Contrary to popular lore, cryptocurrencies are not a haven for anonymous criminals. In fact, armed with smart analytics, it’s easier to follow money trails on blockchains than it is on legacy payment networks, however a circuitous route they may take. What’s still hard to figure out — for the time being — is the identity of the criminals using various blockchain addresses to move their stolen funds, especially when they rely on self-hosted wallets.
In our recently published “Predicts 2022: Prepare for Blockchain-Based Digital Disruption,” we predict that “By 2024, successful cryptocurrency thefts and ransomware payments will drop by 30% due to criminals’ inability to move and spend funds off blockchain networks.” We attribute this to four developments.
Transparent blockchains are much easier platforms on which to track criminal payments than siloed, legacy payment systems ever were. Today about 23 blockchains make up approximately 99% of all blockchains’ market cap. This means that effective anti-blockchain-fraud systems must integrate with just 23 totally transparent platforms rather than thousands of enterprise systems and payment networks.
The hard part is turning the nondescript blockchain metadata into meaningful information and applying real-time machine learning and analytics to the data. The good news is if that is done well, the intelligence can see across all the blockchain platforms at once, trace criminal and suspect payments and addresses, and identify oft-repeated abnormal money movement patterns.
Vendors like Chainalysis, CipherTrace (a Mastercard company), Elementus and TRM Labs provide insights to authorities who need forensics to investigate hacks. Increasingly, exchanges and DeFi protocols use their software to prevent fraud.
It’s probably time to democratize these fraud prevention tools and let individual users acquire them directly, so they can receive proactive warnings before transmitting funds to a criminal address. Democratization of these tools is in the spirit of Web3 finance, where users are their own bankers. But it does pose a conundrum: How can we keep the tools opaque enough that criminals can’t reverse-engineer them and figure out how to evade detection and prevention tools during future heists?
Aside from increasing adoption of rapidly advancing blockchain intelligence and fraud prevention tools, the government is also stepping in to make it harder to use cryptocurrency for criminal purposes. Consider these facts noted in our report:
When you add it all up, it is getting harder and harder for criminals to commit crypto-related heists and move stolen funds off cryptocurrency networks. For example, TRM Labs just investigated the recent BadgerDao hack and reported to investigators that, “Even if the hacker used only fraudulent identity documents when establishing accounts with exchanges, there remains a good possibility that … they may ultimately prove fatal to the hacker’s anonymity. As of this moment, the hacker has stolen well over $120 million worth of assets, converting them to bitcoin and ether.”
In the end, the BadgerDao hackers may go the way of the Polygon Network hackers and return most of the money they stole, since they will likely be unable to get the funds off the blockchain without risking arrest.
It’s simply a myth that blockchain networks are criminal havens. A July 2021 report from the intergovernmental Financial Action Task Force (FATF) shows that transactions that go through virtual asset service providers (VASPs), which include cryptocurrency exchanges, are significantly less likely to be criminal than those that go through self-hosted wallets or non-VASPs.
There’s no doubt in our mind that, in the future, the bad guys will have an easier time moving laundered money and theft proceeds over a plethora of opaque legacy payment networks than through transparent and relatively few well-protected blockchain networks.