Crypto crime reached $14bn in 2021, Chainalysis finds
15:45, 18 February 2022
Cryptocurrency crime reached an all-time high last year as thieves used ransomware to extort money from major corporations and malware to siphon digital currency from unsuspecting investors, a new report found.
In its Crypto Crime report, analysts at blockchain data firm Chainalysis said illicit cryptocurrency addresses received $14bn (£10.3bn, €12.4bn) in 2021, up from $7.8bn in 2020.
Across all cryptocurrencies tracked by Chainalysis, total transaction volume grew to $15.8trn in 2021, up over 500% from 2020’s totals.
“Given that roaring adoption, it’s no surprise that more cybercriminals are using cryptocurrency. But the fact that the increase in illicit transaction volume was just 79% - nearly an order of magnitude lower than overall adoption - might be the biggest surprise of all,” Chainalysis said.
Ransomware
Malicious software known as ransomware takes control of a computer system to lock out users until a fee is paid.
Nearly all ransomware strains are initially delivered to victims’ devices through malware – malicious software installed on systems through devious means – and many large scale cryptocurrency exchange hacks have involved malware.
Chainalysis found that the average ransomware payment size was over $118,000 in 2021, up from $88,000 in 2020. Large payments such as the record $40m received by Phoenix Cryptolocker spurred this all-time high in average payment size.
What is your sentiment on BTC/USD?
Colonial Pipeline
The most high profile ransomware attack last year was on Colonial Pipeline, a major US oil infrastructure firm that was forced to temporarily cease operations after being hit.
Within hours of the attack, the pipeline firm paid a ransom of 75 bitcoin – worth around $4.4m at the time – to DarkSide, a Russia-based cybercriminal group responsible for the attack. Almost a week later Colonial was able to resume operations but the shutdown led to panic buying with temporary fuel shortages in several areas of the US.
A month later, the US Department of Justice managed to seize $2.3m worth of Bitcoin from Colonial’s ransom payment following an investigation. Tools supplied by Chainalysis were used in the investigation to track down some of the funds that had been out spread over the blockchain ecosystem.
Chainalysis found that one reason for the increase in ransom size is ransomware attackers’ focus on carrying out highly-targeted attacks against large organisations. This “big game hunting” strategy is enabled in part by ransomware attackers’ usage of tools provided by third-party providers to make their attacks more effective.
Monero
Blockchain analysts are seeing a shift away from ransoms paid in bitcoin to another cryptocurrency: monero.
Chainalysis notes that more and more attackers are demanding victims pay in monero due to the heightened anonymity it offers.
“While the vast majority of attackers continue to demand bitcoin, law enforcement and cybersecurity professionals should keep an eye out for ransom notes requesting monero or assets associated with other protocols with privacy-enhancing features, as this will change the investigative tactics they must employ,” Chainalysis said.
Malware
In recent years Chainalysis has observed hackers using malware to steal smaller amounts of cryptocurrency from individual users.
“These attacks take careful planning and skill to pull off, as they’re typically targeted against deep-pocketed, professional organisations and, if successful, require hackers to launder large sums of cryptocurrency.”
With other types of malware, less sophisticated hackers can take a cheaper “spray-and-pray” approach spamming millions of potential victims and stealing smaller amounts from each individual tricked into downloading malware.
Many different strains, or types, of malware are available for purchase on the Darknet – the uncharted part of the Internet that hasn’t been mapped by search engines – making it even easier for less sophisticated hackers to deploy them against victims.
Cryptojacking
Chainalysis believes the most prolific type of cryptocurrency-focused malware are cryptojackers, which obtain funds for malware operators by utilising the victim’s computing power to mine cryptocurrency.
The firm has seen Zcash and ethereum as well as monero mined on unwitting systems.
Since cryptojacked funds are moving to mining addresses unknown to Chainalysis rather than from a victim’s wallet to a new wallet, the firm said passively collecting data on cryptojacking was more difficult.
“However, we know it’s a big problem,” Chainalysis said.
Last year Cisco Systems’ cloud security division reported that cryptojacking malware affected 69% of its clients, which would translate to an incredible amount of stolen computer power and a significant amount of illicitly-mined cryptocurrency.
Network equipment and cybersecurity firm Palo Alto Networks estimated that 5% of all monero in circulation was mined by cryptojackers, which would represent over $100m in revenue, making cryptojackers the most prolific form of cryptocurrency-focused malware.
Illicit gains
So how much cryptocurrency are criminals currently holding?
Although impossible to know the true amount, Chainalysis estimates that as of early 2022, illicit addresses hold at least $10bn worth of cryptocurrency with the vast majority of this held by wallets associated with cryptocurrency theft.
Addresses associated with Darknet markets and with scams also contribute significantly to this figure, the blockchain analysis firm added.
Markets in this article