The use and implementation of cryptocurrencies has been increasing sharply over the last few years, as crypto cruises into the mainstream. But with the spread of new currencies, comes the rise of illicit uses and misuse.
CoinJournal analysed a report by Chainalysis to ascertain how widespread crypto crime is, which types are most prevalent and which years lost the highest amount of money to crypto criminals.
Crypto scams grew 82% in 2021 to $7.8 billion
72% of $3.2 billion in stolen funds were swiped from DeFi protocols
Scams as a percentage of total crypto transaction volume fell 66%
And how bad is crypto really, when compared to fraud in the trad-fi space? Is it all hyperbole, or do the naysayers have a point – is crypto really a cesspool for the bad-intentioned?
Crypto Crime Trends for 2022
Let us not beat around the bush here. The numbers here are pretty frightening, with crypto-based crime hitting $14 billion in 2021 according to the survey – that’s an (un)healthy increase from $7.8 billion in 2020.
But if we want to compare this to the trad-fi sector, we need to strip some categories out. Terrorism financing, the equivalent of darknet material and many of the other categories are simply too broad to quantify in the fiat world. I think we can all agree that the US dollar isn’t so pristine that it’s immune to being used for buying drugs, paying for stolen goods and myriad other clandestine activities which the above categories cover.
What we want to focus on here is whether crimes “specific” to cryptocurrency are as prevalent as mainstream media makes them out to be, and how they compare to trad-fi. By that, we mean fraud, hacks, scams and anything of that ilk. While this will undoubtedly be somewhat of an apples-to-oranges comparison, what’s a bit of poetic licence between friends?
Crypto Scams & Stolen Funds
As the chart above shows, in terms of growth year over year, the two categories of interest to us also happened to be the two biggest movers: scams and stolen funds. Scams grew 82% in 2021 to $7.8 billion, while $3.2 billion worth of cryptocurrency was stolen in 2021 — a 516% increase compared to 2020.
So yeah, that’s not great. But let us not be guilty of simply reading the headline numbers – that would make our jobs far too easy. In digging deeper, one thing stands out – the vast majority of this growth took place in DeFi, which also happens to be the newest “sub-industry” within the crypto space.
72% of the $3.2 billion in stolen funds were swiped from DeFi protocols. As for scams, $2.8 billion of the $7.8 billion can be attributed solely to rug pulls – the classic (new) scam of the DeFi arena, whereby founders create a cryptocurrency before wiping the liquidity and running off with investors’ funds.
In reality, the total loss is actually higher, as the $2.8 billion only includes the drained liquidity – and not the subsequent devaluation of the native tokens, which invariably crater >90%.
Contextualising the figures
So can we give DeFi a pass, as the nascent industry bootstraps itself from nothing to taking on the entire monetary system? While the figures above tell us that scams and stolen funds cumulatively rose 129% from $4.8 billion to $11 billion, transaction volume within DeFi grew 912% in the same period. Total cryptocurrency transaction volume grew 567% from 2020 to 2021. So when viewed through a holistic lens, while certainly not pretty, it does help paint a little more colour.
On the other hand, is this completely out of whack on a proportional basis with what we are seeing in the trad-fi world?
This study from UK Finance shows £1.28 billion ($1.67 billion) was stolen from payment card fraud (credit, debit, charge and ATM only cards) in 2019. The below graph displays study results of online banking fraud losses from the UK between 2010 and 2020, amounting to $160 million in 2020. Bear in mind this is just UK banking, not global. However, the figures do pale compared to what we are seeing in DeFi, even if the latter is global.
Online banking fraud losses in the UK, data via Statista
But online banking is hardly new, whereas DeFi most definitely is. As hysteria was fuelled by meme-pumping, up-only narratives on the Binance Smart Chain (Safemoon), Ethereum (Shiba Inu) and more, retail money poured in as investors (or, we should say, gamblers) sought to catch the next get-rich quick wave.
The space was a quagmire of gambling throughout the year, which somewhat cloaked the underlying value that was being built by genuine projects. DeFi is too broad to just fire in all these projects together, when some are aiming to create genuine utility and others are simply copycat forks with no realistic hopes of creating anything value-add. And if DeFi is too broad a term, then cryptocurrency most definitely is.
We must be wary of painting the entire DeFi industry with the same brush, just as we would never tarnish the entire trad-fi sector for similar issues. The infamous Wirecard scam ran for a decade and resulted in a $2 billion hole on the balance sheet, but the auditors (KPMG) continue to operate. Elsewhere, Bernie Madoff’s circus act resulted in an estimated fraud of $64.8 billion.
