CAI0057
Written evidence submitted by Chainalysis
- Executive Summary
Chainalysis appreciates the opportunity to respond to this important call for evidence, particularly in light of the UK government’s ambitions to become a global crypto hub, to consult later in 2022 on the approach to cryptoassets and the regulatory intention to develop a UK approach to cryptoassets that “balances innovation and competition”.[1] As the global leader in blockchain analytics, we stand ready to further assist the inquiry using our industry and technical experience to provide further UK-specific insight where considered useful. Our submission explores one of the principal risks around the use of cryptoassets: their use for illicit purposes.
The size of cryptoasset activity in the UK is significant. The Chainalysis 2022 Crypto Adoption Index[2] shows that the UK is the only other high-income nation, alongside the US, in the top 20. To comprehend the scale of the opportunity of cryptoassets in the UK, it is important to understand that the UK is the most active jurisdiction for cryptoassets in Central, Northern and Western Europe with the value received between July 2020 to July 2021 reaching $170 billion.[3] As such, the UK is well-placed to foster an environment of safe and sustainable innovation in the cryptoasset ecosystem, and add value for the nation, its markets, and its citizens.
It is a common misconception that cryptoassets are predominantly used for illicit activity. Our latest data highlights that the legitimate uses of cryptoassets far outweigh the illicit ones with only 0.15% of global cryptoasset activity identified as illicit in 2021.
Furthermore, contrary to the popular belief that cryptoassets are completely anonymous and untraceable, we observe that the transparency of cryptoassets is far greater than other, traditional forms of finance.[4] That transparency presents a unique opportunity for UK decision-makers to understand the sector better and design appropriate regulations, but also to implement the tools that effectively detect, disrupt, and address illicit activity risks.
Blockchain analytics tools, such as those provided by Chainalysis, offer unique insight into different categories of illicit activity in crypto assets and thus gives critical insights into how to tackle this challenge. In this submission, we have focused on the predominant areas of illicit activity, including fraud and scams; thefts; and market manipulation.
Our data shows that scam activity has fallen, making up a smaller percentage of global illicit activity up until July 2022 (accounting for $1.6 billion in global revenues as of July 2022, 65% less than the equivalent period up to July 2021).
This fall in scam activity may be down to increasingly effective law enforcement agencies that recognise the risks and have subsequently improved their understanding of cryptoassets and their capability to crack down on illicit activity. Certainly the number of days that any one scam is “live”, has dropped significantly over time, while in recent years, some law enforcement agencies have turned to blockchain analytics tools to assist their cryptoasset investigations. UK law enforcement agencies have also reportedly seized cryptoassets worth more than £300 million over five years[5].
While scam activity has fallen, hacking and theft activity has grown and now accounts for a much larger percentage of illicit activity (accounting for $1.9 billion in global revenue as of July 2022 vs $1.2 billion in July 2021). Much of this has to do with a large rise in funds stolen from DeFi protocols, which have emerged as uniquely vulnerable to hacking due to their open source code and potential lapses in security best practices.[6]
Our data can also be used to track other forms of illicit activity, including market manipulation, where individuals can take advantage of the little or no regulation and oversight around cryptoassets to manipulate prices and users to profit from pump and dump schemes or engage in wash trading.
In Part VI of this submission, we detail six recommendations that would help ensure that the UK can effectively tackle illicit activity in cryptoassets and is well-positioned to embrace the opportunity to develop and grow its cryptoasset market on a safe and sustainable foundation. These recommendations are:
○ Providing regulatory clarity to market participants.
○ Ensuring adequate funding, resources, and training for government and law enforcement agencies with responsibility for cryptoassets
○ Leveraging the transparency of cryptoassets to develop policies and a regulatory framework for the authorisation and supervision of cryptoasset activity.
○ Understanding and monitoring systemic risks in the cryptoasset ecosystem.
○ Prioritising public education to ensure consumers understand cryptoassets and have the information they need to make informed decisions.
