Crypto Crime: Rampant or Under Control?

Jurisdictions against e-money tokens commonly cite illegal activity as a reason for rejection. These illegal activities include black market trading, terrorist financing, money laundering, and ransomware attacks just to name a few. At the start of 2021, US Treasury Secretary, Janet Yellen, urged lawmakers to limit Bitcoin usage, which she claims is used primarily for illegal activity. (1)

In this article, we look at expert research and statistics to test the veracity of her statement and consider the best ways forward.

It was recently reported by Chainalysis, the same company that brought the notorious darknet marketplace, Silk Road, that in 2020 only 0.34% of Bitcoin’s yearly volume was used in illegal transactions. The majority of this 0.34% comprised of scams (2). These scams can come in the form of Ponzi schemes, fraudulent initial coin offerings (ICO), high yield investment programs (HYIPs) and scams designed to gain access to private keys (3). Taking a closer look, you would find that none of these scams exploit weaknesses in cryptocurrency itself. Rather, these scams operate by exploiting weaknesses in human nature, an existing problem with or without cryptocurrency.

In terms of actual figures, the same report shows 21.4 billion USD worth of illicit crypto transactions in 2019 and 10.0 billion USD in 2020 (4). Put into perspective, the global figure for just fraud alone is estimated to be 5.127 trillion USD a year (5). Meanwhile, the UN estimates that 800 billion - 2 trillion USD of global GDP is laundered each year (6). These figures suggest that fiat currency continues to be, by a huge margin, the financial medium of choice for illicit activity. The purported role of illegal activity as a deterrent to the implementation of cryptocurrency is therefore often overstated.

The existence of criminal activity, however, should not be interpreted to mean that cryptocurrency is axiomatically flawed (as many do). Instead, the existence of criminal activity simply means that there is room to improve blockchain systems either through technology or legal reform.

1. Ransomware

Ransomware is considered by many to be the most destructive of all crypto-related crimes. This is because of its potential to disrupt governments, businesses, and market activity (7). Ransomware is a type of malware designed by hackers to hold its victim’s information for ransom. Hackers then demand these ransoms to be paid in cryptocurrency due to its anonymous and hard-to-trace features (8).

In 2017, a ransomware called WannaCry took over 250,000 computer systems in 150 countries, locking users out of their systems with a demand to pay 300 USD in Bitcoin to free their systems (9). More recently, at the height of the COVID-19 pandemic, hospitals across Europe, the UK and the United States were targeted by ransomware attackers who exploited the panicked, understaffed and overcrowded state that many hospitals were in (10).

The evasiveness of cryptocurrency is not infallible, however. According to a US Department of Justice publication on cryptoasset forfeiture, blockchain technology can actually help law enforcement track down illicit funds (11). On the recent recovery of 2.3 million USD from a ransomware attack on Colonial Pipeline, Maddie Kennedy of Chainalysis said that the hackers’ use of cryptocurrency helped them understand their supply chain and operations which allowed law enforcement to disrupt them, and led to the recovery of the stolen funds (12).

Considering the threat significance of ransomware, governments should be devoting more resources to keep ransomware in check. For example, the US’s success in retrieving Colonial Pipeline’s funds was due to their willingness to allocate resources into private investigators like Chainalysis and into developing anti-ransomware software of their own (13).

The establishment of an international coalition can also be a catalyst for the development of international best practices to combat ransomware. An example of this would be the establishment of an incident response division tasked specifically to act as insurance for companies targeted by ransomware attacks, while specialists work on decrypting information held at ransom and tracking down the attackers.

2. Money laundering

Anti-money laundering and know your customer (AML/KYC) frameworks or guidelines exist in most developed countries today (14). Such frameworks often require cryptocurrency exchanges to apply for licenses which are only granted once they meet certain anti-money laundering standards. These standards include collecting customer information, typically name, proof of official documents, residential address, and date of birth.

The problem with these rules, however, is that although one country has strict AML/KYC rules, its citizens are free to use third-party applications developed by other jurisdictions with weaker or non-existing AML/KYC requirements. In this regard, an anti-money laundering convention is often recommended to ensure countries abide by similar standards.

The United Nations Convention against Transnational Organized Crime (“UNTOC”), entered into force in September 2003, was designed to tackle international money laundering, among other transnational crimes. With 190 parties and 147 signatories, UNTOC could be the platform needed to set international AML/KYC standards (15).

While it could be argued that countries refusing to sign on may act as safe havens for bad actors, one should keep in mind that money laundering is not automatically enabled without AML/KYC standards. A solution such as that proposed by Europe’s Markets in Crypto-assets (“MiCA”) could be used, where decentralised exchanges are banned from trading in the EU if they are not incorporated by an EU member state under its AML/KYC rules (16). By banning or delegitimising platforms that are not licenced in ratified member states, non-participating countries experience the loss of significant markets.

The technological solution

Cryptocurrency is constantly evolving, and interested parties are working around the clock to solve the problems presented by cryptocurrencies today.

A token-based Central Bank Digital Currency (“CBDC”) called EUROchain is currently being developed by the European Central Bank (ECB). It utilises blockchain technology to maintain anonymity while maintaining compliance with AML/KYC and combating the financing of terrorism (CFT) regulations. Computer scientist and cryptographer David Chaum and his team have put forward similar designs which claim to improve upon EUROchain’s architecture (18).

