What is crypto money laundering?
Crypto money laundering is the act of disguising funds that have been obtained illegally by moving them through cryptocurrency transactions to mask their original source. Criminals might conduct activities outside the blockchain but utilize on-chain transactions to carry out the laundering process.
Historically, illegal money was transferred using couriers or informal channels like Hawala. In contrast, with the increase of digital currencies, offenders now take advantage of blockchain technology to make significant monetary transfers. As techniques evolve and regulations tighten, authorities remain dedicated to tracking and reducing the exploitation of cryptocurrencies for laundering purposes.
With the innovative nature of cryptocurrencies, it has become easier for criminals to transfer large sums of money. As the adoption of digital currencies expands, so does illegal activity within this arena. In 2023, crypto wallets associated with unlawful activities moved $22.2 billion, a drop from $31.5 billion in 2022.
Stages of crypto money laundering
The process of crypto money laundering follows a methodical approach aimed at concealing the origins of illicit funds. Offenders employ advanced strategies to evade regulatory scrutiny and anti-money laundering (AML) protocols. The laundering process can be divided into several key stages:
- Step 1 — Accumulating funds: The initial phase involves collecting funds acquired through illegal means, often stemming from organized crime or fraudulent enterprises. These proceeds must be transported carefully to evade detection by authorities.
- Step 2 — Introducing funds into the crypto space: Criminals convert illicit funds into the financial ecosystem by obtaining cryptocurrencies. This often involves executing multiple transactions across various exchanges, especially those with lax AML compliance. To complicate tracking, they may also switch funds into various digital currencies like Ether (ETH), Polkadot (DOT), or Tether’s USDt (USDT).
- Step 3 — Disguising fund ownership: At this juncture, offenders aim to conceal the ownership of the funds. They transfer crypto assets through numerous transactions across diverse platforms, swapping one cryptocurrency for another. Frequently, funds are sent between offshore and onshore accounts to further hinder tracing.
- Step 4 — Reinserting laundered money back into the economy: The final stage is about reintegrating the cleaned funds into legitimate channels, typically through a network of brokers and dealers. They invest in businesses, real estate, or luxury goods, ensuring their activities do not raise alarms.
Did you know? The Financial Supervisory Commission in Taiwan mandates that all local virtual asset service providers adhere to new AML regulations by 2025.
Various methods criminals utilize for laundering cryptocurrencies
Criminals use a range of techniques to launder digital assets obtained through illicit means. From exchanges that disregard compliance to online gambling platforms, they employ various strategies to hide transaction trails.
Here’s a brief overview of some of these methods:
Non-compliant centralized exchanges
Criminals often turn to non-compliant centralized exchanges or peer-to-peer (P2P) platforms to exchange cryptocurrencies for cash. Before converting to fiat, the digital currency is often processed through intermediary services like mixers, bridges, or decentralized finance (DeFi) protocols to mask its origin.
Centralized exchanges (CEXs) handled nearly half of these funds despite compliance measures. In 2022, nearly $23.8 billion in illicit digital currency was traded, marking a 68% increase from 2021.
Decentralized exchanges (DEXs)
DEXs facilitate transactions in a decentralized manner, allowing users to engage directly through smart contracts instead of a CEX. These exchanges are currently less regulated, which offenders exploit to swap cryptocurrencies and hinder investigations.
Many DEXs operate without traditional Know Your Customer (KYC) and AML checks, enabling anonymous transactions.
Mixing services
Crypto mixers, often referred to as tumblers, enhance user anonymity by combining digital assets from various sources and then redistributing them to new addresses at random. This process conceals the origins of the funds before they are moved to legitimate channels.
A notable instance of criminals utilizing mixers is the Tornado Cash service, which laundered over $7 billion between 2019 and 2022, with the developer subsequently arrested by Dutch authorities.
Bridge protocols
Crosschain bridges, aimed at facilitating asset transfers between blockchains, are also exploited for laundering operations. Criminals use these tools to hide the source of illegal funds by moving them across different blockchain networks, complicating tracking efforts for authorities.
