CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 75% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.
US English

Crypto crime reached $14bn in 2021, Chainalysis finds

By Joyanta Acharjee

15:45, 18 February 2022

A neon-masked hacker
Cryptocurrency crime reached an all-time high last year according to Chainalysis – Photo: Shutterstock

Cryptocurrency crime reached an all-time high last year as thieves used ransomware to extort money from major corporations and malware to siphon digital currency from unsuspecting investors, a new report found.

In its Crypto Crime report, analysts at blockchain data firm Chainalysis said illicit cryptocurrency addresses received $14bn (£10.3bn, €12.4bn) in 2021, up from $7.8bn in 2020.

A table showing total cryptocurrency value received by illicit addresses – Credit: ChainalysisChainalysis

Across all cryptocurrencies tracked by Chainalysis, total transaction volume grew to $15.8trn in 2021, up over 500% from 2020’s totals.

“Given that roaring adoption, it’s no surprise that more cybercriminals are using cryptocurrency. But the fact that the increase in illicit transaction volume was just 79% - nearly an order of magnitude lower than overall adoption - might be the biggest surprise of all,” Chainalysis said.


Ransomware is on the rise – Credit: ChainalysisChainalysis

Malicious software known as ransomware takes control of a computer system to lock out users until a fee is paid.

Nearly all ransomware strains are initially delivered to victims’ devices through malware – malicious software installed on systems through devious means – and many large scale cryptocurrency exchange hacks have involved malware.

Chainalysis found that the average ransomware payment size was over $118,000 in 2021, up from $88,000 in 2020. Large payments such as the record $40m received by Phoenix Cryptolocker spurred this all-time high in average payment size.

What is your sentiment on BTC/USD?

Vote to see Traders sentiment!

Colonial Pipeline

The most high profile ransomware attack last year was on Colonial Pipeline, a major US oil infrastructure firm that was forced to temporarily cease operations after being hit.

Within hours of the attack, the pipeline firm paid a ransom of 75 bitcoin – worth around $4.4m at the time – to DarkSide, a Russia-based cybercriminal group responsible for the attack. Almost a week later Colonial was able to resume operations but the shutdown led to panic buying with temporary fuel shortages in several areas of the US.

A month later, the US Department of Justice managed to seize $2.3m worth of Bitcoin from Colonial’s ransom payment following an investigation. Tools supplied by Chainalysis were used in the investigation to track down some of the funds that had been out spread over the blockchain ecosystem.

Chainalysis found that one reason for the increase in ransom size is ransomware attackers’ focus on carrying out highly-targeted attacks against large organisations. This “big game hunting” strategy is enabled in part by ransomware attackers’ usage of tools provided by third-party providers to make their attacks more effective.


Blockchain analysts are seeing a shift away from ransoms paid in bitcoin to another cryptocurrency: monero.

Chainalysis notes that more and more attackers are demanding victims pay in monero due to the heightened anonymity it offers.

“While the vast majority of attackers continue to demand bitcoin, law enforcement and cybersecurity professionals should keep an eye out for ransom notes requesting monero or assets associated with other protocols with privacy-enhancing features, as this will change the investigative tactics they must employ,” Chainalysis said.


0.13 Price
+7.190% 1D Chg, %
Long position overnight fee -0.0753%
Short position overnight fee 0.0069%
Overnight fee time 21:00 (UTC)
Spread 0.0012872


3,505.63 Price
-0.100% 1D Chg, %
Long position overnight fee -0.0616%
Short position overnight fee 0.0137%
Overnight fee time 21:00 (UTC)
Spread 6.00


0.60 Price
+3.260% 1D Chg, %
Long position overnight fee -0.0753%
Short position overnight fee 0.0069%
Overnight fee time 21:00 (UTC)
Spread 0.01168


66,873.75 Price
-0.260% 1D Chg, %
Long position overnight fee -0.0616%
Short position overnight fee 0.0137%
Overnight fee time 21:00 (UTC)
Spread 106.00


A table showing types of malware – Credit: ChainalysisChainalysis

In recent years Chainalysis has observed hackers using malware to steal smaller amounts of cryptocurrency from individual users.

