Crypto Crime Drops 65%: Mid-Year 2023 Update Reveals Positive Trend
Key Points:
- Ransomware attacks on the rise, posing significant threats to individuals and organizations.
- Various scams targeting crypto users continue to proliferate, exploiting vulnerabilities in the ecosystem.
- Governments worldwide implementing stricter regulations to combat crypto-related crimes.
The year 2023 has proved to be a year of recovery for crypto crime, following a tumultuous 2022. The prices of digital assets such as Bitcoin have risen by over 80% as of June 30, indicating a positive trend for the industry.
However, this is not the only good news. According to our data, cryptocurrency-related crime has decreased significantly this year. This is a welcome development for the industry, and it is reflected in the graph below. The graph shows cumulative daily inflows to legitimate, risky, and illicit services for 2023, as compared to previous years. It is heartening to see the downward trend in illicit services and a corresponding increase in legitimate services. This indicates the industry is moving in the right direction, and the future looks bright for cryptocurrency.
The transaction volume mentioned above does not include the inflows to entities that have been sanctioned or are subject to special measures by agencies such as FinCEN. Please note that all the figures mentioned are lower bound estimates and the measure of illicit and risky transaction volume is expected to increase over time as we identify new addresses associated with illicit activities. It is important to mention that the figures do not capture the proceeds from non-crypto native crimes, such as conventional drug trafficking that involves cryptocurrency as a mode of payment.
As of the end of June, we have noticed a significant decline of 65% in crypto inflows to known illicit entities (excluding inflows to entities that have been sanctioned or are subject to special measures) compared to figures from the same time last year. Similarly, inflows to risky entities, primarily consisting of mixers and high-risk exchanges, have dropped by 42%. While it is true that transaction volumes have decreased across the board, legitimate services have only experienced a 28% decline in inflows. Therefore, it can be concluded that there has been a market pullback, and the volume of illicit crypto transactions is decreasing much more than legitimate crypto transactions. It is important to note that this trend is expected to continue as we identify more such entities and take stricter measures against them.
Which specific forms of cryptocurrency-based crime are declining the most?
Cryptocurrency-based crimes have seen a significant decline in various categories, including nflows to illicit addresses. However, the most impacted form of crypto crime is scams, which have experienced a whopping decrease of almost $3.3 billion in 2023 compared to the previous year. This downturn has resulted in a total earning of just a little over $1.0 billion this year. On the other hand, ransomware has been the only type of cryptocurrency-based crime that is on the rise, with attackers extorting $175.8 million more than what they earned at the same point in 2022. This increase in ransomware attacks could indicate a reversal of the positive downward trend we saw in 2022.
To gain a better understanding of the decline in scams and the rise in ransomware in 2023, let’s take a closer look at their respective activities. It is possible that scams have declined due to increased awareness among the public, leading to more caution and better recognition of fraudulent activities. Meanwhile, the rise in ransomware attacks could be attributed to attackers’ increasing sophistication in their methods and the evolving tactics they use to extort money from victims. However, it is essential to remain vigilant and stay informed about emerging trends in cryptocurrency-based crimes to prevent falling prey to such malicious activities.
Cryptocurrency scam revenue plummets as two of 2023’s biggest scams abruptly disappear
Cryptocurrency-based scams have been a major concern in recent years, consistently ranking as the highest-revenue form of cybercrime. However, there seems to be a significant decline in the total revenue generated by these scams in 2023, compared to previous years. In fact, through the end of June, crypto scammers have pulled in 77% less revenue than they did through June of 2022, which itself saw a decline in revenue compared to the previous year. This decline is notable, especially given the rising trend of crypto asset prices. Typically, positive price movements translate to higher scam revenue, as increased market exuberance and FOMO make victims more susceptible to scammers’ schemes. However, 2023’s drastic scam decline bucks that long-standing trend.
One possible explanation for this decline is the increasing awareness among crypto users about the prevalence of scams and measures to avoid them. More and more people are becoming educated about the risks of investing in cryptocurrencies and are taking steps to protect themselves from falling prey to scams. Furthermore, regulatory bodies are taking a more active role in cracking down on scams and fraud in the crypto industry, which may be deterring would-be scammers from operating.
Despite the decline in total revenue, cryptocurrency-based scams still pose a significant threat to investors and the industry as a whole. It is important for users to remain vigilant and adopt best practices to avoid falling victim to these scams. The chart below shows the total daily crypto scam revenue and revenue for the ten largest crypto entities identified as scams by Chainalysis.