By converting assets from transparent networks into privacy-focused blockchains, criminals evade scrutiny while minimizing detection risks. The lack of consistent regulatory oversight across various chains encourages these illicit acts.
Online gambling platforms
Money launderers often take advantage of online gambling sites. They may deposit funds from both traceable and anonymous origins, then either withdraw them directly or engage in collusive betting to obscure the funds’ origins. This process effectively legitimizes the money.
The Financial Action Task Force (FATF) identified gambling services as a potential money laundering risk in their September 2020 report, particularly noting suspicious fund movements associated with these platforms and their links to known illegal sources.
Nested services
Nested services refer to a variety of services that operate within one or more exchanges, using addresses provided by those platforms. Some exchanges maintain lax compliance standards for these nested services, which can create opportunities for criminals.
Transactions involving nested services appear on the blockchain as though they were executed by the exchanges instead of the nested service providers or individual users behind them.
Over-the-counter (OTC) brokers: A frequently used nested service for money laundering
OTC brokers are commonly utilized by criminals for crypto money laundering, as they facilitate large cryptocurrency transactions with a degree of anonymity.
These transactions can involve various cryptocurrencies, such as Bitcoin (BTC) and ETH, or handle conversions between crypto and fiat currencies, like BTC and euros. While OTC brokers connect buyers and sellers for a commission, they do not engage in the negotiation itself; once terms are established, the broker manages the transfer of assets.
To address North Korean cybercrime, the US government has taken decisive actions against the money laundering efforts of the Lazarus Group. In August 2020, the Department of Justice (DOJ) sought to seize 280 cryptocurrency addresses tied to $28.7 million in stolen funds following a $250 million exchange heist investigation.
Furthermore, in April 2023, the Office of Foreign Assets Control (OFAC) imposed sanctions on three individuals, including two OTC traders, for facilitating the Lazarus Group’s laundering efforts, highlighting their ongoing reliance on OTC brokers.
Did you know? Microsoft Threat Intelligence identifies Sapphire Sleet, a North Korean hacking organization, as a significant player in crypto theft and corporate espionage.
The shifting landscape of crypto money laundering, explained
The intricate landscape of crypto money laundering consists of a dual infrastructure. While CEXs continue to be the primary channels for illicit funds, noticeable changes are emerging. Crosschain bridges and gambling platforms are seeing increased utilization, indicating evolving tactics among criminals. Analyzing deposit address concentrations and crime-specific patterns helps identify vulnerabilities.
Crypto money laundering infrastructure
Generally, the infrastructure surrounding crypto money laundering can be categorized into intermediary services and wallets. Intermediary services consist of mixers, bridge protocols, DeFi protocols, and similar offerings. On the flip side, fiat off-ramping services represent any service that assists in converting crypto to fiat currency.
While centralized exchanges are more frequently used for these conversions, criminals might also employ P2P exchanges, gambling services, and cryptocurrency ATMs. Offenders use intermediary services to obscure the sources of their funds by hiding the on-chain connection between the originating address and the current one.
Key channels used for crypto money laundering
Different financial services vary in their capacity to combat money laundering. Centralized exchanges, for example, maintain more control over transactions, allowing them to freeze assets tied to illicit or suspicious activities. In contrast, DeFi protocols function autonomously and don’t hold user funds, making such interventions challenging.
The transparent nature of blockchain technology permits analysts to trace funds flowing through DeFi platforms, which can be more difficult with centralized services. Centralized exchanges remain the primary destinations for assets from illicit sources, exhibiting a relatively steady trend between 2019 and 2023. There has been a notable increase in ransomware proceeds being funneled to gambling sites and a rise in ransomware wallets directing funds to crosschain bridges.
Tracking illicit funds through deposit addresses
Deposit addresses function similarly to bank accounts on centralized platforms and illustrate how financial flows are concentrated. In 2023, a total of 109 exchange deposit addresses each received over $10 million in illicit cryptocurrency, cumulatively amounting to $3.4 billion. In comparison, in 2022, only 40 addresses exceeded the $10 million threshold, contributing to a combined total of just under $2 billion.
