[The role of Chainaanalysis in combating crime in the crypto world]
Chainalysis and crime in America: Cryptocurrency-backed fentanyl trade
At the "Links NYC 2024" event sponsored by Chainalysis, the use of cryptocurrency in illegal activities such as drug trafficking was revealed.
According to the Centers for Disease Control and Prevention, about 1 million people have died from drug overdoses in the United States since 1999, including about 69,000 deaths in 2020 from ingesting opioids like fentanyl. The drugs, primarily sourced from countries such as China, are heavily funded with cryptocurrencies to circumvent U.S. federal government sanctions.
According to the Drug Enforcement Administration (DEA) report, China is the main producer of fentanyl precursor substances. The Chainalysis report states that Chinese crypto addresses associated with these criminal activities received more than $37.8 million in cryptocurrency from January 2018 to April 2023, with activity peaking in 2020 and 2022.
When including thousands of addresses linked to new chemical precursor shops identified by Chainalysis, the total inflow reaches $250 million. Darknet markets have still recorded strong flows since June 2011, despite reduced inflows following the closure of major markets such as AlphaBay and Hansa. Sales of fentanyl and other drugs peak after 2022, reaching about $150 million in cryptocurrency each month.
As U.S. law enforcement sanctions highlight trends in online crime, Chainalysis leverages its advanced on-chain monitoring technology to identify malicious actors polluting the blockchain world with financial crimes and illicit transactions. Since 2015, the company has helped identify and flag Chinese crypto addresses that have received more than $98 million in payments for the sale of fentanyl precursor substances, reducing the impact in the United States.
Chainalysis also found that funds flowing to addresses suspected of being chemical stores were linked to fentanyl seized at the U.S.-Mexico border, indicating that these cryptocurrency transactions were consistent with regional patterns previously identified by the DEA.
The Lazarus Group and North Korea: Axie Infinity hacks and new money laundering tactics
Chainalysis’s work in combating blockchain crime goes beyond detecting cryptocurrency-funded drug transactions and extends to studying and monitoring the flow of funds for hacks and exploits.According to recent estimates, the North Korean hacking unit Lazarus Group and other related groups have stolen approximately $1 billion from DeFi protocols since 2022 to date.
The Lazarus Group is one of the most ruthless and technically sophisticated hacking entities in the world, and the North Korean government supports these activities to obtain funds to fund the construction of ballistic missiles and other weapons of war. Lazarus’s largest theft to date was a March 2022 attack on the crypto games Axie Infinity and Ronin sidechain, which resulted in the theft of $600 million.
In this attack, the Lazarus Group obtained five of the Ronin Network's nine private keys, allowing them to approve transactions on the network and withdraw 173,600 ETH and 25.5 million USDC. Some of the proceeds of crime have been laundered through a variety of highly sophisticated techniques, including:
1. Funds stolen and converted into ETH.
2. Mix ETH using a decentralized mixer like Tornado Cash.
3. Convert mixed ETH to BTC.
4. BTC is mixed in coinjoin transactions for added privacy.
5. BTC Deposit Cryptocurrency to Fiat Currency Service for Cash.
Due to the sanctions imposed on Tornado Cash by the Office of Foreign Assets Control (OFAC), the Lazarus Group had to find alternative ways to launder the funds it obtained. Since then, hackers have turned to using cross-chain bridges that tend to obscure the source of funds to move cryptocurrencies from one chain to another.
For example, Lazarus sends ETH to the BNB chain network, exchanges it for USDD, and then transfers it to the BitTorrent chain. Chainalysis Storyline shows hundreds of similar transactions were made to launder between $100,000 and $200,000 in funds and send them to a single wallet. All $600 million stolen from Axie was spread across approximately 20,000 wallets.
Hackers also use off-chain environments to launder dirty money. For example, FBI Special Agent Chris Wong noted that North Korean hackers seek legitimate jobs in the United States and are paid in cryptocurrency to disguise the proceeds from their hacking attacks.
Chainalysis’s role in this scenario is to track the flow of funds on various chains and monitor the movement of assets stolen by criminal groups. Thanks to ongoing collaboration with law enforcement and specialist firms, Chainalysis has successfully seized and frozen more than $30 million in cryptocurrency theft from North Korea-related hacks over the past two years.
Experts from the Chainalysis team believe that as local regulations tighten and the DeFi ecosystem evolves, it will become increasingly difficult for Lazarus hackers to launder money with cryptocurrencies and participate in various organized crimes.