○ Encouraging dialogue with the industry and public-private partnerships.
- Introduction
Chainalysis greatly appreciates the opportunity to respond to this timely inquiry exploring the role of cryptoassets in the UK. We thank the Committee for its initiative and are prepared to assist the inquiry using our industry and technical experience as a blockchain analysis provider working with government, law enforcement and regulatory agencies, as well as industry members, from financial institutions through to cryptoasset exchanges. This assistance may be in any manner that is considered most helpful to the inquiry whether that be in providing further evidence at any future oral session or further data to support the ongoing work of the Committee.
This submission provides our unique view of illicit and criminal activity in cryptoassets, one of the key risks that exist in the cryptoassets space. The submission includes; an executive summary of the main takeaways (Part I); an introduction to the submission (Part II); an introduction to Chainalysis (Part III); a deep dive into some of the largest segments of illicit activity in cryptoassets representing the key risks for individuals and businesses (Parts IV and V); and finally, some recommendations for the safe development of the UK cryptoasset sector (Part VI).
- Background on Chainalysis
Chainalysis is a blockchain data platform providing data, software, services, and research to government agencies, exchanges, financial institutions, and insurance and cybersecurity companies. Chainalysis has over 750 public and private customers in 70 countries. We are a partner to regulators that use our data platform to implement and enforce anti-money laundering (“AML”) and countering the financing of terrorism (“CTF”) and other public policy goals involving cryptoassets. We are also a partner to law enforcement and other government agencies, which rely on our investigative-focused tools to investigate, disrupt, and deter criminal activity involving cryptoassets. Our compliance-focused tools are also used by cryptoasset businesses to conduct transaction monitoring and meet their compliance and other AML/CTF requirements.
We also leverage our data platform to conduct research into the cryptoasset ecosystem. Chainalysis traces the funds flowing on the blockchain and tracks the cryptoasset activity of over 3,300 real-world entities which translates into data insight on over 95% of the cryptoassets traded on the market. Using this insight we also publish several reports, including our annual Geography of Crypto Report, which measures cryptoasset adoption across the globe, and our annual Crypto Crime Report which describes annual trends in cryptoasset crime.
- Illicit activity in the cryptoasset sector
Earlier this year, we reported that global cryptoasset crime hit a new all-time high in 2021, with illicit addresses receiving $14 billion over the year, up from $7.8 billion in 2020. In terms of the types of illicit activity involved, they were scams, stolen funds, darknet markets, and ransomware.
Despite the increase in illicit transaction volume, however, illicit activity as a percentage of total volume has fallen dramatically since 2019. In 2019, the illicit share was about 3%, in 2020 it was just over 0.5%, and in 2021 it was 0.15%.[7] The reason for this is that cryptoasset usage grew faster than ever before, so while cryptoasset crime is increasing, the legitimate use of cryptoasset is far outpacing its use by illicit actors. This is good news for cryptoassets, but the government and industry are still faced with putting in place and implementing the appropriate controls to mitigate risks in the system.
Over the period January-August 2022, there has been a continuation of this decline in total illicit activity which was down 15% compared with July last year.
The research found that scams and darknet activity now make up a smaller proportion of total illicit activity, while hacks and stolen funds have proportionally increased with notable instances such as the $190 million hack of cross-chain bridge Nomad. Though it is welcome news that fewer people are falling for cryptoasset scams, the increase in stolen funds shows that both public and private sectors must continue to work together and hone their ability to fight illicit activity in cryptoassets.
- A closer look at certain types of risks in the Cryptoasset space
While Chainalysis tracks the illicit use of cryptoassets across several different categories, for this inquiry our submission will specifically cover fraud and scams, thefts, market abuse and manipulation, and detail how blockchain analytics can address and mitigate these.