“These attacks take careful planning and skill to pull off, as they’re typically targeted against deep-pocketed, professional organisations and, if successful, require hackers to launder large sums of cryptocurrency.”

With other types of malware, less sophisticated hackers can take a cheaper “spray-and-pray” approach spamming millions of potential victims and stealing smaller amounts from each individual tricked into downloading malware.

Many different strains, or types, of malware are available for purchase on the Darknet – the uncharted part of the Internet that hasn’t been mapped by search engines – making it even easier for less sophisticated hackers to deploy them against victims.


Chainalysis believes the most prolific type of cryptocurrency-focused malware are cryptojackers, which obtain funds for malware operators by utilising the victim’s computing power to mine cryptocurrency.

The firm has seen Zcash and ethereum as well as monero mined on unwitting systems.

Since cryptojacked funds are moving to mining addresses unknown to Chainalysis rather than from a victim’s wallet to a new wallet, the firm said passively collecting data on cryptojacking was more difficult.

“However, we know it’s a big problem,” Chainalysis said.

Last year Cisco Systems’ cloud security division reported that cryptojacking malware affected 69% of its clients, which would translate to an incredible amount of stolen computer power and a significant amount of illicitly-mined cryptocurrency.

Network equipment and cybersecurity firm Palo Alto Networks estimated that 5% of all monero in circulation was mined by cryptojackers, which would represent over $100m in revenue, making cryptojackers the most prolific form of cryptocurrency-focused malware.

Illicit gains

So how much cryptocurrency are criminals currently holding?

Although impossible to know the true amount, Chainalysis estimates that as of early 2022, illicit addresses hold at least $10bn worth of cryptocurrency with the vast majority of this held by wallets associated with cryptocurrency theft.

Addresses associated with Darknet markets and with scams also contribute significantly to this figure, the blockchain analysis firm added.

Markets in this article

Bitcoin / USD
66873.75 USD
-174.15 -0.260%
47.37 USD
-0.73 -1.520%
Palo Alto Networks
331.08 USD
6.98 +2.160%
Palo Alto Networks
331.08 USD
6.98 +2.160%

Related topics

Rate this article

Related reading

The difference between trading assets and CFDs
The main difference between CFD trading and trading assets, such as commodities and stocks, is that you don’t own the underlying asset when you trade on a CFD.
You can still benefit if the market moves in your favour, or make a loss if it moves against you. However, with traditional trading you enter a contract to exchange the legal ownership of the individual shares or the commodities for money, and you own this until you sell it again.
CFDs are leveraged products, which means that you only need to deposit a percentage of the full value of the CFD trade in order to open a position. But with traditional trading, you buy the assets for the full amount. In the UK, there is no stamp duty on CFD trading, but there is when you buy stocks, for example.
CFDs attract overnight costs to hold the trades (unless you use 1-1 leverage), which makes them more suited to short-term trading opportunities. Stocks and commodities are more normally bought and held for longer. You might also pay a broker commission or fees when buying and selling assets direct and you’d need somewhere to store them safely.
Capital Com is an execution-only service provider. The material provided in this article is for information purposes only and should not be understood as investment advice. Any opinion that may be provided on this page does not constitute a recommendation by Capital Com or its agents and has not been prepared in accordance with the legal requirements designed to promote investment research independence. While the information in this communication, or on which this communication is based, has been obtained from sources that believes to be reliable and accurate, it has not undergone independent verification. No representation or warranty, whether expressed or implied, is made as to the accuracy or completeness of any information obtained from third parties. If you rely on the information on this page, then you do so entirely at your own risk.

Still looking for a broker you can trust?

Join the 630,000+ traders worldwide that chose to trade with

1. Create & verify your account 2. Make your first deposit 3. You’re all set. Start trading