ETHUSD Ethereum

Stages of crypto money laundering

Crypto money laundering follows a structured process designed to hide the source of illicit funds. Criminals use sophisticated methods to bypass regulatory oversight and Anti-Money Laundering (AML) measures. The process unfolds in several stages: 

• Step 1 — Gathering funds: The first step involves gathering funds obtained illegally, often from organized crime or fraudulent activities. These illicit earnings need to be moved discreetly to avoid detection by regulatory authorities. 
• Step 2 — Moving funds into the crypto ecosystem: Criminals now move illicit funds into the financial system by purchasing cryptocurrencies. The modus operandi is to buy cryptocurrencies through multiple transactions across crypto exchanges, particularly those with weak AML compliance. To make tracking more complex, they may convert funds into different digital assets like Ether (ETH), Polkadot (DOT) or Tether’s USDt (USDT). 
• Step 3 — Juggling of funds: At this stage, the criminals hide the funds’ ownership. For this purpose, they move their crypto assets through a series of transactions across different platforms, exchanging one cryptocurrency for another. Often, funds are transferred between offshore and onshore accounts to further complicate tracing. 
• Step 4 — Reintroducing cleaned money into the system: The final step involves reintroducing the cleaned money into the economy, which they do through a network of brokers and dealers. They now invest the money in businesses, real estate or luxury assets without raising suspicion.

Did you know? Taiwan’s Financial Supervisory Commission has mandated that all local virtual asset service providers (VASPs) must adhere to new AML regulations by 2025.

Various methods criminals use to launder cryptocurrencies

Criminals employ several methods to launder illicitly obtained digital assets. From non-compliant exchanges to online gambling platforms, they use various techniques to conceal the transaction trail. 

Below is some brief information about the methods criminals use.

Non-compliant centralized exchanges

Criminals use non-compliant centralized exchanges or peer-to-peer (P2P) platforms to convert cryptocurrency to cash. Before being converted into fiat, the cryptocurrency is processed through intermediary services like mixers, bridges or decentralized finance (DeFi) protocols to obscure its origins. 

Despite compliance measures, centralized exchanges (CEXs) handled almost half of these funds. In 2022, nearly $23.8 billion in illicit cryptocurrency was exchanged, a 68% surge from 2021. 

Decentralized exchanges (DEXs)

DEXs operate on a decentralized, peer-to-peer basis, meaning transactions occur directly between users using smart contracts rather than through a CEX. These exchanges are currently largely unregulated, which criminals use for swapping cryptocurrencies and making investigations harder.

The absence of traditional Know Your Customer (KYC) and AML procedures on many DEXs allows for anonymous transactions.

Mixing services

Cryptocurrency mixers, also called tumblers, enhance anonymity by pooling digital assets from numerous sources and redistributing them to new addresses randomly. They obscure the funds’ origins before they are sent to legitimate channels. 

A well-known example of criminals using crypto mixers is Tornado Cash, which was used to launder over $7 billion from 2019 until 2022. The developer of the mixer was arrested by Dutch authorities.

Bridge protocols

Crosschain bridges, designed to transfer assets between blockchains, are exploited for money laundering. Criminals use these bridges to obscure the origin of illicit funds by moving them across multiple blockchains, making it harder for authorities to track transactions. 

By converting assets from transparent networks to privacy-enhanced blockchains, criminals evade scrutiny and reduce the risk of detection. The lack of uniform regulatory oversight across different chains facilitates illicit activity.

Online gambling platforms

Cryptocurrency money launderers frequently exploit gambling platforms. They deposit funds from both traceable and anonymous sources, then either withdraw them directly or use collusive betting to obscure the funds’ origin. This process effectively “legitimizes” the money. 

The Financial Action Task Force (FATF), in its September 2020 report, identified gambling services as a money laundering risk, specifically highlighting suspicious fund flows to and from these platforms, especially when linked to known illicit sources.

Nested services

Nested services encompass a wide range of services that function within one or more exchanges, using addresses provided by those exchanges. Some platforms have lenient compliance standards for nested services, creating opportunities for bad actors. 

On the blockchain ledger, transactions involving nested services appear as if they were conducted by the exchanges themselves rather than by the nested services or individual users behind them.

Over-the-counter (OTC) brokers: A commonly used nested service for money laundering

OTC brokers are the most prevalent nested service criminals use for crypto money laundering because they allow them to conduct large cryptocurrency transactions securely and efficiently with a degree of anonymity.

Transactions may involve different cryptocurrencies, such as Bitcoin (BTC) and ETH, or facilitate conversions between crypto and fiat currencies, like BTC and euros. While OTC brokers match buyers and sellers in exchange for a commission, they do not participate in the negotiation process. Once the terms are set, the broker oversees the transfer of assets between parties.

To combat North Korean cybercrime, the US government has taken strong action against the Lazarus Group’s money laundering activities. In August 2020, the US Department of Justice (DOJ) sought to seize 280 cryptocurrency addresses tied to $28.7 million in stolen funds following an investigation into a $250-million exchange heist.

Further, in April 2023, the Office of Foreign Assets Control (OFAC) sanctioned three individuals, including two OTC traders, for aiding Lazarus Group in laundering illicit funds, highlighting the group’s continued reliance on OTC brokers.

Did you know? Microsoft Threat Intelligence identifies Sapphire Sleet, a North Korean hacking group, as a key actor in crypto theft and corporate espionage.

The evolving landscape of crypto money laundering, explained

The complex landscape of crypto money laundering involves a dual infrastructure. While CEXs remain primary conduits for illicit funds, shifts are evident. Crosschain bridges and gambling platforms are witnessing increased usage, reflecting evolving criminal tactics. Analysis of deposit address concentrations and crime-specific patterns highlights vulnerabilities. 