It is important to understand the observations on illicit activity in the context of the fact that the UK has a significant market in cryptoasset and a significant margin over other countries in the Central, Northern and Western Europe region. The below chart measures this margin in terms of transaction volumes received on a per jurisdiction basis between July 2020 to June 2021.
The chart below shows the variance in cryptocurrency usage in the region Looking at the biggest markets, we see that the UK and Germany are similar in this area: Bitcoin accounts for 27% of the UK’s transaction value (Germany - 28%) while Ethereum/wETH account for 40% (Germany - 36%).
A. Frauds and Scams
Scams, despite their recent fall in the share of illicit activity, remain one of the largest forms of cryptoasset crime in 2022 on a global basis. Scams are uniquely targeted toward new users and thus pose one of the biggest threats to the continued adoption of cryptoassets. However, cryptoasset businesses are taking innovative steps to leverage blockchain data to protect their users and nip scams in the bud before potential victims make deposits. (See Annex 1: Luno)
There has been an evolution of scamming activity in the cryptoassets space over the past few years. Several years ago, scams mostly presented themselves as centralized platforms where you could invest in new cryptoassets.[8] As law enforcement has become better at identifying and investigating scams, and as consumers have become more knowledgeable, we are seeing a new trend in this space, where scammers impersonate high-profile people and make claims such as offering to double any cryptoassets sent to them. Others will impersonate legitimate cryptoasset projects on social media platforms like Telegram, Discord, or Twitter to trick would-be investors into sending the scammers funds, rather than sending them to the real platform. Another type of scam we increasingly see are rug pulls which are particularly prevalent[9] in the DeFi[10] ecosystem (see Annex 2: Finiko).
The definition of “rug pull” isn’t set in stone, but we generally use it to refer to cases in which developers build out what appear to be legitimate cryptoasset projects, for example, creating “legitimate” ERC-20 tokens or non-fungible tokens (NFTs) that work technically on-chain. However, the real intention of the project is to accumulate as many funds as possible and disappear abruptly. Usually, they try to drum up as much hype as possible (potentially hiring celebrities to endorse the product) before taking investors’ money and disappearing.
Most DeFi projects entail developers creating tokens and promoting them to investors, who purchase the new token to access the utility that the cryptoasset network provides, or with the hope it will rise in value. These actions also provide liquidity to the project. In rug pulls, however, the developers eventually drain the funds from the liquidity pool, sending the token’s value to zero, and disappear. Rug pulls are prevalent in DeFi because, with the right technical know-how, it’s cheap and easy to create new tokens on the Ethereum blockchain or others and list them on decentralized exchanges (DEXes). The chart below shows 2021’s top 15 rug pulls in order of value stolen - most started as DeFi projects.[11]
Insight: 2021- More scams, shorter lifespans
While global scam revenue increased significantly in 2021, it stayed flat if we remove rug pulls and limit our analysis to financial scams — even with the emergence of Finiko. However, at the same time, the number of deposits to scam addresses fell from just under 10.7 million to 4.1 million, which we can assume means there were fewer individual scam victims. However, this also tells us that the average amount taken from each victim increased.
Scammers’ money laundering strategies haven’t changed all that much. As was the case in previous years, most cryptoassets sent from scam wallets ended up at mainstream exchanges.
The number of financial scams active at any point in the year — active meaning their addresses were receiving funds — also rose significantly in 2021, from 2,052 in 2020 to 3,300.
This goes hand in hand with another global trend we’ve observed over the last few years: The average lifespan of a financial scam is getting shorter and shorter.
The average financial scam was active for just 70 days in 2021, down from 192 in 2020. Looking back further, the average cryptoasset scam was active for 2,369 days, and the figure has trended steadily downwards since then.