The concentration of money laundering activities also varies by type of crime. For example, ransomware operators and vendors of illegal content show a high level of centralization. Seven significant deposit addresses accounted for 51% of all funds from exchanges associated with illegal content vendors, while nine addresses processed 50.3% of ransomware proceeds.
Criminals’ shift to crosschain and mixing services
Advanced criminals increasingly rely on crosschain bridges and mixing services to obscure their financial transactions. Illicit cryptocurrency transfers through bridge protocols surged to $743.8 million in 2023, more than doubling from the $312.2 million recorded in 2022. There has been a notable increase in funds sent to crosschain bridges from addresses associated with stolen assets.
Cybercriminal organizations employing sophisticated laundering techniques, such as North Korean hacking groups like the Lazarus Group, utilize a diverse array of crypto services. Over time, they have modified their strategies in response to enforcement actions. For instance, the closure of the Sinbad mixer in late 2023 prompted these groups to pivot to other mixing services such as YoMix, which operates on the darknet.
National and international frameworks for crypto AML
Governments around the globe have implemented laws and guidelines to combat crypto money laundering. Various nations have established regulatory frameworks to ensure compliance.
United States
The Financial Crimes Enforcement Network (FinCEN) oversees the regulation of crypto asset service providers to curb money laundering in the United States. Crypto exchanges operate under the Bank Secrecy Act, which mandates registration with FinCEN and the implementation of AML and Counter-Terrorist Financing programs. They are required to keep accurate records and report activities to the relevant authorities.
Canada
Canada was the pioneer in introducing crypto-specific laws against money laundering through Bill C-31 in 2014. Transactions involving virtual assets are governed by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated regulations, compelling compliance from all entities engaged in digital currency dealings.
European Union
The Markets in Crypto-Assets (MiCA) Regulation intends to protect consumers from financial risks associated with crypto. This includes the establishment of the EU-wide Anti-Money Laundering Authority (AMLA). Crypto Asset Service Providers (CASPs) must collect and share transaction data to ensure traceability, aligning with global standards.
Singapore
Singapore enforces stringent AML regulations via the Payment Services Act, which governs services dealing with digital payment tokens. Companies must conduct thorough customer due diligence and conform to AML and Countering the Financing of Terrorism (CFT) regulations to operate lawfully.
Japan
In Japan, cryptocurrency regulation occurs under the Act on Punishment of Organized Crimes and the Act on Prevention of Transfer of Criminal Proceeds, ensuring rigorous oversight to tackle illegal financial activities.
Additionally, nations collaborate globally to deter crypto money laundering, forming organizations such as the FATF, which strives for regulatory cohesion, information sharing, and boosting AML frameworks.
Token issuers also contribute significantly to diminishing illicit activities. Notably, stablecoins like Tether’s USDt (USDT) and USDC have inbuilt mechanisms to block funds associated with criminal enterprises, hindering further misuse.
How to prevent crypto money laundering
As crypto money laundering evolves, authorities are compelled to employ advanced blockchain analytics to monitor illicit transactions effectively. Law enforcement agencies must utilize sophisticated tools to detect suspicious activities and dismantle criminal operations.
Law enforcement has improved its capacity to trace illicit transactions, demonstrated in cases like Silk Road, where blockchain analysis helped unveil criminal endeavors. However, by collaborating with international entities such as the FATF and the European Commission, authorities can evaluate high-risk jurisdictions and minimize threats to the financial system.
Crypto service platforms must adhere to stringent KYC and AML protocols, especially for transactions emanating from high-risk regions. Platforms should consistently audit transactions, monitor for unusual patterns, and partner with law enforcement to quickly address potential laundering efforts.
Users are also pivotal by steering clear of transactions with entities operating in high-risk areas and reporting suspicious activities. Understanding secure wallet practices and ensuring that their transactions remain traceable (when necessary) can help prevent unintentional involvement in illegal activities. Strong cooperation across all parties is essential to effectively combat crypto money laundering.