Source: Chainalysis; compiled by Baishui, Golden Financial
In 2024, the cryptocurrency ecosystem has achieved many positive developments. Following the approval of spot Bitcoin and Ethereum exchange-traded products (ETPs) in the U.S. and revisions to the U.S. Financial Accounting Standards Board (FASB) fair accounting rules, cryptocurrency continues to gain mainstream acceptance in many respects. Additionally, the inflow of legitimate services year-to-date is at its highest level since 2021 (the last peak of the bull market). In fact, total illicit activity has decreased by 19.6% year-to-date, from $20.9B to $16.7B, indicating that the growth of legitimate activities is outpacing on-chain illegal activities. This encouraging sign suggests the ongoing adoption of cryptocurrency globally.
These global trends are also reflected in Japan's cryptocurrency ecosystem. Overall, Japan's services have a generally low exposure to global illegal entities (e.g., sanctioned entities, dark web markets (DNM), and ransomware services) because most Japanese services primarily cater to Japanese users. However, this does not mean Japan is completely immune to cryptocurrency-related crime. Public reports, including those from Japan's Financial Intelligence Unit (FIU) and the Japan Financial Intelligence Center (JAFIC), emphasize that cryptocurrency poses significant money laundering risks. While Japan's contact with international illegal entities may be limited, the country is not without its local challenges. Off-chain criminal entities utilizing cryptocurrency are prevalent.
In this article, we will explore two key cryptocurrency crime issues in Japan that warrant close attention: money laundering and fraud.
Money laundering and cryptocurrency
First, let’s explore the relationship between money laundering and cryptocurrency. Money laundering in the context of cryptocurrency often involves concealing the proceeds of on-chain crimes (such as DNMs and ransomware). But as the world continues to embrace cryptocurrency, illegal actors also seek to exploit powerful new technologies. With the right tools and knowledge, investigators can leverage the transparency of blockchain to uncover and dismantle illegal activities both on-chain and off-chain.
Cryptocurrency native money laundering
The process of laundering funds obtained on-chain is often complex, as cybercriminals use various services to conceal the origins and movements of funds. Cryptocurrency native money laundering poses ongoing challenges for cryptocurrency services and law enforcement agencies.
The first stage of cryptocurrency native money laundering—placement—always involves cryptocurrency. Despite the transparency of blockchain, criminals often choose cryptocurrency for laundering because creating private wallets that do not require Know Your Customer (KYC) information is usually easier than laundering through traditional placement strategies. The intermediate stage of laundering (layering) can take various forms. In traditional fiat money laundering activities, this may involve sending funds through multiple bank accounts and/or shell companies. In cryptocurrency, this may involve:
Intermediate wallets or hops: Using multiple personal wallets complicates tracking, often accounting for over 80% of the total value flowing through these laundering channels. For investigators and compliance professionals using Chainalysis, detecting illegal activity and tracing it through intermediate wallets may be relatively straightforward.
Cryptocurrency obfuscation services: Obfuscation services can take many different forms, such as mixers, cross-chain bridges, and privacy coins. While these services are widely used by money launderers, they also have legitimate privacy use cases and are not inherently illegal.
Mixers: These services mix cryptocurrency from different users to obscure the source and ownership of funds. In line with the overall recovery of market activities, mixers are expected to revive in 2024.
Cross-chain bridges: These services and protocols facilitate the transfer of assets between different blockchain networks, creating complex transaction networks.
Privacy coins: Tokens like Monero and Zcash use advanced cryptographic techniques to hide transaction details, making them attractive to illicit actors.
Stablecoins: increasingly becoming the preferred vehicle for illicit fund transfers, reflecting the overall growth in global stablecoin adoption over the past few years. However, the use of stablecoins also increases the risk for money launderers, as many stablecoin issuers respond to authorities and have the ability to freeze funds.
Over-the-counter (OTC) brokers: OTC brokers around the world can facilitate large trades with minimal scrutiny, often bypassing public order books and KYC requirements.
Although some cybercriminals may keep their ill-gotten gains in personal wallets for years (perhaps hoping that authorities will turn their attention elsewhere), most bad actors aim to convert funds from cryptocurrency to cash. After using obfuscation techniques, over 50% of illegal funds flow directly or indirectly into centralized exchanges. Illegal actors may turn to centralized exchanges for money laundering because they offer high liquidity, ease of conversion from cryptocurrency to fiat currency, and integration with traditional financial services, which helps blend illegal funds with legitimate activities. Currently, hundreds of centralized service providers receive over $1 million in illegal funds each year.