One reason for this could be that investigators are getting better at investigating and prosecuting scams as they become more familiar with the technology and investigative tools for tracing transactions, identifying patterns, and seeing where cryptoasset users are exchanging for fiat currency. Evidence of this in the UK is apparent from Freedom of Information (FOI) requests, made public earlier in 2022, UK law enforcement agencies have seized cryptoassets worth more than £300 million over five years[12]. The NCA in their 2021/2022 Annual Report[13] reported seizing £26.894 million in cryptoassets between April 2021 and March 2022, a significant ramp up from the previous year in which no cryptoasset was seized according to previous reports.
As such, where previously, these scams may have been able to continue operating for longer they may now feel more pressure to close up shop before drawing the attention of regulators and law enforcement.
B. Losses due to theft
Throughout 2021, $3.2 billion in cryptoassets was stolen from individuals and services globally — almost 6x the amount stolen in 2020. Approximately $2.3 billion of those funds were stolen from DeFi platforms in particular, and the value stolen from these protocols catapulted 1,330%.
This shift toward DeFi-centric attacks doesn’t just sound pronounced—it looks like it, too. In every year before 2021, centralized exchanges lost the most cryptoassets to theft by a large margin. But this year, DeFi platform thefts dwarfed exchange thefts.
The chart below shows the biggest cryptoasset thefts of 2021 globally.
As is the case most years, the ten largest hacks of 2021 and Q1 2022 accounted for a majority of the funds stolen at $2.2 billion. Eight of these ten attacks targeted DeFi platforms in particular.
Insight: Code exploits and hacks increasingly common in the cryptoasset crime landscape
Historically, cryptoasset thefts have largely been the result of security breaches in which hackers gain access to victims’ private keys—the crypto-equivalent of pickpocketing. These keys could be acquired through phishing, keylogging, social engineering, or other techniques. From 2019 to 2021, almost 30% of all value was stolen from just this type of hack.
With the rise of DeFi and the extensive smart contract capabilities that power those platforms, deeper vulnerabilities have begun to emerge around the software underpinning these services.
In 2021, code exploits and flash loan attacks—a type of exploit involving price manipulation—accounted for a near-majority of total value stolen across all services, weighing in at 49.8%. And when examining only hacks on DeFi platforms, that figure increases to 69.3%.
These exploits occur for a variety of reasons. For one, in keeping with DeFi’s faith in decentralization and transparency, open-source development is a staple of DeFi applications. This is an important and broadly positive trend: since many DeFi protocols move funds without human intervention, users need to be able to audit the underlying code to trust the platform. But this also stands to benefit cybercriminals, who can analyze the scripts for vulnerabilities and plan exploits in advance.
Another potential point of failure is DeFi platforms’ reliance on price oracles. Price oracles are tasked with maintaining accurate asset pricing data for all cryptoassets on a platform, and the job isn’t easy. Secure but slow oracles are vulnerable to arbitrage; fast but insecure oracles are vulnerable to price manipulation. The latter type often leads to flash loan attacks, which extracted a massive $364 million from DeFi platforms in 2021. In the hack of Cream Finance, for example, a series of flash loans exploiting a vulnerability in the way Cream calculated yUSD’s “pricePerShare'' variable enabled attackers to inflate yUSD price to double its true value, sell their shares, and make off with $130 million in just one night.
These two dangers—inaccurate oracles and exploitable code—underscore the need for the security of both. Fortunately, there are solutions. To ensure pricing accuracy, decentralized price oracles like Chainlink can protect platforms against price manipulation attacks. To ensure the security of smart contracts, code audits can steel programs against common hacks like reentrancy, unhandled exceptions, and transaction order dependency.
But code audits aren’t infallible. Nearly 30% of code exploits occurred on platforms audited within the last year, as well as a surprising 73% of flash loan attacks. This highlights two potential shortfalls of code audits:
- They may patch smart contract vulnerabilities in some cases, but not all;
- They seldom guarantee that platforms’ price oracles are tamper-proof.
So while code audits can certainly help, DeFi protocols managing millions of users and billions of dollars must adopt a more robust approach to platform security.
