In spite of a market downturn and a prolonged “crypto winter”, the volume of illicit cryptocurrency transactions continued to rise in 2022, reaching an all-time high of US$20.6 billion, new data released by blockchain analysis firm Chainalysis show.

The sum represents a 13.8% increase from the previous all-time high of US$18.1 billion recorded in 2021, and comes despite a market slump that saw total capitalization plummeting by more than 60%. Total market capitalization started off the year 2022 at US$2.2 trillion to hit an annual low of US$810 million in December.

The price of bitcoin fell by more than 75% in 2021, dropping from an all-time high of US$64,000 in mid-November to below the US$16,000 mark in late-December. The cryptocurrency is now trading at around US$26,400, up 60% this year.

Crypto sanctions on the rise

Growing illicit crypto volumes in 2022 were driven by soaring activity associated with sanctioned entities, which accounted for 43% of the year’s volume.

This comes on the back of rising crypto-related sanctions from the Office of Foreign Assets Control (OFAC) of the US Department of the Treasury, which grew from just two individuals in 2018 to nine crypto-related entities and about 100 addresses in 2021.

2022 saw some of OFAC’s biggest cryptocurrency service designations to date. Three in particular are notable: Garantex, a Russia-based crypto exchange; Tornado Cash, a decentralized crypto mixer; and Hydra, a darknet market.

OFAC sanctioned Garantex in April 2022 for willfully disregarding anti-money laundering and countering the financing of terrorism (AML/CFT) obligations and allowing its systems to be abused by illicit actors. The exchange facilitated over US$100 million in transactions associated with illicit actors and darknet markets between 2019 and early 2022, according to OFAC.

The agency sanctioned crypto mixer Tornado Cash in August last year, claiming the service had been used to launder more than US$7 billion worth of crypto since its inception in 2019, including over US$455 million stolen by the Lazarus Group, a Democratic People’s Republic of Korea state-sponsored hacking group.

And Hydra, Russia’s most prominent darknet market, was sanctioned by OFAC in April following the shutdown of the market by Germany’s federal police. Hydra ran a marketplace that sold ransomware-as-a-service, hacking services and software, stolen personal information, counterfeit currency, stolen crypto and illicit drugs. OFAC’s investigation identified approximately US$8 million in ransomware proceeds that transited to Hydra’s crypto accounts. According to blockchain researchers, approximately 86% of the illicit bitcoin received directly by Russian crypto exchanges in 2019 came from Hydra.

An analysis of on-chain data by Chainalysis found that each of the three sanctioned services were affected differently by their designations by OFAC and revealed that sanctions can be extremely effective when there is international cooperation.

While inflows into Hydra dropped to zero as soon as the marketplace was sanctioned and seized, Garantex, on the other end, saw its crypto transaction volume steadily increase post-designation, reaching an average of approximately US$1.3 billion in monthly inflows through October 2022. Tornado Cash, meanwhile, saw a drop in inflows from virtually every category, with the exception of funds from scammers and mixing services.

Decentralized finance remains top target for hackers

In 2022, illicit transaction volumes fell across all major categories of crypto-related crime, with the exception of stolen funds, which rose 7% year-over-year (YoY). This marked 2022 as the biggest year ever for crypto hacking, with US$3.8 billion stolen from cryptocurrency businesses.

Decentralized finance (DeFi) protocols were the primary target of crypto hackers last year, continuing a trend that started in 2020 and accelerated in 2021. In 2022, DeFi protocols accounted for 82.1% of all cryptocurrency stolen by hackers, or US$3.1 billion, up from 73.3% in 2021.

Of the US$3.1 billion stolen from DeFi protocols, 64% came from cross-chain bridge protocols specifically.

Cross-chain bridges are protocols that let user port digital assets and data from one blockchain to another. Their design and specificities vary but most protocols on the market right now work by “wrapping” tokens in a smart contract and issuing native assets to be used on the other blockchain.

Since cross-chain bridges essentially work as liquidity providers, collecting funds and locking them into a central point of storage, they have become an attractive target for criminals.

In 2022, the share of crypto transactions associated with illicit activities rose for the first time since 2019, growing from 0.12% in 2021 to 0.24% last year. Despite the slight rise, illicit activity in cryptocurrency remained a small share of total volume and continued to trend downwards.

Featured image credit: Edited from Unsplash