Non-cryptocurrency native money laundering
Traditional money launderers are adopting approaches similar to fiat-based strategies to enter cryptocurrency. Unlike cryptocurrency native money laundering, non-cryptocurrency native money laundering begins with the placement stage involving fiat currency. Typically, criminals will first deposit fiat funds into bank accounts before converting them to cryptocurrency. They can then layer their funds, just like in cryptocurrency native laundering.
Non-cryptocurrency native money laundering involves off-chain criminal activities such as drug trafficking and fraud. Identifying novel on-chain money laundering patterns often reflects the detection of anomalous transactions and patterns based on fiat currency. In non-cryptocurrency native money laundering, on-chain analysis typically begins with centralized exchanges, making it challenging to identify illegal transactions without additional background information. Although tracking the flow of these funds can be challenging due to a lack of evidence, data science techniques can highlight potential indicators of non-cryptocurrency native money laundering.
One method to identify non-cryptocurrency native money laundering is through repeated transfers below reporting thresholds, which we discussed in more detail in the 2024 cryptocurrency money laundering report. While these thresholds vary by country/region, the Financial Action Task Force (FATF)—the international body that sets AML/CFT standards—recommends that cryptocurrency transactions above $1,000/€ must comply with travel rules. Authorities set this threshold at $3,000. Additionally, the U.S. Bank Secrecy Act (BSA) requires reporting of cash transactions exceeding $10,000.
Transactions above these values will trigger additional scrutiny, while transactions below these thresholds, even by just one dollar, will not face the same level of examination.
The chart below shows the value of funds transferred to centralized exchanges by transfer size from the beginning of 2024 to date. It shows a significant spike in transfer amounts just below the reported thresholds of $1,000, $3,000, and $10,000, and just above those thresholds. Transfers slightly above these thresholds may be attributable to rounding differences in exchange rates. This spike is typical behavior for bad actors, who adjust payment methods to avoid triggering reporting requirements. Transfers just below reporting requirements are one of the danger signals emphasized by the FATF in its guidelines for virtual asset service providers (VASPs) to help identify suspicious behavior.
Consolidated funds
Exchanges may also benefit from monitoring consolidating wallets interacting with their services. When money launderers layer funds through many intermediate wallets, the transaction process is often neither straightforward nor linear. Instead, launderers may split funds among many different wallets and then re-consolidate them after multiple transactions.
Consolidating wallets receive and merge funds from multiple wallets or sources. If funds are transferred through multiple independent intermediate wallets and then consolidated into one address, this may indicate an attempt to avoid detection.
The following Chainalysis cryptocurrency investigation chart illustrates such behavior in a known scam gang targeting the elderly. In this case, scammers may instruct victims to use a specific service, Exchange 1, to purchase crypto assets. Each victim is then instructed to send funds to different wallets controlled by the scammers. The scammers then consolidate these funds into one wallet and cash out at Exchange 2.
Exchange 1's compliance team finds it difficult to directly link victims with scammers, especially if the intermediary addresses are one-time use and have no previous illegal connections, unless they trace transactions back to consolidating wallets. Utilizing numerous intermediaries before consolidation is a well-known strategy to prevent Exchange 1's compliance team from understanding the connections between all victims sending funds.
While the above examples are relatively simple, more complex money laundering networks possess consolidating wallets capable of aggregating funds from dozens or even hundreds of intermediate wallets. Querying Chainalysis data allows investigators to identify major consolidating wallets, which often serve as useful leads. For instance, the top 100 Bitcoin consolidating wallets from the beginning of 2024 to date—all of which executed two-hop transactions from exchanges—received nearly $1 billion ($968 million) in Bitcoin from over 14,970 different addresses.
Expanding the scope further, we find that over 1,500 consolidating wallets received a total of $2.6B worth of Bitcoin in 2024; each of these wallets received funds from at least ten different wallets. Similarly, we cannot definitively say this represents money laundering—in fact, much of it may represent legitimate capital inflow. However, this activity may warrant additional scrutiny.
Illegal activities in Japan: Money laundering and fraud
In Japan, based on our conversations with key industry players and statistics and documents released by local authorities, we have been observing that the most common illicit use of cryptocurrency is laundering from non-cryptocurrency native crimes and scams. We will discuss how Japan recognizes these issues and explore how to estimate the extent of the damage caused by such crimes.
