallet to these malicious entities.
Flipping scams and pyramid schemes. One way or another, they make shady promises of multiplying your money almost overnight. Crypto is handed over by the unsuspecting victim, then quickly whisked away and run through mixers, never to be seen again.
Crypto laundering is massive indeed; we just don’t know exactly how massive. Mixers, tumblers, foggers and laundries are a big deal, and some of them actually advertise their services across the internet. Without an international coalition of regulators, banks, law enforcement agencies, and crypto exchanges, there is no way to stop a knowledgeable criminal from operating in the digital space. And, where Bitcoin allows for a certain amount of blockchain auditing, suspicious activity and wallet monitoring etc., more privacy-focused coins like Monero, ZCash and Dash are all but untraceable, and, moreover, ToR works like the bad guys’ portal to untraceability.
While this list shows that cryptocurrency is indeed relatively easy to use to bury traces of various types of criminal activity, the fact remains that fiat currencies are the most widely used for this purpose. The most widely used coin for laundering and other criminal activities remains, of course, the US dollar. And, as European Union finance ministers gathered in session earlier this month in Vienna have decided to not take common steps to regulate the market at this point, it is likely that nothing much will change in the near future.