Insight: Following the money: the final destinations of stolen cryptoassets
In the aftermath of cryptoasset thefts, more stolen funds flowed to DeFi platforms (51%) and risky services (25%) this year than ever before on a global basis. Centralized exchanges, once a top destination for stolen funds, fell out of favour in 2021, receiving less than 15% of the funds. This is likely due to the embrace of AML and KYC procedures among major exchanges—an existential threat to the anonymity of cyber criminals.
Note: “Risky” refers to services like mixers, high-risk exchanges[14], and services based in high-risk jurisdictions[15].
C. Market abuse and manipulation
In 2021 and the first half of 2022, Chainalysis tracked a minimum of $83 billion worth of cryptoassets globally that were sent to ERC-721 and ERC-1155 contracts — the two types of Ethereum smart contracts associated with NFT marketplaces and collections — up from just $106 million in 2020.
However, as is the case with any new technology, NFTs offer the potential for abuse. It’s important that, as our industry considers all the ways this new asset class can change how we link the blockchain to the physical world, we also build products that make NFT investment as safe and secure as possible. There have been several forms of illicit activity in NFTs: wash trading to artificially increase the value of NFTs, money laundering through the purchase of NFTs, and insider trading on NFT marketplaces (See Annex 3 for a case study on wash trading).
- Recommendations
Using our unique global data and insights, our submission outlines some of the key risks and threats to firms and users with respect to illicit activity. We believe that with the right intention, insight, and tools to crack down on these risks, there is substantial opportunity for the UK to capably mitigate and address these challenges.
Our six recommendations form a roadmap for the safe development of the UK cryptoasset sector to ensure that the UK leverages its leading position, and that cryptoassets become a fundamental building block and value driver for a future UK economy that embraces innovation for economic growth.
1. Provide regulatory clarity to market participants.
While cryptoasset businesses have been subject to anti-money laundering laws in the UK since 2020[16], there are other aspects of the market that still require additional clarification, including on when and how cryptoassets and cryptoasset firms might be regulated for prudential and conduct matters, and by which authorities. Clarity around the tax treatment of cryptoasset activities and how these markets will be monitored for market integrity and financial stability purposes help ensure not only that the perimeter, powers and responsibilities are clear for regulators, but that market participants know the responsibilities and requirements that they must meet.
2. Ensure adequate funding, resources, and training for government and law enforcement agencies charged with investigating fraud, manipulation, and abusive practices in this space.
To limit the impact of scammers and protect consumers as this asset class grows and is increasingly adopted, one of the most important steps is to ensure that institutions are sufficiently empowered and resourced to oversee the market and root out all manner of illicit activity including fraud, manipulation, and abusive practices. Cryptoassets, like many other financial assets, can be an instrument used by illicit actors, whose tactics are forever evolving as new technologies come along. A unique advantage to cryptoassets is that, when fraud or scams do occur, the transparency provided by many cryptoassets’ public ledgers makes transaction tracing much easier than other traditional forms of value transfer. Using blockchain analysis tools, government agencies can trace cryptoasset transactions to identify their origination and/or their cashout points at cryptoasset exchanges. Those that have already embraced blockchain analysis have seized millions of dollars in cryptoassets and stopped several illicit actors exploiting cryptoassets. The UK’s Economic Crime Bill coupled with its strong existing legal framework evidences a clear commitment to crack down on economic crime and money laundering in cryptoassets but implementation will require political space and resources. Allocating appropriate financial and personnel resources would help ensure that agencies have the right tools and training to appropriately enforce against illicit activity in this space in practice, and act as a real deterrent.
3. Leverage the unique and transparent nature of cryptoassets in the development of policies and a regulatory framework for their authorisation and supervision.