Separate work is underway to design semi-centralised virtual currencies which aim to strike a balance between data protection and the prevention of crime. Semi-centralised virtual currencies distribute authority among a small set of trusted parties who are generally distrusting of each other (e.g. central banks). These parties are given the authority to view private transaction information only in the event they jointly agree to do so (19).

Conclusion

All things considered, it is only natural that many dismiss cryptocurrency for its use in disguising bad actors. However, statistical evidence suggests that cryptocurrency is not as widely used in criminal activity as Janet Yellen and others like her would lead us to believe. Moreover, cryptographers, legal professionals, governmental agencies and other cryptocurrency stakeholders are constantly working on ways to keep cryptocurrency away from the hands of criminals in the future.

Reference:

1. Harry Robertson, ‘Janet Yellen Suggests “curtailing” Cryptocurrencies Such as Bitcoin, Saying They Are Mainly Used for Illegal Financing’ (2021) https://markets.businessinsider.com/news/currencies/bitcoin-price-cryptocurrency-should-be-curtailed-terrorism-concerns-yellen-2021

2. Chainalysis, ‘The 2021 Crypto Crime Report’ (2021) 5 https://www.kasbati.com.pk/images/pdf/the-2021-crypto-crime-report---chainalysis.pdf

3. Emad Badawi and Guy V Jourdan, ‘Cryptocurrencies Emerging Threats and Defensive Mechanisms: A Systematic Literature Review’ (2020) 8 IEEE Access 200021, 200035

4. Chainalysis, ‘The 2021 Crypto Crime Report’ (2021) 5 https://www.kasbati.com.pk/images/pdf/the-2021-crypto-crime-report---chainalysis.pdf

5. Jim Gee and Mark Button, ‘The Financial Cost of Fraud 2019’ (2019)

6. United Nations: Office on Drugs and Crime, ‘Money Laundering’ https://www.unodc.org/unodc/en/money-laundering/overview.html

7. Chainalysis, ‘The 2021 Crypto Crime Report’ (2021) 5 https://www.kasbati.com.pk/images/pdf/the-2021-crypto-crime-report---chainalysis.pdf

8. Joshua W Baron and others, National Security Implications of Virtual Currency: Examining the Potential for Non-State Actor Deployment (RAND Corporation 2015) 44; Holtzclaw J and Sawyer R, ‘Ransomware: Paying Cyber Extortion Demands in Cryptocurrency’ (Marsh, 2021) https://www.marsh.com/us/insights/research/ransomware-paying-cyber-extortion-demands-in-cryptocurrency.html accessed 15 September 2021

9. Financial Stability Board (FSB), ‘Cyber Lexicon’ (2018) 1 https://www.fsb.org/wp-content/uploads/P121118-1.pdf

10. National Cyber Security Centre and Cybersecurity & Infrastructure Security Agency, ‘Advisory: COVID-19 Exploited by Malicious Cyber Actors’ (2020) 7

11. Neal B Christiansen and Julia E Jarrett, ‘Forfeiting Cryptocurrency: Decrypting the Challenges of a Modern Asset’ (2019) 67 DOJ Journal of Federal Law and Practice 155, 166

12. Brett Wolf, ‘Recovery of Colonial Pipeline Ransom Funds Highlights Traceability of Cryptocurrency, Experts Say’ (Thomson Reuters, 2021) https://www.thomsonreuters.com/en-us/posts/investigation-fraud-and-risk/colonial-pipeline-ransom-funds/

13. Institute for Security and Technology (IST), ‘Combating Ransomware: A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force’ (2021) 43 – 44; Danny Nelson, ‘Inside Chainalysis’ Multimillion-Dollar Relationship With the US Government’ (Coindesk, 2020) https://www.coindesk.com/inside-chainalysis-multimillion-dollar-relationship-with-the-us-government

14. Osborne Clarke, ‘The Treatment of E-Money and Virtual Currencies across Jurisdictions’ (2018) https://www.osborneclarke.com/wp-content/uploads/2018/06/The-treatment-of-e-Money-and-virtual-currencies-across-jurisdictions.pdf

15. United Nations Treaty Collection, ‘Status of Ratification’ (2021) https://treaties.un.org/pages/ViewDetails.aspx?src=TREATY&mtdsg_no=XVIII-12&chapter=18&clang=_en ; United Nations Convention against Transnational Organized Crime A/RES/55/25 (2003)

16. CipherTrace, ‘Half of 2020 Crypto Hacks Are from DeFi Protocols and Exchanges’ (2020) https://ciphertrace.com/half-of-2020-crypto-hacks-are-from-defi-protocols-and-exchanges/

17. Robby Houben and Alexander Snyers, ‘Crypto-Assets: Key Developments, Regulatory Concerns and Responses’ (2020), 33 https://www.europarl.europa.eu/RegData/etudes/STUD/2020/648779/IPOL_STU(2020)648779_EN.pdf accessed 30 June 2021

18. David Chaum, Christian Grothoff and Thomas Moser, ‘How to Issue a Central Bank Digital Currency’ (2021), 28

19. Joshua W Baron and others, National Security Implications of Virtual Currency: Examining the Potential for Non-State Actor Deployment (RAND Corporation 2015) 18, 44