Contrary to popular lore, cryptocurrencies are not a haven for anonymous criminals. In fact, armed with smart blockchain analytics, it’s easier to follow money trails on blockchains than it is on legacy payment networks, however a circuitous route they may take. What’s still hard to figure out — for the time being — is the identity of the criminals using various blockchain addresses to move their stolen funds, especially when they use self-hosted wallets.
We just published Predicts 2022: Prepare for Blockchain-Based Digital Disruption and forecast that “By 2024, successful cryptocurrency thefts and ransomware payments will drop by 30% due to criminals’ inability to move and spend funds off blockchain networks.”
Blockchains are More Transparent than Fiat Payment Networks
Transparent blockchains are much easier platforms for tracking criminal payments than siloed legacy payment systems ever were. Today, about 23 blockchains make up about 99% of all blockchains’ market cap. That means effective anti-blockchain-fraud systems must integrate with just 23 totally transparent platforms rather than thousands of enterprise systems and payment networks.
The hard part is turning the nondescript blockchain metadata into meaningful information and applying real time machine learning and analytics to the data. The good news is if that is done well, the intelligence can see across all the blockchain platforms at once, trace criminal and suspect payments and addresses, and identify abnormal money movement patterns that are often repeated.
Emerging Blockchain Intelligence Market
Vendors like Chainalysis Ciphertrace, a Mastercard company, Elementus and TRM Labs provide these kinds of insights to authorities who need forensics to investigate hacks. Increasingly, their software is used by exchanges and DeFi protocols to PREVENT the fraud in the first place.
It’s probably time to democratize these fraud prevention tools and let individual users acquire them directly, so they can be warned proactively before they transmit funds to a criminal address. Democratization of these tools is in the spirit of Web 3 finance, where users are their own bankers. But it does pose a tricky issue – i.e. how to keep the tools opaque enough that criminals can’t reverse engineer them and figure out how to evade detection and prevention tools during future heists.
Results are Starting to become Apparent
Aside from increasing adoption of rapidly advancing blockchain intelligence and fraud prevention tools, the government is also stepping in to make it harder to use cryptocurrency for criminal purposes
Consider these facts noted in our Predicts Report:
- The U.S. government is making a concerted effort to curtail ransomware attacks and has already issued sanctions against a Russian cryptocurrency exchange used by ransomware-related criminals.
- High-profile hacks and ransomware attacks in 2021 resulted in criminals returning stolen funds or law enforcement clawing them back. Criminals find it increasingly difficult to cover their blockchain tracks as investigators analyze blockchain and off-chain curated data to identify blockchain addresses where stolen funds are parked.
- Once stolen funds are marked, they cannot be easily moved off the blockchain for subsequent use without being seized by watchful parties and law enforcers.
When you add it all up, it is getting harder and harder for criminals to commit crypto-related heists and move stolen funds off cryptocurrency networks. For example, TRM Labs just investigated the recent BadgerDao Hack hack and reported to investigators that, “Even if the hacker used only fraudulent identity documents when establishing accounts with exchanges, there remains a good possibility that ……. (words removed). If so, they may ultimately prove fatal to the hacker’s anonymity. As of this moment, the hacker has stolen well over $120 million worth of assets, converting them to Bitcoin and Ether.”
In the end, the BadgerDao hackers may go the way of the Polygon Network hackers and return most of the money stolen since they will likely be unable to get the funds off the blockchain without getting arrested.
Low Percentage of Illicit Bitcoin Payments
It’s simply a myth that blockchain networks are criminal havens. See Figure 1 below that analyzes illicit Bitcoin transactions per four different companies, published in this July 2021 FATF Report The data shows estimates vary widely by information provider, and that transactions that go through VASPs are less likely to be criminal transactions than those that go through self-hosted wallets or non-VASPs.
The Wild West Settles Down
No doubt, in the future the bad guys will have an easier time moving laundered money and theft proceeds over a plethora of opaque legacy payment networks than through transparent and relatively few well-protected blockchain networks.
Blockchain fraud prevention and intelligence is ramping up quickly – as the Wild West settles down. Surely, outrageously high yields in crypto and DeFi will drop as well, as transaction risk declines, but that’s OK news for most of us.
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.