Crypto money laundering infrastructure

Broadly, crypto money laundering infrastructure can be categorized into intermediary services and wallets. Intermediary services include mixers, bridge protocols, decentralized finance (DeFi) protocols and other such services. On the other hand, fiat off-ramping services include any service that can help one convert crypto into fiat currency. 

While centralized exchanges are more commonly used for this purpose, criminals may also use P2P exchanges, gambling services and crypto ATMs. Crypto criminals use intermediary services to hide the origin of funds by concealing the onchain link between the source address and the current address.

Key channels used for crypto money laundering

Different financial services vary in their ability to combat money laundering. Centralized exchanges, for example, possess more control over transactions and have the authority to freeze assets linked to illicit or suspicious sources. However, DeFi protocols operate autonomously and do not hold user funds, making such interventions impractical. 

The transparency of blockchain technology enables analysts to track funds passing through DeFi platforms, which is often more difficult with centralized services. Centralized exchanges continue to be the primary destination for assets originating from illicit sources, with a relatively stable trend between 2019 and 2023. There was a significant uptick in ransomware proceeds being funneled to gambling platforms and an increase in ransomware wallets sending funds to bridges.

Tracking illicit funds through deposit addresses

Deposit addresses, which function similarly to bank accounts on centralized platforms, reveal how financial flows are concentrated. In 2023, a total of 109 exchange deposit addresses each received over $10 million in illicit crypto, collectively accounting for $3.4 billion. Comparatively, in 2022, only 40 addresses surpassed the $10 million mark, accumulating a combined total of just under $2 billion.

The concentration of money laundering activity also varies by crime type. For instance, ransomware operators and vendors of illegal content exhibit a high degree of centralization. Seven key deposit addresses accounted for 51% of all funds from exchanges from illegal content vendors, while nine addresses handled 50.3% of ransomware proceeds. 

Criminals’ shift to crosschain and mixing services

Sophisticated criminals are increasingly turning to crosschain bridges and mixing services to obfuscate their financial transactions. Illicit crypto transfers through bridge protocols surged to $743.8 million in 2023, more than doubling from the $312.2 million recorded in 2022. There has been a sharp rise in funds transferred to crosschain bridges from addresses linked to stolen assets. 

Cybercriminal organizations with advanced laundering techniques, such as North Korean hacking groups like Lazarus Group, leverage a diverse range of crypto services. Over time, they have adapted their strategies in response to enforcement actions. The shutdown of the Sinbad mixer in late 2023, for example, led these groups to shift toward other mixing services like YoMix, which operates on the darknet.

National and international frameworks for crypto AML

Governments worldwide have implemented laws and guidelines to prevent crypto money laundering. Various national jurisdictions have put in place regulatory frameworks to ensure compliance.

United States

The Financial Crimes Enforcement Network (FinCEN) regulates crypto asset service providers to prevent money laundering in the US. Crypto exchanges function under the Bank Secrecy Act, which requires the exchanges to register with FinCEN and implement AML and Counter-Terrorist Financing programs. They have to maintain proper records and submit reports to authorities.

Canada

Canada was the first country to introduce crypto-specific legislation against money laundering through Bill C-31 in 2014. Transactions involving virtual assets fall under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and related regulations, requiring compliance from entities dealing in digital currencies.

European Union

The Markets in Crypto-Assets (MiCA) Regulation aims to safeguard consumers from crypto-related financial risks. The EU-wide Anti-Money Laundering Authority (AMLA) has also been set up. Crypto Asset Service Providers (CASPs) must collect and share transaction data to ensure traceability, which aligns with global standards. 

Singapore

Singapore enforces strict AML regulations through the Payment Services Act, which governs digital payment token services. Companies must conduct customer due diligence and comply with AML and Countering the Financing of Terrorism (CFT) measures to operate legally.

Japan

Japan regulates cryptocurrency under the Act on Punishment of Organized Crimes and the Act on Prevention of Transfer of Criminal Proceeds, ensuring strict oversight to combat illicit financial activities.

Countries also collaborate globally to deter crypto money laundering, forming organizations like the FATF. They are working together for regulatory alignment, information sharing and strengthening AML frameworks.

Token issuers also play a crucial role in tackling illicit activities. Notably, stablecoins such as Tether’s USDt (USDT) and USDC (USDC), have built-in mechanisms that allow them to block funds associated with criminal activities, preventing further misuse.

How to prevent crypto money laundering

Crypto money laundering is evolving and is forcing authorities to adopt advanced blockchain analytics to track illicit transactions. Thus, law enforcement agencies must use sophisticated tools to detect suspicious activity and dismantle criminal networks. 

Law enforcement has become more adept at tracing illicit transactions, as demonstrated in cases like Silk Road, where blockchain analysis helped uncover criminal operations. However, by working with global bodies like the FATF and the European Commission, authorities can assess high-risk jurisdictions and mitigate threats to the financial system.

For crypto service platforms, stringent KYC and AML protocols must be followed, especially for transactions from high-risk areas. Platforms should regularly audit transactions, monitor for suspicious patterns, and collaborate with law enforcement to respond quickly to potential laundering activities.

Users also play a role by avoiding transactions with entities operating in high-risk regions and reporting suspicious activities. Familiarizing themselves with secure wallet practices and ensuring their own transactions are traceable (if required) by keeping records can help prevent accidental involvement in illegal activities. Strong cooperation across all parties is key to curbing crypto money laundering.