The information that is available to government agencies due to the transparent nature of blockchain technology provides an opportunity for policymakers and regulators to think differently about regulatory requirements in this space. For example, regulators can leverage this data to gain insights into the ecosystem and inform where the greatest risks are as they build the capacity to regulate these markets. This will allow them to prioritize regulatory requirements that fill in information gaps. For example, reporting requirements may be different in this space given the on-chain data made available to regulators because of the transparent nature of the technology. It may not be necessary to require the same level of reporting in all cases because of the ease of availability of certain on-chain data.
4. Understand and monitor systemic risks in the cryptoasset ecosystem.
Policymakers and Regulators need to understand and monitor systemic risks in the whole cryptoasset ecosystem - not just those market participants they have oversight of. This would enable a better understanding of contagion risks that may be present across the ecosystem and how they could be monitored and mitigated. Understanding the broader market structures will better enable market surveillance and inform regulatory decisions.
5. Prioritize public education to ensure consumers understand cryptoassets and have the information they need to make informed decisions.
As with any new asset class, there is sometimes confusion among the general public about what cryptoassets are and how they work.[17] It is important that the UK government engage in educational efforts related to cryptoassets to better enable consumers to understand this asset class and how to recognise and avoid scams and fraudulent activity in the cryptoasset ecosystem. The UK Government and relevant authorities could consider augmenting their efforts by partnering with the private sector to broaden the access, breadth, and depth of public education and ensure its impact. Chainalysis, for example, has launched a free, public cryptoasset academy to teach consumers about cryptoassets.[18] We have also developed consumer education videos for other jurisdictions to improve consumer and investor awareness and education.
6. Encourage open dialogue with industry and public-private partnerships.
It is important that the government work with private industry to address issues related to fraud, abuse, and manipulation in the cryptoasset ecosystem. Establishing and improving coordination and collaboration mechanisms between countries can help to streamline investigations, improve oversight of the markets, and help work towards facilitating restitution for victims of fraud. Such partnerships can also provide additional insights into what is happening in the market to better inform policy decisions and guide discussions about how best to improve regulation.
- Conclusion
We believe that these recommendations will help the UK safely realize the opportunity presented by cryptoassets to contribute to the public good[19] while also positioning itself to fully understand and tackle the risks that also come with these assets.
Since the UK set out its vision to become a global crypto hub in April 2022, other jurisdictions have either already developed or are in the process of developing regulations for cryptoassets. To avoid the risk of becoming a rule-taker rather than a rule-maker, the opportunity is now to write bespoke rules for the UK, that benefit the UK economy and UK citizens..
While this report focuses on global illicit activity, Chainalysis are willing to provide further UK-specific insight on illicit activity and on other areas not covered by this submission such as potential financial stability and contagion risks, and the legitimate uses of cryptoassets.
Annex 1: Luno - How one cryptoasset platform is addressing the risk to users from scams
Mainstream cryptoasset platforms, like exchanges, are in the perfect position to fight back against scams and instil more trust in cryptoassets by warning users or even preventing them from executing those transactions. One popular platform did just that in 2021, and the results were extremely promising.
Luno is a leading cryptoasset platform operating in over 40 countries, with an especially heavy presence in South Africa. In 2020, a major scam was targeting South African cryptoasset users, promising outlandishly large investment returns. Knowing that users were at risk, Luno decided to take action, in part by leveraging Chainalysis tools and services.
The first step was a warning and education campaign. Using in-app messages, help centre articles, emails, webinars, social media posts, videos, and one-on-one conversations, Luno showed users how to spot the red flags indicating the likelihood that an investment opportunity is a scam, and taught them to avoid pitches that appear too good to be true.
Luno then went a step further and began preventing users from sending funds to addresses it knew belonged to scammers. That’s where Chainalysis came in. As the leading blockchain data platform, we have an entire team dedicated to unearthing cryptoasset scams and tagging their addresses in our compliance products. With that data, Luno was able to halt users’ transfers to scams before they were processed. It was a drastic strategy in many ways — cryptoassets have historically been built on an ethos of financial freedom, and some users were likely to chafe at a perceived limitation on their ability to transact. But thanks to Chainalysis’ best-in-class cryptoasset address attributions, Luno was able to establish the trust necessary to sell customers on the strategy.
