Any new technology that can offer benefits to the world at large likely also has the potential to be abused by bad actors for their own personal gain. Operators in the industry associated with that technology need to work to stamp out that abuse — sometimes with the help of the public sector — so that new users can feel safe adopting the technology and the industry continues to grow. If they do this successfully, we’d expect to see illicit usage of the new technology make up a smaller and smaller share of total usage over time. That positive progress is exactly what we’ve seen with cryptocurrency.
Note: 2019 has an unusually high share of illicit activity largely due to the PlusToken Ponzi scheme
While cryptocurrency-based crime remains an important problem to solve, especially given that rising overall transaction volumes mean the raw value of illicit transactions is still growing, illicit activity has become a less prominent part of the overall cryptocurrency ecosystem over the last three years.
However, decentralized finance (DeFi0 specifically appears to be going through the same growing pains that cryptocurrency as a whole was previously, with illicit activity rising over the last two years.
Illicit DeFi transactions have risen steadily over the last three years, in terms of both raw value and as a share of all transaction value. We see this primarily in two areas: theft of funds through hacking, and abuse of DeFi protocols for money laundering. Let’s look at both in more detail below.
DeFi protocols are the go-to hacking target
The value stolen from DeFi protocols has been trending up since the beginning of 2021, reaching its highest-ever levels in Q1 2022, driven by hacks of the Ronin Bridge and Wormhole Network.
In fact, over the course of 2021, DeFi protocols became the go-to target for hackers looking to steal cryptocurrency.
DeFi protocols have accounted for an ever-growing share of all funds stolen from cryptocurrency platforms since the beginning of 2020, and lost the vast majority of stolen funds in 2021. As of May 1, DeFi protocols account for 97% of the $1.68 billion worth of cryptocurrency stolen in 2022.
Even worse, much of the cryptocurrency stolen from DeFi protocols has gone to hacking groups associated with the North Korean government, especially in 2022.
Already in 2022, North Korean hackers have had their biggest year yet for cryptocurrency theft at over $840 million, based entirely on hacks of DeFi protocols (it’s possible that North Korean hackers are responsible for other hacks, both of DeFi protocols and centralized services, that have yet to be attributed to them definitively). The data goes to show that shoring up DeFi protocols’ defenses against hackers isn’t just a matter of building trust with users so that DeFi can continue to grow. It’s also a matter of international security given that cryptocurrency stolen by North Korean hacking groups is used to support the country’s development of weapons of mass destruction.
DeFi-based money laundering on the rise too
Money laundering is another serious issue, as DeFi protocols represent a bigger and bigger share of all funds sent from illicit addresses to services over the last two years:
So far in 2022, DeFi protocols have become the biggest recipient of illicit funds, taking in 69% of all funds sent from addresses associated with criminal activity, compared to 19% in 2021. One reason for this is that DeFi protocols allow users to trade one type of cryptocurrency for another, which makes it more complicated to track the movement of funds — but unlike centralized services, many DeFi protocols provide this ability without taking know-your-client (KYC) information from users, making them more attractive to criminals. Chainalysis recently added cross-chain investigations features to Reactor to address the added complexities of DeFi-enabled chain-hopping.
DeFi-based money laundering is another area where North Korean hackers are leading the way. We saw an example of this in 2021, when the infamous Lazarus Group used several DeFi protocols to launder funds after stealing more than $91 million worth of cryptocurrency from a centralized exchange.
The hackers initially stole a variety of ERC-20 tokens, then used various DeFi protocols to swap those tokens for Ethereum. The hackers went on to send that Ethereum to a mixer and swap it again using DeFi protocols, this time for Bitcoin, before moving that Bitcoin to several centralized exchanges to liquidate it and receive cash. This is just one example of how hackers can abuse DeFi protocols for money laundering.
NFT wash trading lets users game the reward token system
In our 2022 Crypto Crime Report, we looked at examples of wash trading in the NFT market, and found that while most wash traders ended up losing money due to gas fees, the most successful ones turned large profits by artificially inflating their NFTs’ values and offloading them to unsuspecting users. Now, we’re going to look at another NFT wash trading scheme whose goals differ from conventional wash trading in one key way: Rather than inflating the value of any particular NFT, the goal of this scheme seems to be collecting reward tokens given out by the NFT marketplace used by the wash traders.
But before we dive in, we’ll give a quick primer on wash trading. Wash trading is a form of market manipulation in which a seller is on both sides of a trade — in other words, selling an asset to themselves — in order to create a misleading perception of that asset’s value or liquidity. Wash trading is relatively easy to do with NFTs, as some NFT trading platforms allow users to trade by simply connecting their wallet to the platform, with no need to identify themselves. One user could easily control multiple wallets and trade NFTs between them, and no one could know unless they took the time to analyze the wallets’ transaction histories.
Now, on to our example. Below, we see two wallets, which we’ve labeled Wash Trader 1 and Wash Trader 2, that have generated over 650,000 wETH in transaction volume each while selling the same three NFTs back and forth to one another.
All of this activity has taken place on the same NFT marketplace. At no point has either wallet sold any of the NFTs to an outside party, so for the time being, it doesn’t appear their goal is to rip off another NFT collector by selling them an artificially inflated asset. However, this particular marketplace offers incentive rewards in the form of its own native token to users whenever they buy, sell, or trade NFTs on the platform. The two wash trader wallets have generated huge amounts of the marketplace’s rewards token through wash trading. Not only that, but the wallets have upped their earnings even more by staking their rewards tokens.
All in all, between direct earnings from platform usage and staking, the two wash trading wallets have made over 106 million rewards tokens, currently worth over $185.5 million. Gas fees on the wash trades total just $114.6 million in gas fees, giving the wash trader(s) a profit of nearly $71 million. The wallets started with initial funding of 705.6 ETH, worth $2.4 million at the time of the first transfer, making this wash trading scheme a huge success.
This type of wash trading scheme isn’t victimless. For one, the NFT marketplace is being tricked into paying out rewards for phony activity. NFT collectors throughout the market are also potentially being tricked into thinking that this NFT marketplace has more transaction activity than it really does, and the same goes for the NFT collection the wash traders are using for their transactions.