We can see here that the category’s revenue decline is largely driven by the sudden disappearance of two large-scale scams: VidiLook and, to a lesser degree, Chia Tai Tianqing Pharmaceutical Financial Management. Both scams follow the typical investment scam model of offering outsized returns on any cryptocurrency “invested” by users, but VidiLook does so with a unique twist, paying users its native VDL token in return for watching digital ads, which it then claims users can stake for large rewards.
Source: YouTube
Both VidiLook and Chia Tai appear to have exit scammed, as they’ve moved all cryptocurrency out of their primary wallets and ceased deposits and withdrawals for users. We can see how VidiLook’s exit scam unfolded on the Chainalysis Reactor graph below.
After receiving funds from victims throughout the beginning of 2023, VidiLook sent over $50 million in USDT_TRX to the personal wallet on the right side of the graph during the months of March and April 2023, with most being sent after VidiLook’s reported exit scam in mid-April.
VidiLook’s exit scam isn’t surprising, but what is surprising is that total scam revenue remains so low after its decline. Ordinarily, we’d expect new scams to fill the void. But despite low overall scam revenues this year, VidiLook serves as an example of why cryptocurrency businesses, users, and law enforcement must remain vigilant — VidiLook bilked victims out of over $120 million worth of cryptocurrency in just a few months, highlighting the damage a single effective scam can do in a short period of time.
It’s also worth noting that while crypto scam revenue is significantly down as a whole, one type of scam has taken a much smaller hit than others.
Impersonation scams, in which fraudsters impersonate a law enforcement officer or some other kind of authority figure to extort money from victims, have seen just a 23% decline in inflows so far in 2023, compared to 77% for scams as a whole. Worse yet, the number of individual transfers to impersonation scam addresses has actually increased 49% year over year, suggesting that more people have fallen victim to impersonation scams in 2023, even if the total amount lost is lower. Those data points go to show that even with total scam revenue down, law enforcement and crypto compliance teams can’t rest on their laurels.
Ransomware rising as big game hunting makes a comeback
Ransomware is the one form of cryptocurrency-based crime on the rise so far in 2023. In fact, ransomware attackers are on pace for their second-biggest year ever, having extorted at least $449.1 million through June.
If this pace continues, ransomware attackers will extort $898.6 million from victims in 2023, trailing only 2021’s $939.9 million.
When we published our annual Crypto Crime Report in February, we were pleased to report that 2022 ransomware revenue had plummeted significantly compared to 2021. Why the reversal in fortunes? For one thing, big game hunting — that is, the targeting of large, deep-pocketed organizations by ransomware attackers — seems to have bounced back after a lull in 2022. At the same time, the number of successful small attacks has also grown. Both trends are evident on the chart below, which shows how the distribution of ransomware payment sizes has changed since 2020.
On the left side of the graph, we see an increase in the number of very small ransomware payments in 2023, while the number of very large payments on the right side has also grown substantially. The payment size distribution has also extended to include higher amounts compared to previous years. In other words, we’re seeing growth in ransomware payments at both ends of the spectrum. Below are a few ransomware strains whose average and median payment sizes reflect those extremes.
| Strain name | 2023 average payment size | 2023 median payment size |
| Dharma | $265 | $275 |
| Phobos | $1,719 | $300 |
| Stop/djvu | $619 | $563 |
| BlackBasta | $762,634 | $147,106 |
| ALPHV/Blackcat | $1,504,579 | $305,585 |
| Cl0p | $1,730,486 | $1,946,335 |
At the top of the chart, we see low-level Ransomware-as-a-Service (RaaS) strains like Dharma and Phobos, which are typically used in spray and pray attacks against smaller targets and can be deployed by relatively unsophisticated actors. These types of attacks can have devastating effects on small businesses and individuals. In the middle range of the chart, we see an increase in the number of ransomware strains that are more sophisticated and require more technical expertise to deploy. These types of attacks are more targeted and tend to hit bigger organizations for more money. At the bottom of the chart, we see the biggest, most sophisticated strains like BlackBasta and Cl0p, which are typically deployed by highly skilled actors. These types of attacks are the most dangerous and can have the greatest impact on large organizations.
