What are cryptocurrencies? Why do they appeal to criminals? What role do they play in illicit activities? These are just some of the questions we’ll answer in the second cybercrime episode of Bar Lume, the Italian podcast on organized crime, mafia and terrorism!
Listen to the original podcast (in Italian) here
Six weeks ago, an era came to an end at Los Angeles airport: the founder of Bitcoin Fog, the longest-running Bitcoin laundering service on the so-called “dark web,” was arrested by U.S. federal authorities. Roman Sterlingov, 32, a Russian-Swedish national, is accused of having laundered, over the course of a decade, more than 1 million Bitcoins (the equivalent of 335 USD million at the time of the transactions) on behalf of drug traffickers, cybercriminals and abusers of various kinds.
Impressive as they are, these numbers are a drop in the ocean when considering that the total volume of criminal cryptocurrency transactions in 2020 was 10 USD billion. At the same time, these transactions only amount to 0.34% of the total crypto transaction volume in the world. So, what role do criminal activities play in the burgeoning crypto economy? To answer this question, we need to start with the basics.
What are cryptocurrencies?
Simply put, cryptocurrencies are digital currencies. They are “digital” in the sense that they only exist in cyberspace, unlike euros or dollars, and they are “crypto” in that the transactions involving them are protected by cryptography. Cryptocurrencies are not issued by States, so their value is not determined by a central authority, but by the law of supply and demand that rules the market economy. That may soon change in countries like China and Sweden, where central banks are piloting a digital versions of the national currency — but that’s another story.
Cryptocurrencies are issued of a technology called blockchain. A blockchain is nothing more than a digital ledger consisting of “blocks” of transactions linked together in a chain. The transactions recorded on these blocks are immutable and virtually impossible to falsify, as the consent of a certain number of network members (the so-called “nodes”) is required to approve them. Once approved, the transaction is marked with an irremovable time stamp and is permanently recorded in a block on the chain. In case of a typo, the transaction cannot be modified: a new one must be executed, which will in turn be added to the blockchain. Each computer in the network keeps a copy of the chain and can see in real time all the transactions that have been saved on it from its inception until the present moment.
The first and most famous cryptocurrency is certainly Bitcoin. Launched in 2008 by an individual — or group of individuals — under the pseudonym Satoshi Nakamoto, Bitcoin was born to allow direct digital payments between peers, without the intermediation — and therefore without the fees — of banks and traditional financial institutions. In other words, it was a subversive project, animated by the ideals of the cyberpunk movement that, since the 1990s, has opposed any form of online authority. But things have changed a lot since then.
Today, it’s estimated that more than 4,000 cryptocurrencies exist in the world, with a market capitalization of about 1.5 USD trillion. Investors of all sizes, types and origin have jumped into monetary speculation, while countless financial services, from digital wallets to virtual exchanges, have sprung up to support the use and circulation of cryptocurrencies.
Financial multinationals like Visa, Mastercard and PayPal now accept Bitcoin transactions; local authorities like Zug canton, Switzerland, accept them to pay taxes; and the world’s largest exchange between crypto and traditional currencies, Coinbase, recently went public with a market value of 86 USD billion.
What makes cryptocurrencies so appealing to criminals?
Cryptocurrencies possess several features that make them suitable for illegal activities.
The first one is anonymity, or better, pseudonymity. While transactions recorded on blockchains are perfectly transparent, the same cannot be said of their authors: they are in fact identified only by an alphanumeric pseudonym. The pseudonym is visible to anyone who has access to the chain, but does not reveal, at least directly, the identity of its owner. This has long allowed criminals to carry out illicit transactions without being tracked. But the era when Bitcoins were the preferred currency of criminals is coming to an end: authorities are now able to trace the individuals behind the digital pseudonyms. This was demonstrated by the arrest last April of a 40-year-old Milanese man who had paid the equivalent of 10,000 EUR in Bitcoin to a hitman to disfigure his ex-girlfriend. Confronted with the growing abilities of the authorities, criminals are therefore turning to other and safer cryptocurrencies, such as Monero and Zcash, which use sophisticated cryptographic systems to mask the pseudonyms of their owners, effectively guaranteeing their anonymity.
The second feature that makes digital currencies perfect for criminals is their limited regulation. Being a recent technology, with great technical complexity and a strongly international vocation, cryptocurrencies constitute a challenge for lawmakers, financial authorities and law enforcement. The international community, as well as many countries, including Italy, have adopted a number of regulations governing cryptocurrencies and combating their use for money laundering and terrorist financing. However, unregulated activities still remain numerous. For example, decentralized exchange platforms, whose use surged in 2020, are not subject to regulation in many jurisdictions because they do not store money deposits. Moreover, because they are decentralized, there is no person, physical or legal, to monitor transactions, and thus report any suspicious activity to authorities.
This brings us to the third advantage of cryptocurrencies: low barriers to entry. Many financial services associated with cryptocurrencies, especially unregulated ones, require very little, or no, proof of identity — to access certain decentralized exchange platforms, for example, you only need to enter an email address. This allows criminals to avoid the KYC (Know Your Customer) and AML procedures imposed on banks and financial institutions to identify the financing of crime or terrorism.
On top of this, there are the benefits inherent in blockchain transactions. In fact, this technology allows for fast, irrevocable and valid transactions worldwide, with negligible costs compared to the official financial system. In addition, cryptocurrencies allow for completely dematerialized money transfers, thus reducing the risks associated with carrying cash.
