Known cryptocurrency payments to ransomware hackers “totaled a mere $16 million, compared to nearly $74 million USD in 2021,” blockchain intelligence firm Crystal Blockchain says.
This may be surprising given the fact that the number of ransomware attacks has increased since 2021, according to cybersecurity researchers. This year, the notorious Conti ransomware gang, known for terrorizing U.S. hospitals during the COVID-19 pandemic, ceased operations, but new groups are constantly emerging.
Nick Smart, Crystal’s director of blockchain intelligence, told CoinDesk it may be too early to conclude that ransomware attacks are in permanent decline.
“Since the Conti leaks, we were able to gather a lot more information on historical ransomware and extortion activity, which is to say we have a better idea of what it was like before. Due to the way ransoms generally work, it’s not possible to tell what happened now as many companies don’t disclose payment information publicly,” Smart said.
Analysis of on-chain activity shows that crypto services with a high money laundering risk score – meaning they receive funds from scams and cybercrime more often than others – are seeing a drop in popularity, the report says.
“We can see that overall, crypto funds are increasingly exchanged between lower-risk [virtual asset service providers] likely due to increased regulation, registration and client expectations,” the report reads.
At the same time, crypto exchanges and services that manage to keep “dirty” crypto out, have been further tightening anti-money laundering policies, effectively scaring away criminal actors: “The volume of funds sent to low-risk exchanges from scams fell by 24% in 2022 compared to 2021,” the report said.
Offline wallets, allowing users to directly control their funds, are becoming increasingly popular among crypto users in general, the report says: more funds are being sent to such addresses.
Cross-chain bridges remain popular for illicit transactions. The Bitcoin-to-Ethereum bridge service Ren, for example, received almost a half of all crypto from sanctioned entities, the report said. The service, linked to now-failed exchange FTX, is popular among hackers.
“Perhaps the biggest endorsement of this trend was the FTX thief, who almost drained the entire of the protocol’s liquidity crossing chains,” Smart says. That’s not something new: Cybercriminals have been actively using Ren even before. However, the recent enforcement actions benefited the protocol.
“I think a lot of the attention on Ren grew after Tornado Cash was sanctioned [by the U.S. Treasury Department], which goes to show that criminals are always evolving tactics to try and beat blockchain intelligence companies and compliance teams,” Smart said.