Experts at cybersecurity and incident response firm Kivu have seen 2023’s changes in ransomware patterns first-hand, especially the growth in payment sizes. “These notable shifts in figures directly align with the growing number of extremely high initial demands, ranging in the tens and hundreds of millions of USD,” said Kivu General Counsel and Risk Officer Andrew J. Davis. This trend is particularly concerning for businesses and individuals who may not have the financial resources to pay such exorbitant demands.
While we previously attributed the 2022 decline in average ransom size to improved cybersecurity and data backup practices by large organizations, as well as law enforcement efforts, increased availability of decryptors, and sanctions against services offering cashout services to ransomware gangs, it appears that attackers are adapting to these changes. In 2023, both small and large organizations are being targeted more frequently, and the size of ransom demands is increasing. This trend is likely due, in part, to the fact that many organizations are still refusing to pay ransoms. However, this non-payment trend may also be prompting ransomware attackers to increase the size of their ransom demands, perhaps with the intention of squeezing the most money possible out of the firms still willing to pay ransoms. To that end, Davis also noted an increase in more extreme extortion techniques, such as harassment of employees from victim firms who have not yet paid.
We also can’t discount the role of the Russia-Ukraine War in last year’s ransomware decline, as the conflict likely displaced ransomware operators and diverted them away from financially inspired cyber intrusions. It is clear the ransomware ecosystem has rebounded in 2023 both in terms of payments and attacks, with record-setting incident numbers. The data serves as an important reminder that ransomware remains a significant threat, and that businesses should continue to shore up their cybersecurity and data backup procedures for added protection.
2023 is off to a good start
According to the data from Chainalysis, the year 2023 is showing a significant decline in crypto crime, with the exception of ransomware. This decline in illicit inflows signifies that the combined efforts of both private and public sectors are paying off well. The pressure from law enforcement agencies seems to be working effectively in curbing criminal activity, while crypto businesses are also doing their part in preventing scams and hacks, especially for DeFi protocols, which have been a major concern in previous years. The need for vigilance, however, is still apparent as ransomware continues to be a persistent threat. We will continue to monitor these trends closely and share updates as they become available. We also look forward to presenting our year-end findings in our next Crypto Crime Report.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Author
Key Points:
- Ransomware attacks on the rise, posing significant threats to individuals and organizations.
- Various scams targeting crypto users continue to proliferate, exploiting vulnerabilities in the ecosystem.
- Governments worldwide implementing stricter regulations to combat crypto-related crimes.
The year 2023 has proved to be a year of recovery for crypto crime, following a tumultuous 2022. The prices of digital assets such as Bitcoin have risen by over 80% as of June 30, indicating a positive trend for the industry.
However, this is not the only good news. According to our data, cryptocurrency-related crime has decreased significantly this year. This is a welcome development for the industry, and it is reflected in the graph below. The graph shows cumulative daily inflows to legitimate, risky, and illicit services for 2023, as compared to previous years. It is heartening to see the downward trend in illicit services and a corresponding increase in legitimate services. This indicates the industry is moving in the right direction, and the future looks bright for cryptocurrency.
The transaction volume mentioned above does not include the inflows to entities that have been sanctioned or are subject to special measures by agencies such as FinCEN. Please note that all the figures mentioned are lower bound estimates and the measure of illicit and risky transaction volume is expected to increase over time as we identify new addresses associated with illicit activities. It is important to mention that the figures do not capture the proceeds from non-crypto native crimes, such as conventional drug trafficking that involves cryptocurrency as a mode of payment.
As of the end of June, we have noticed a significant decline of 65% in crypto inflows to known illicit entities (excluding inflows to entities that have been sanctioned or are subject to special measures) compared to figures from the same time last year. Similarly, inflows to risky entities, primarily consisting of mixers and high-risk exchanges, have dropped by 42%. While it is true that transaction volumes have decreased across the board, legitimate services have only experienced a 28% decline in inflows. Therefore, it can be concluded that there has been a market pullback, and the volume of illicit crypto transactions is decreasing much more than legitimate crypto transactions. It is important to note that this trend is expected to continue as we identify more such entities and take stricter measures against them.
Which specific forms of cryptocurrency-based crime are declining the most?
