Report: Total on-chain illegal activity has dropped by nearly 20% so far this year, with an increase in stolen funds and ransomware

PANews reported on August 16 that Chainalysis said in its mid-year report on crypto crime that the total amount of illegal activities on the chain has dropped by nearly 20% so far this year, indicating that legal activities are growing faster than illegal activities. Although illegal transactions have decreased compared with the same period last year, two types of illegal activities - stolen funds and ransomware - are increasing. Specifically, the inflow of stolen funds almost doubled from US$857 million to US$1.58 billion, while the inflow of ransomware increased by about 2%, from US$449.1 million to US$459.8 million.

Regarding stolen funds, the average amount of cryptocurrency stolen per theft increased by nearly 80%. This was partly due to the rise in the price of Bitcoin, which accounted for 40% of the total transaction volume in these thefts. Crypto thieves are more frequently targeting centralized exchanges, rather than prioritizing DeFi protocols. Advanced cybercriminals, including IT workers associated with North Korea, are increasingly using off-chain methods such as social engineering to steal funds by infiltrating crypto-related services.

Regarding ransomware, 2024 is on track to be the highest-grossing year in history for ransomware payments, largely due to fewer high-profile attacks by the group, but the amount of ransoms collected. 2024 saw the largest ransomware payment ever, to the Dark Angels ransomware group, at approximately $75 million. The average ransom payment for the most severe ransomware has surged from less than $200,000 in early 2023 to $1.5 million in mid-June 2024, suggesting that these ransomware campaigns are preferentially targeting larger enterprises and critical infrastructure providers, which may be more likely to pay high ransoms due to their deep pockets and systemic importance. The ransomware ecosystem has seen some degree of fragmentation due to recent law enforcement disruptions against large players such as ALPHV/BlackCat and LockBit. In the wake of these disruptions, some of the affiliates have moved to less effective ransomware or launched their own.