Last week I attended the first of a three-part webinar hosted by Chainalysis titled Crypto National Security Threats in 2023. This series is designed to cover their Crime Report of 2024 which covers trends, discoveries, etc. in the crypto and crime space. Within this presentation we were able to see both the good and the bad, where improvements can be made and where progress is easily on par with the traditional finance system.
Some Key Numbers First
- Illicit activity year of year onchain decreased a positive but it needs to maintain this for a couple more years so that the long-term picture reflects this
- Overall, on and off chain, illicit activity fell year over year as well but this level is roughly flat looking at a ~5 year picture
- Only 1% of all activity in the crypto space is illicit the rest is above board a great thing to see!
- I doubt it is surprising but BTC remains the crypto of choice for illicit activities over privacy coins which I wont lie surprised me because BTC is a terrible option compared to other cryptos out there
There was one particular number for 2023 that was not good at all. 2023 was the first year that $1 billion was paid in ransomware attacks. Steps and measures have been taken both by the community and regulators to address this but improvements need to be made.
The Darknet
This was the second topic discussed and Chainalysis shed some pretty interesting light on what is going on. Previosuly with Silk Road, Hydra Network, Silk Road 2.0 there was a predictable cycle. These marketplaces would gain market share and popularity, overall Darknet usage would increase, the marketplace would be shut down people would scatter and then slowly overtime another would take the formers place. With the various markets on the Darknet this is not the case anymore and what we are seeing is certain markets are becoming dominate in one particular area but not becoming a one stop shop.
Oddly enough it can be said that the marketplace in general is becoming more diversified.
NCA: Operation Fang Tooth / Cronos
You may or may not have heard of this one but this was and currently still is the widespread operation against the one stop shop of ransomware Lockbit. Unlike other operations that went in with the idea of "crushing" the marketplace the operations purpose was to destroy the credibility of the group involved. These groups require credibility to be used and so if they lose that they essentially will lose customers and confidence.
A big way that this was accomplished was along with arrests and other ways that Lockbit was disrupted by authorities their forward facing website was seized and authorities took credit for the success. When the various actors then tried to get it back they were either tracked down or twarted with only a couple of brief periods where the seizure page was not the only thing on the site.
As a result of this operation, which ran on BTC payments, 30k addresses that were involved were identified and of those roughly 500 were still active. To me it was hilarious to hear that $10 mil in crypto from these addresses were on exchanges that froze the accounts for the authorities... I mean why were you using major exchanges and not DEX's?!?! People never cease to blow my mind.
It might sound with the success that authorities believe or would say they have "taken down" Lockbit but that is not the case. Knowing how these groups operate they made it abundantly clear that they know that this is only a disruption and eventually in some way shape or form there will be a resurgence.
Final Thoughts
It was an extremely interesting first webinar that showed where improvements have been made and where some are still needed. Talking to the head of the NCA Operation was an extremely unique and fantastic moment. Having him break down what went on, how crypto was extremely useful in the takedown because of the public ledger, and seeing how authorities have changed how they look at groups like this was an amazing thing to see!