Even Jordan Belfort was estimated to have single-handedly caused investor losses of $200 million, and he ended up with a swashbuckling Leonardo Di Caprio immortalizing him.
In truth, trad-fi is far too large to try to quantify the extent of the losses, the size of the industry, and what the growth in crime is. But let us not pretend that DeFi, or crypto at large, is the first sector within the financial industry to be tarnished by malevolent activity. The unfortunate reality is that with growth as meteoric as crypto has experienced, there will always be leeches with bad intentions who try to manipulate the change to their advantage, especially when that change is occurring too fast for regulators to catch up.
The real difference here is the size of the individual heists that are possible within DeFi. If we break down the figures further, we see that of the $2.8 billion in rug pulls that occurred in 2021, 90% came from one fraudulent exchange- Thodex – whose CEO Faruk Fatih Ozer fled after suspending customers’ ability to withdraw funds. He is now facing a 40,000 year (!) sentence in Turkey if authorities ever catch him.
Axie Infinity were hacked recently for $625 million, when a hacker seized control of private security keys. Last year, Poly Network were the victims of a $600 million hack, although the tale took a bizarre twist when the hacker returned the funds and ended up getting offered a job as Chief Security Advisor.
Indeed, the white hat hacker in the Poly Network case is far from the only benevolent computer whizz, as SushiSwap got alerted to a massive $350 million vulnerability in their code by a white-hat hacker, while Polygon actually paid a $2 million bounty when they were recently tipped them off to a bug which could have caused $850 million in losses.
However, white-hat or mal-intentioned, the reality is that it is significantly easier to pull off heists of this scale – hundreds of millions of dollars – from your laptop, at home on the blockchain, rather than in the trad-fi world. So while the overall numbers are coming down as crypto matures, including for these isolated incidents, the money in the space and the potential to act anonymously does offer a unique opportunity.
It is challenging to imagine heists of this scale going unnoticed too often in the trad-fi world, but then again, they do happen – as we mentioned with several cases above.
The Chainalysis report does, however, note the increased ability of law enforcement to prosecute crimes, mentioning recent efforts of the CFTC filing charges against several investment scams, the FBI’s takedown of the prolific REvil ransomware strain and OFAC’s sanctioning of Suex and Chatex – two Russia-based cryptocurrency services heavily involved in money laundering. And this is an area we want to dig more into.
The IRS also announced that they had seized over $3.5 billion worth of illicitly obtained cryptocurrency in 2021, the US Department of Justice seized $56 million in the infamous BitConnect fraud and a further $2.3 million in the Colonial Pipeline ransom attack.
Increasingly, law enforcement have been able to target the crypto-fiat bridge to help persecute these activities. The transparency that the blockchain offers is actually a problem in that sense for criminals, as “washing” the money becomes difficult on a large scale, when the world can watch what is happening on the blockchain. It may be easier to move it around virtually, but if you want to bridge into fiat, it requires significantly more ingenuity.
Predicting going forward
Looking at the fact that cryptocurrency transaction volume grew 567% to $15.8 trillion from 2020 to 2021, yet scams and stolen funds grew only 129%, this represents a fall of 66% in the illicit activity as a proportion of transaction volume, which is a more representative metric than simply looking at the figures for scams and stolen funds in isolation.
If we extrapolate forward and look at a case whereby cryptocurrency transaction volume stays at that $15.8 trillion level for 2022, then this same 66% fall in scams and stolen funds as a percentage of volume would mean scams and stolen funds in 2022 would land at $3.7 billion, significantly down from the $11 billion in 2020.
So without the meteoric growth across the industry, the frequency of such heists is actually falling substantially – which the graph below extrapolating the 2021 figures to this year shows (forgive the little bit of axes crime, it’s just a visual representation!).
So, to close, authorities are beginning to understand and police the previously wild west world of crypto more and more. Persecutions are happening at an increasing rate, and regulation is catching up. The figures suggest that with DeFi and cryptocurrency’s explosive growth, hacks and security breaches are actually coming down, on a proportional basis. While hard to quantify, such problems of course happen in the trad-fi world too.
However, having said that, the size of the individual hacks we do see in crypto are concerning. Customers need to be extra vigilant with their funds and prudent with their custody practices. The industry may be growing at a relentless rate, and the scale of the problem may be exaggerated – especially when compared to similar events in the trad-fi world – yet it is still a problem.
But if trends continue going forward, we are on the right track.