“Follow the money” has long been a mantra for law enforcement and regulators trying to stem the harm caused by crime. The cleaning of dirty money facilitates a huge amount of crime and targeting professional money-launderers can impact the ability of criminals to realise their gains. What good is money if you can’t spend it? With criminals increasingly turning to cryptocurrencies, money laundering now takes place on blockchains too and authorities around the globe have shown an appetite to take action against this activity.
Cryptocurrencies are used by illicit actors including cybercriminals and fraudsters in bids to remain anonymous. In the early days of cryptocurrency, privacy of transactions was achieved by “mixing” -blending cryptocurrencies of multiple users to hide their origins. As cryptocurrencies and Decentralised Finance (DeFi) has developed, criminals have been quick to abuse new technologies.
“Coin swaps” and “cross-chain bridges” are the types of services that are now most exploited for these purposes as they typically do not require any customer verification checks. Coin swaps are decentralised protocols which allow users to exchange coins directly with others with no intermediaries. A cross-chain bridge connects different blockchains and enables the transfer of assets and information between them. Services like these can be used for legitimate privacy purposes but can also be abused to launder funds.
“Chain hopping” is when cryptocurrency users move rapidly between different cryptocurrencies. Typically, criminals use this technique to avoid being traced, sometimes hopping onto “privacy coins” like Monero or Z-cash, which are harder to investigate.
The early days
Since near the start of cryptocurrency usage, criminals have developed and abused technology to launder the proceeds of the crimes. “Mixing” or “tumbling” services offer a way for individuals to maintain privacy but also offer a way for criminals to mix their “tainted” (identifiable) funds with others so that they are less easily traceable. In 2013 (ancient history in terms of cryptocurrency), the mixing service “Bitcoin Fog” was allegedly used to launder around 96,000 Bitcoin from the dark web Sheep drugs marketplace. The alleged operator was arrested in 2021.
Since then, various obfuscation services have been targeted by law enforcement and government authorities in attempts to reduce the harm that these services facilitate. In 2020, the US FBI charged an individual running the “Helix” mixer service with money laundering offences - he eventually pleaded guilty.
Decentralised laundering
As cryptocurrency technology has developed, so too have services which aid obfuscation of the flow of funds. In January 2022 blockchain analytics company Chainalysis noted the increasing adoption of DeFi protocols in laundering illicit funds. In June 2022, the Financial Action Task Force (FATF), the group which publishes guidelines on anti-money laundering, specifically mentioned the risks of money laundering through chain-hopping.
An October 2022 report by blockchain analysis firm Elliptic also noted that services which allow users to exchange between cryptocurrencies without a centralised organisation are abused by criminals. They estimated that at least $4 billion of illicit crypto proceeds have been laundered using decentralised exchanges (DEXs), “cross-chain bridges” and “coin swap” services by cybercriminals and fraudsters. They also calculated that over a third of stolen cryptocurrency funds they surveyed were laundered using DEXs.
In October, an attacker exploited a vulnerability in Binance’s BSC Token Hub cross-chain bridge which resulted in c.$137m being stolen. The attackers demonstrated the increasing sophistication used to launder the funds by funnelling the funds through a range of DeFi lending services, liquidity pools and coin swap services to hide their trails.
Authorities target mixers with sanctions
In a relatively new approach that will undoubtedly be used again, the US government has begun issuing sanctions against some of these service providers abused by criminals. In May 2022, the US Office of Foreign Assets Control (OFAC) sanctioned Bitcoin mixing service Blender.io and following this in August 2022, Tornado Cash, an Ethereum based decentralised mixing service. Both were alleged to have been used in laundering the proceeds from an attack by North Korean actors against the Ronin bridge service resulting in a $540 million theft from online game Axie Infinity.
The latest reporting indicates that other decentralised services are being routinely abused by criminals. Although some may consider these services “ungoverned” due to their autonomous behaviour, services which are identified as disproportionately abused by criminals to launder funds may find those connected with their development or marketing targeted by enforcers and regulators seeking to punish them and minimise the criminal usage.
In a move which sparked online protests in the Web3 community, the Dutch authorities arrested the developer of Tornado Cash in August for his suspected role in “concealing criminal financial flows and facilitating money laundering”. The outcome of this action remains to be seen but it sends a clear warning signal to those developing tools that have the capacity to be easily abused by criminals.
Tracing transactions and unpicking mixing services
Tracing transactions which involve the use of these services and techniques can be a complex task for investigators and the use of technology which allow the quick traversal of different blockchains can further increase the challenge. Investigators and compliance specialists now have to keep up with the latest tools and techniques to follow the destination or unpick the source of funds. In some instances, it may be possible to unpick mixing services and trace funds across chains. This sometimes means enrolling the services of investigation teams that specialise in cryptoassets tracing.
Using accredited cryptoasset tracing and investigation services
MDR Cyber Investigations team provides cryptoassets tracing and advice services and are accredited to the highest level of investigations from multiple blockchain analytics platforms. Our services have been used to trace funds lost to fraud, identify blackmailers and find crypto assets of cybercriminals. Supported by Mishcon de Reya’s large and esteemed fraud litigation team, we are also able to unlock closed doors through the use of court orders. For more information contact mdrcyber@mishcon.com.