Cryptocurrency-based crimes have seen a significant decline in various categories, including nflows to illicit addresses. However, the most impacted form of crypto crime is scams, which have experienced a whopping decrease of almost $3.3 billion in 2023 compared to the previous year. This downturn has resulted in a total earning of just a little over $1.0 billion this year. On the other hand, ransomware has been the only type of cryptocurrency-based crime that is on the rise, with attackers extorting $175.8 million more than what they earned at the same point in 2022. This increase in ransomware attacks could indicate a reversal of the positive downward trend we saw in 2022.
To gain a better understanding of the decline in scams and the rise in ransomware in 2023, let’s take a closer look at their respective activities. It is possible that scams have declined due to increased awareness among the public, leading to more caution and better recognition of fraudulent activities. Meanwhile, the rise in ransomware attacks could be attributed to attackers’ increasing sophistication in their methods and the evolving tactics they use to extort money from victims. However, it is essential to remain vigilant and stay informed about emerging trends in cryptocurrency-based crimes to prevent falling prey to such malicious activities.
Cryptocurrency scam revenue plummets as two of 2023’s biggest scams abruptly disappear
Cryptocurrency-based scams have been a major concern in recent years, consistently ranking as the highest-revenue form of cybercrime. However, there seems to be a significant decline in the total revenue generated by these scams in 2023, compared to previous years. In fact, through the end of June, crypto scammers have pulled in 77% less revenue than they did through June of 2022, which itself saw a decline in revenue compared to the previous year. This decline is notable, especially given the rising trend of crypto asset prices. Typically, positive price movements translate to higher scam revenue, as increased market exuberance and FOMO make victims more susceptible to scammers’ schemes. However, 2023’s drastic scam decline bucks that long-standing trend.
One possible explanation for this decline is the increasing awareness among crypto users about the prevalence of scams and measures to avoid them. More and more people are becoming educated about the risks of investing in cryptocurrencies and are taking steps to protect themselves from falling prey to scams. Furthermore, regulatory bodies are taking a more active role in cracking down on scams and fraud in the crypto industry, which may be deterring would-be scammers from operating.
Despite the decline in total revenue, cryptocurrency-based scams still pose a significant threat to investors and the industry as a whole. It is important for users to remain vigilant and adopt best practices to avoid falling victim to these scams. The chart below shows the total daily crypto scam revenue and revenue for the ten largest crypto entities identified as scams by Chainalysis.
We can see here that the category’s revenue decline is largely driven by the sudden disappearance of two large-scale scams: VidiLook and, to a lesser degree, Chia Tai Tianqing Pharmaceutical Financial Management. Both scams follow the typical investment scam model of offering outsized returns on any cryptocurrency “invested” by users, but VidiLook does so with a unique twist, paying users its native VDL token in return for watching digital ads, which it then claims users can stake for large rewards.
Source: YouTube
Both VidiLook and Chia Tai appear to have exit scammed, as they’ve moved all cryptocurrency out of their primary wallets and ceased deposits and withdrawals for users. We can see how VidiLook’s exit scam unfolded on the Chainalysis Reactor graph below.
After receiving funds from victims throughout the beginning of 2023, VidiLook sent over $50 million in USDT_TRX to the personal wallet on the right side of the graph during the months of March and April 2023, with most being sent after VidiLook’s reported exit scam in mid-April.
VidiLook’s exit scam isn’t surprising, but what is surprising is that total scam revenue remains so low after its decline. Ordinarily, we’d expect new scams to fill the void. But despite low overall scam revenues this year, VidiLook serves as an example of why cryptocurrency businesses, users, and law enforcement must remain vigilant — VidiLook bilked victims out of over $120 million worth of cryptocurrency in just a few months, highlighting the damage a single effective scam can do in a short period of time.
It’s also worth noting that while crypto scam revenue is significantly down as a whole, one type of scam has taken a much smaller hit than others.
Impersonation scams, in which fraudsters impersonate a law enforcement officer or some other kind of authority figure to extort money from victims, have seen just a 23% decline in inflows so far in 2023, compared to 77% for scams as a whole. Worse yet, the number of individual transfers to impersonation scam addresses has actually increased 49% year over year, suggesting that more people have fallen victim to impersonation scams in 2023, even if the total amount lost is lower. Those data points go to show that even with total scam revenue down, law enforcement and crypto compliance teams can’t rest on their laurels.
Ransomware rising as big game hunting makes a comeback
Ransomware is the one form of cryptocurrency-based crime on the rise so far in 2023. In fact, ransomware attackers are on pace for their second-biggest year ever, having extorted at least $449.1 million through June.