Luno first began blocking scam payments for South African users only in November 2020, and then rolled the feature out worldwide in January 2021. The plan worked, and transfers from Luno wallets to scams fell drastically over the course of 2021.
Orig Sheets link
The moving 30-day average daily transaction volume of transfers to scams fell 88% from a peak of $730,000 in September 2020, to just $90,000 by November. One customer summed up the results, saying, “Thank you, Luno. I was about to lose my pension and savings.”
Scams represent a huge barrier to successful cryptoasset adoption, and fighting them can’t be left only to law enforcement and regulators. Cryptoasset businesses, financial institutions, and, of course, Chainalysis have an important role to play as well. With this strategy, Luno took an important step towards establishing greater trust and safety in cryptoassets, which we hope to see continue to grow in the industry.
Annex 2: Finiko, 2021’s billion-dollar Ponzi scheme - How blockchain analytics can be used to understand illicit activity
Finiko was a Russia-based Ponzi scheme that operated from December 2019 until July 2021, at which point it collapsed after users found they could no longer withdraw funds from their accounts with the company. Finiko invited users to invest with either Bitcoin or Tether, promising monthly returns of up to 30%, and eventually launched its token that traded on several exchanges.
According to the Moscow Times, Finiko was headed up by Kirill Doronin, a popular Instagram influencer who has been associated with other Ponzi schemes. The article notes that Finiko was able to take advantage of difficult economic conditions in Russia exacerbated by the Covid pandemic, attracting users desperate to make extra money. Chainalysis Reactor shows us how prolific the scam was.
During the roughly 19 months it remained active, Finiko received over $1.5 billion worth of Bitcoin in over 800,000 separate deposits. While it’s unclear how many individual victims were responsible for those deposits or how much of that $1.5 billion was paid out to investors to keep the Ponzi scheme going, it’s clear that Finiko represents a massive fraud perpetrated against Eastern European cryptoasset users, predominantly in Russia and Ukraine.
As is the case with most scams, Finiko primarily received funds from victims’ addresses at mainstream exchanges. However, we can also see that Finiko received funds from what we’ve identified as a Russia-based money launderer.
This launderer received millions of dollars worth of cryptoassets from addresses associated with ransomware, exchange hacks, and other forms of cryptoasset crime. While the amount the service has sent to Finiko is quite small — under 1 Bitcoin (BTC) total — it serves as an example of how a scam can be used to launder funds from other criminal activity. It’s also possible that Finiko received funds from other laundering services we’ve yet to identify.
Finiko sent most of its more than $1.5 billion worth of cryptoassets to mainstream exchanges, high-risk exchanges, a hosted wallet service, and a peer-to-peer (P2P) exchange. However, we don’t know what share of those transfers represents payments to victims in order to give the appearance of successful investments.
Finiko also sent $34 million to a DeFi protocol designed for cross-chain transactions via a series of intermediary wallets, where it was likely converted into ERC-20 tokens and sent elsewhere. It also sent roughly $3.9 million worth of cryptoassets to a few popular mixing services. Most interesting of all, perhaps, is Finiko’s transaction history with Suex, an over-the-counter (OTC) broker that was sanctioned by the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) for its role in laundering funds associated with scams, ransomware attacks, and other forms of cryptoasset crime.
Between March and July of 2020, Finiko sent over $9 million worth of Bitcoin to an address that now appears as an identifier on Suex’s entry into the Specially Designated Nationals (SDN) List. This connection underlines the prolificness of Suex as a money laundering service, as well as the crucial role of such services generally in allowing large-scale cybercriminal operations, like Finiko, to victimize cryptoasset users.
Soon after Finiko’s collapse in July 2021, Russian authorities arrested Doronin, and later also nabbed Ilgiz Shakirov, one of his key partners in running the Ponzi scheme. Both men remain in custody, and arrest warrants have reportedly been issued for the rest of Finiko’s founding team.