What are the crypto-related crimes?
Cryptocurrencies are present on at least three levels of criminal activity.
The first level includes illegal activities, both on and offline, in which cryptocurrencies are used as a method of payment. Among the major crimes that fall into this category are cyber extortion, which saw a 311% growth between 2019 and 2020. Remember Ryuk, the ransomware we talked about in our episode on EMOTET, “the king of cybercrime”? Users that fall victim of the Ryuk virus end up with their computers locked by a pop-up demanding a major payment in Bitcoin to unlock the operating system and avoid the deletion of all data. Hospitals across the world suffered this fate in 2020, with losses estimated at around 21 USD billion in the United States alone.
Cryptocurrencies are also becoming the main currency of exchange on the dark web. In fact, some of the major sites where you can buy drugs, weapons, child pornography, contraband goods and illegal services only accept payments in cryptocurrencies, often exclusively in anonymous currencies like Monero. With cryptocurrencies it is also possible to hire human traffickers, bribe public officials and finance extremist groups, from neo-Nazis to Islamic terrorists — to know more about the latter, you can to Giovanni’s episode, “Al-Qaeda and the money of terror”.
The second level concerns the crimes of which crypto are the object. The most frequent phenomenon, as much during the “crypto craze” of 2017–2018 as today, is financial fraud. It often happens that individuals or small groups announce the launch of a new cryptocurrency, raising “official” money from enthusiastic investors and offering them virtual coins in return (so-called Initial Coin Offerings, ICOs)— only to disappear with the money without ever minting a single coin. Another recurring fraud are Ponzi schemes, one of the most famous of which is PlusToken. It was a digital wallet that promised 30% profits and collapsed in 2019 leading to the loss of 6 USD billion of investors and the extradition of 6 Chinese nationals who had found refuge in the paradise island of Vanuatu, in the Pacific.
Among the most striking crypto thefts is KuCoin, a Singaporean exchange platform that was hacked last year for a total of 285 USD million, 46 of which remain in the hands of the thief today.
Also not to be underestimated is tax evasion. Last April, for example, the tax authority of Seoul, South Korea, confiscated the equivalent of 22 USD million from 836 individuals and 730 corporate representatives who had not declared the cryptocurrencies in their possession.
The third and final level concerns the services associated with illegally obtained crypto, such as money laundering for third parties. Indeed, even criminal proceeds in crypto, while less controlled than “official” currencies, must be cleaned up before they can be reused or converted to cash and vice versa. The KuCoin hacker, for example, tried to mask the origin of stolen coins by converting them into other cryptocurrencies through mixing platforms, such as Chipmixer and Wasabi Wallet, and decentralized exchange platforms, such as Uniswap. Both mixers and decentralized exchanges, in fact, do not subject users to identity verification or AML controls.
What about mafias? How do they use crypto?
Cryptocurrencies are used both by “traditional” organized crime groups, which exploit digital to facilitate their criminal activities, and by groups created for the exclusive purpose of committing cybercrimes. There are also intermediaries who facilitate the use of crypto by these two groups.
Among traditional criminal organizations, the Italian n’drangheta is a pioneer in the use of cryptocurrencies. In 2019, for example, the National Anti-Mafia Prosecutor’s Office discovered that the Locride n’drine planned to pay for cocaine shipments from Brazil in Bitcoin. More recently, transactions in Monero have been associated with n’dranghetists known to the authorities.
Organized crime also exploits cryptocurrencies to launder money. Colombian and Mexican cartels such as the Jalisco Nueva Generation and the Sinaloa Cartel, for example, have set up a system to clean up drug and prostitution proceeds with Bitcoins. Affiliates deposit the cash into various bank accounts, being careful not to exceed the 7,500 USD alert threshold. They then use the money to purchase Bitcoins that they later send anonymously, often through private wallets, to affiliates residing abroad.
Some criminal organizations prefer to delegate these operations to specialized groups. In 2019, for example, the Spanish Civil Guard dismantled a 15-person organization that provided cryptocurrency laundering services to criminal gangs around the world, a model known cryptolaundering-as-a-service. The group operated a cryptocurrency exchange platform, including two ATMs where criminals could deposit cash derived from their illegal activities. The Spanish group then proceeded to divide the money into various accounts under its control and move it around so as to mask its origin. Only then would they proceed to purchase digital currencies. Once they recived the payment from the client gangs, the Spaniards would send crypto to exchange platforms from which clients could convert them back into official currencies.
We have come to the end of our journey into the world of cryptocurrencies. As we have seen, digital currencies offer immense possibilities for criminals, both traditional and cyber, to move illegal proceeds avoiding, at least to a certain extents, the controls by financial authorities and law enforcement agencies. At the same time, criminal transactions represent less than 1% of the total. Moreover, law enforcement agencies are increasingly able to identify illicit transactions and their perpetrators and to collaborate to prevent or remedy their crimes, dismantling, where appropriate, criminal organizations born out of crypto activity.
What does the future hold for us? It’s hard to say, but it is desirable that the authorities update the crypto regulatory framework and harmonize it internationally, to be able to face the new technological challenges posed by cryptocurrencies such as Monero and Zcash and facilitate cross-border investigations.