If this pace continues, ransomware attackers will extort $898.6 million from victims in 2023, trailing only 2021’s $939.9 million.
When we published our annual Crypto Crime Report in February, we were pleased to report that 2022 ransomware revenue had plummeted significantly compared to 2021. Why the reversal in fortunes? For one thing, big game hunting — that is, the targeting of large, deep-pocketed organizations by ransomware attackers — seems to have bounced back after a lull in 2022. At the same time, the number of successful small attacks has also grown. Both trends are evident on the chart below, which shows how the distribution of ransomware payment sizes has changed since 2020.
On the left side of the graph, we see an increase in the number of very small ransomware payments in 2023, while the number of very large payments on the right side has also grown substantially. The payment size distribution has also extended to include higher amounts compared to previous years. In other words, we’re seeing growth in ransomware payments at both ends of the spectrum. Below are a few ransomware strains whose average and median payment sizes reflect those extremes.
| Strain name | 2023 average payment size | 2023 median payment size |
| Dharma | $265 | $275 |
| Phobos | $1,719 | $300 |
| Stop/djvu | $619 | $563 |
| BlackBasta | $762,634 | $147,106 |
| ALPHV/Blackcat | $1,504,579 | $305,585 |
| Cl0p | $1,730,486 | $1,946,335 |
At the top of the chart, we see low-level Ransomware-as-a-Service (RaaS) strains like Dharma and Phobos, which are typically used in spray and pray attacks against smaller targets and can be deployed by relatively unsophisticated actors. These types of attacks can have devastating effects on small businesses and individuals. In the middle range of the chart, we see an increase in the number of ransomware strains that are more sophisticated and require more technical expertise to deploy. These types of attacks are more targeted and tend to hit bigger organizations for more money. At the bottom of the chart, we see the biggest, most sophisticated strains like BlackBasta and Cl0p, which are typically deployed by highly skilled actors. These types of attacks are the most dangerous and can have the greatest impact on large organizations.
Experts at cybersecurity and incident response firm Kivu have seen 2023’s changes in ransomware patterns first-hand, especially the growth in payment sizes. “These notable shifts in figures directly align with the growing number of extremely high initial demands, ranging in the tens and hundreds of millions of USD,” said Kivu General Counsel and Risk Officer Andrew J. Davis. This trend is particularly concerning for businesses and individuals who may not have the financial resources to pay such exorbitant demands.
While we previously attributed the 2022 decline in average ransom size to improved cybersecurity and data backup practices by large organizations, as well as law enforcement efforts, increased availability of decryptors, and sanctions against services offering cashout services to ransomware gangs, it appears that attackers are adapting to these changes. In 2023, both small and large organizations are being targeted more frequently, and the size of ransom demands is increasing. This trend is likely due, in part, to the fact that many organizations are still refusing to pay ransoms. However, this non-payment trend may also be prompting ransomware attackers to increase the size of their ransom demands, perhaps with the intention of squeezing the most money possible out of the firms still willing to pay ransoms. To that end, Davis also noted an increase in more extreme extortion techniques, such as harassment of employees from victim firms who have not yet paid.
We also can’t discount the role of the Russia-Ukraine War in last year’s ransomware decline, as the conflict likely displaced ransomware operators and diverted them away from financially inspired cyber intrusions. It is clear the ransomware ecosystem has rebounded in 2023 both in terms of payments and attacks, with record-setting incident numbers. The data serves as an important reminder that ransomware remains a significant threat, and that businesses should continue to shore up their cybersecurity and data backup procedures for added protection.
2023 is off to a good start
According to the data from Chainalysis, the year 2023 is showing a significant decline in crypto crime, with the exception of ransomware. This decline in illicit inflows signifies that the combined efforts of both private and public sectors are paying off well. The pressure from law enforcement agencies seems to be working effectively in curbing criminal activity, while crypto businesses are also doing their part in preventing scams and hacks, especially for DeFi protocols, which have been a major concern in previous years. The need for vigilance, however, is still apparent as ransomware continues to be a persistent threat. We will continue to monitor these trends closely and share updates as they become available. We also look forward to presenting our year-end findings in our next Crypto Crime Report.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Other Posts
Related Posts
News
Hong Kong Crypto ETFs Of HashKey And Bosera Completed Subscription To Launch On April 30
News