Annex 3: Wash Trading NFTs - How blockchain analytics can be used to understand illicit activity
Wash trading, meaning executing a transaction in which the seller is on both sides of the trade to paint a misleading picture of an asset’s value and liquidity, is another area of concern for NFTs. Wash trading has been a concern in the past with cryptoasset exchanges attempting to make their trading volumes appear greater than they are. In the case of NFT wash trading, the goal would be to make one’s NFT appear more valuable than it is by “selling it” to a new wallet the original owner also controls. In theory, this would be relatively easy with NFTs, as many NFT trading platforms allow users to trade by simply connecting their wallet to the platform, with no need to identify themselves.
With blockchain analysis, however, we can track NFT wash trading by analyzing sales of NFTs to addresses that were self-financed, meaning they were funded either by the selling address or by the address that initially funded the selling address. Analysis of NFT sales to self-financed addresses shows that some NFT sellers have conducted hundreds of wash trades.
If we look more closely at Seller 1, the most prolific NFT wash trader on the chart above, we can see they’ve made 830 sales to addresses they’ve self-financed. The Etherscan screenshot below shows a transaction in which that seller, using the address beginning 0x828, sold an NFT to the address beginning 0x084 for 0.4 Ethereum via an NFT marketplace.
Everything looks normal at first glance. However, the Chainalysis Reactor graph below shows that address 0x828 sent 0.45 Ethereum to that address 0x084 shortly before that sale.
This activity fits a pattern for Seller 1. The Reactor graph below shows similar relationships between Seller 1 and hundreds of other addresses to which they’ve sold NFTs.
Seller 1 is the address in the middle. All other addresses on this graph received funds from Seller 1’s main address prior to buying an NFT from that address. So far though, Seller 1 doesn’t seem to have profited from their prolific wash trading. If we calculate the amount Seller 1 has made from NFT sales to addresses they themselves did not fund — whom we can assume are victims unaware that the NFTs they’re buying have been wash traded — it doesn’t make up for the amount they’ve had to spend on gas fees during wash trading transactions. 
Address | Spent on gas fees in wash trading transactions | Revenue from sales of wash traded NFTs to victims | Profits |
0x828 | - $35,642 | $27,258 | - $8,383 |
While wash trading is prohibited in conventional securities, futures, and other derivatives, wash trading involving NFTs has yet to be the subject of an enforcement action. Wash trading in NFTs can create an unfair marketplace for those who purchase artificially inflated tokens, and its existence can undermine trust in the NFT ecosystem, inhibiting future growth. Blockchain data and analysis make it easy to spot users who sell NFTs to addresses they’ve self-financed, so marketplaces may want to consider bans or other penalties for the worst offenders.
Appendix
Chainalysis - 2022 Crypto Crime Report https://go.chainalysis.com/2022-Crypto-Crime-Report.html
Chainalysis - 2022 Crypto Crime Mid-year Update https://blog.chainalysis.com/reports/crypto-crime-midyear-update-2022/
Chainalysis - TerraUSD
https://blog.chainalysis.com/reports/how-terrausd-collapsed/
Chainalysis - Web3 Report
https://go.chainalysis.com/2022-web3-report.html
FCA - Cryptoasset exposure Announcement https://www.fca.org.uk/news/statements/notice-regulated-firms-exposure-cryptoassets
HM Treasury - UK Regulatory approach to cryptoassets and stablecoins: response https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1088774/O-S_Stablecoins_consultation_response.pdf
National Crime Agency - 2021-2022 Annual Report
New Scientist
UK Government, John Glen Keynote Speech at Innovate Finance Global Summit
World Economic Forum Report - The Future of Capital Markets
https://www3.weforum.org/docs/WEF_Future_of_Capital_Markets_2022.pdf
September 2022
25