As cryptocurrency transactions continue to grow, it’s no surprise that crypto crime has also seen a huge upswing. In 2021, illicit addresses raked in $14 billion, up nearly 80% compared to 2020.

Still, the backstories here are even more intriguing. For example, why isn’t crypto crime growth even larger given the rapid adoption of cryptocurrency overall? Is taking payment in Bitcoin a surefire way for threat actors to fly under the radar? How does law enforcement catch crypto criminals? Also, what’s going on with regulation that might make things more difficult for threat actors?

Explosive growth in crypto

Across all the cryptocurrencies tracked by Chainalysis, total transaction volume grew to $15.8 trillion in 2021, up 567% from the prior year. Meanwhile, the percent of illicit action shrunk to a mere 0.15%. Still, $14 billion in losses is concerning, to say the least.

While skeptics make noise about the lack of security surrounding crypto, keep in mind there was a 70% increase in conventional fraud attacks in 2021 compared to 2022. Since nothing is 100% secure, some feel it’s safer to invest in Bitcoin, Ethereum and other blockchain-based coins. Advocates also cite transparency, anonymity and lack of government control as reasons to favor crypto over fiat money.

In any case, cryptocurrency continues to gain ground in overall transaction volume, which may be the ultimate test of legitimacy.

Crypto-malware versus ransomware

Two different kinds of threats menace crypto, and there’s some confusion about the difference between them. When crypto-malware infects a computer, it uses the device’s computing power (without the owner’s knowledge) to mine cryptocurrency. Using a device to do this without authorization is called cryptojacking. Meanwhile, ransomware infects a computer and seizes its files. Threat actors then demand a ransom (payable in crypto coin) to unlock the files.

While both crypto-malware and ransomware are criminal actions, ransomware gets much more attention from law enforcement. Why? Ransomware is more aggressive and disruptive towards its victims. Meanwhile, cryptojacking is a theft of resources that device owners may not even notice.

The difference between crypto-malware versus ransomware opens up the nuances of crypto crime. Some threat actors crack wallets and directly steal funds. Others may set up crypto projects that look honest, only to disappear into thin air and leave investors with nothing. Meanwhile, ransomware involves the payment of a ransom in cryptocurrency.

Is regulation the answer?

An intense debate surrounds regulation in this area. If you value fiscal autonomy and freedom from government decisions, then regulation is bad. If you want protection against malware attacks or you want to recover a ransomware payment, then it’s good.

Given the threat to critical infrastructure and government agencies, crypto-based crime has risen to the level of national security. It’s worth mentioning that tracking crypto payments does not, by nature, stop malware attacks. It only strikes at the form of payment. But if you cut off funding, crime rates are likely to fall.

Recently, Megan Stifel, Chief Strategy Officer at the Institute for Security and Technology, spoke on a podcast about regulating cryptocurrency and how it could reduce incidents.

Stifel summed it up like this:

“If we want to see cryptocurrencies become more commonplace… as a safe way to exchange money, then… regulatory measures and the application of existing financial regulations to this particular type of currency is a way to do so. So things like anti-money-laundering regulations, customer requirements, the filing of suspicious activity reports, etc… can be a first step toward actually providing more confidence in that particular marketplace.”

The battle for privacy

Another factor to consider in the pros and cons of crypto security is this: Bitcoin blockchain is a public ledger. Anyone can consult a blockchain explorer and find a record of all the Bitcoin transactions ever processed.

For some, this transparency is one of Bitcoin’s strengths, while others consider it a privacy flaw. That’s why some clients turn to coin mixers (or tumblers) to hide the details. These tools mix up an amount of Bitcoin in private pools before dividing them up again.

By scrambling Bitcoins together, it makes it much harder to trace transactions. The explorer will only show that someone sent coins to the tumbler, while the final recipient and amounts remain obscured.

Some may have real privacy concerns, but these mixers are also a haven for money launderers seeking to hide ransom payments. It’s no wonder that mixers are often a source of criminal investigation.

For example, Roman Sterlingov, a Swedish/Russian citizen, was arrested for allegedly founding the cryptocurrency mixing service Bitcoin Fog. Sterlingov was charged with three felonies that involved a decade of money laundering using mixing services, totaling $335 million.

Seizing illicit crypto funds

No matter how much regulation the government puts into place, crypto criminals will always be a threat. Ransomware attacks demand payment in Bitcoin because it’s anonymous. However, there are methods that can link a wallet to its owner. Blockchain forensics, IP address monitoring and convincing or cracking crypto exchanges can reveal bank account data.

Some recent successful investigation results include:

Commenting on the Bitfinex case, Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division said, “Today, federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system.”

Yes, crypto crime is in high gear. But those looking to put a stop to it are also hard at work.

More from Risk Management

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Roundup: The top ransomware stories of 2024

2 min read - The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure and supply chains, raising the stakes for victims and increasing the motivation to cooperate.Here are the biggest ransomware stories of 2024.Ransomware payments reach record highRansomware payments surged to record highs in 2024. In the first half of the year, victims…

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today