The US Department of Justice (DOJ) seized $2.3 million in crypto from the DarkSide ransomware operators who were allegedly responsible for the attack on Colonial Pipeline, as Chainalysis noted in their updates regarding recent ransomware activities.
The blockchain security firm has also noted that the IRS-CI’s reported cumulative seizures of more than $3.5 billion worth of virtual currency over course of last year.
Meanwhile, London’s Metropolitan Police Service (MPS) made the United Kingdom’s “largest ever seizure of cryptocurrency, taking £180 million worth from a suspected money launderer.”
This month, the DOJ seized $3.6 billion worth of Bitcoin “connected to the 2016 hack of Bitfinex, in what is currently the largest ever recovery of stolen assets in either cryptocurrency or fiat.”
According to Chainalysis, these stories are important “not only because they allow financial restitution for victims of cryptocurrency-based crime, but also because they disprove the narrative that cryptocurrency is an untraceable, unseizable asset perfect for crime.”
If cybercriminals know law enforcement is capable of seizing their virtual currency, then it may “lower their incentive to use it in the future.”
As noted by Chainalysis, these cases raise a key question: “How much cryptocurrency is currently held by known criminal entities on the blockchain, and could therefore theoretically be seized by law enforcement?”
According to the blockchain analysis firm, the answer is “a function not just of cryptocurrency-based crime revenue in 2021, but of the all-time criminal revenue still held by visible addresses.”
Chainalysis’ investigations have found that there has been “a huge increase in criminal balances in 2021 — at year’s end, criminals held $11 billion worth of funds with known illicit sources, compared to just $3 billion at the end of 2020.”
The firm also noted that as of the end of 2021, stolen funds “account for 93% of all criminal balances at $9.8 billion.” Darknet market funds are next “at $448 million, followed by scams at $192 million, fraud shops at $66 million, and ransomware at $30 million.”
The company also shared that darknet market vendors and administrators tend “to hold their funds the longest before liquidating, while wallets with stolen funds tend to hold for the shortest amount of time.”
The company further noted:
“Overall, Chainalysis has identified 4,068 criminal whales holding over $25 billion worth of cryptocurrency. Criminal whales represent 3.7% of all cryptocurrency whales — that is, private wallets holding over $1 million worth of cryptocurrency.”
The Chainalysis team also pointed out that most criminal whales received either a relatively small or extremely large share of their total balance from illicit addresses.
Illicit funds received by criminal whales also “come from more varied sources than the funds making up overall criminal balances.”
Whereas stolen funds dominate overall criminal balances, darknet markets are the biggest source of illicit funds “sent to criminal whales, followed by scams second and stolen funds third.”
The company added:
“Finally, we can also use time zone analysis to try and approximate the location of criminal whales.”
The firm also noted that the ability to efficiently track criminal whales and quantify their holdings from one public data set “is a major difference between cryptocurrency-based crime and fiat-based crime.”
They explained that in fiat, “the highest net worth criminals have murky networks of foreign banks and shell corporations to obfuscate their holdings.”
However, in cryptocurrency, transactions are “saved on the blockchain for all to see.”
Investigation of criminal whales “represents a significant opportunity for government agencies around the world to continue their string of successful seizures, and bring to justice the biggest beneficiaries of cryptocurrency-based crime,” the team at Chainalysis noted.
However, the story of Russia’s crypto usage “isn’t entirely positive,” the Chainalysis team noted while pointing out that individuals and groups based in Russia — some of whom have been sanctioned by the US in recent years — “account for a disproportionate share of activity in several forms of cryptocurrency-based crime.”