Non-cryptocurrency crime money laundering
As mentioned earlier, it is difficult to track non-cryptocurrency native crime cases on a large scale without background—usually only law enforcement, financial institutions, cryptocurrency services, and/or victims are aware. Nevertheless, some of our clients have provided us with information that addresses attribution issues, allowing us to better understand the state of non-cryptocurrency money laundering in Japan. Based on the information we have received so far, many illegal accounts in centralized exchanges are set up to receive fiat funds from traditional forms of fraud and phishing activities, siphoning money from online banking accounts. We published a blog last year discussing on-chain analysis of a money laundering case in Japan originating from non-cryptocurrency native crime.
According to statistics published by the Japan National Police Agency (JNPA), Japan reported a total of 19,038 fraud cases in 2023, amounting to a total loss of 45.26B JPY (approximately $300 million). These figures exceed those of 2022, indicating that such fraudulent activities are still on the rise and remain a serious issue. While these statistics do not account for the amount of fiat currency converted to cryptocurrency, as will be discussed later, we estimate that a significant portion of this is based on cryptocurrency laundering activities.
According to a report released by JNPA's Cyber Affairs Bureau, nearly half of the reported stolen funds from online banking accounts (totaling 8.73B JPY ($57.89 million)) were sent to bank accounts of cryptocurrency exchanges. These fund flows indicate that cryptocurrency is now commonly used as a tool for fraudsters to launder money.
Fraud trends impacting Japan
As stated in our cryptocurrency crime report, scams are one of the most serious illegal categories in cryptocurrency. We have previously identified notable cryptocurrency scam clusters with touchpoints in Japan, but today, Japanese law enforcement is also closely monitoring new trends in scams—social media-based investment scams and romance scams.
Recent investment scams often run advertisements soliciting investments on major social media platforms to attract potential victims' attention. Scammers impersonate well-known economists or celebrities to draw more followers and guide them into group channels of popular messaging applications via URLs in the ads, where many impersonated members actively comment and applaud the channel hosts. Victims are drawn into conversations with the scammers (who often refer to themselves as channel owners or assistants) and are ultimately instructed to trade on fake investment websites.
Romance scams, also known as "pig-butchering scams," because bad actors claim to "fatten up" victims for maximum possible value, are a significant and growing issue related to cryptocurrency. Pig-butchering scammers first establish a relationship with victims over time (typically romantic, as the name suggests), usually initiating contact through text messages pretending to be wrong numbers or via dating apps. As the relationship deepens, scammers ultimately prompt victims to invest funds (sometimes cryptocurrency, sometimes fiat currency) into a fake investment opportunity and continue doing so until they ultimately cut off contact.
JNPA's latest statistics on such scams show numbers from January to August this year, significantly higher than last year:
Investment scams: 6,868 cases reported, totaling 64.14 billion JPY ($424.97 million) — of which 9.9% is cryptocurrency
Romance scams: 4,639 cases reported, totaling 23.65 billion JPY ($156.7 million) — of which 17.7% is cryptocurrency
After the Japanese government recognized this as a significant threat to Japanese citizens, the Cabinet convened to discuss countermeasures and policies, including strengthening investigation capabilities for cryptocurrency, preventing illegal bank withdrawals, and establishing a legal framework to fully support asset seizure and recovery.
Our on-chain analysis of fraud and scam cases in Japan
Although large-scale tracking of off-chain money laundering activities is difficult, when our clients alert us to such activities and provide the addresses and transactions involved, we can trace the flow of funds, just as we did last year. As we continue to work closely with clients and partners in Japan to enhance our data, particularly on off-chain money laundering activities, we can also analyze the state of fraud and scams involving cryptocurrency in Japan.
The following is the total value received reported as fraudulent accounts and scams in clusters for 2023 and 2024 (as of June).
Reported as fraud (non-cryptocurrency native) (total value received from Japanese exchanges) – USD
Reported as fraud (total value received from Japanese exchanges) - USD
As always, we must caution that these figures are estimated lower bounds, especially for off-chain crime, as many scams and frauds go unreported.
Nevertheless, these activities share a common pattern: the use of consolidating wallets. While the initial addresses receiving funds directly from exchanges are distributed and transient, the funds from these addresses ultimately end up in far fewer private wallets and/or deposit addresses within exchanges.
As we narrow down cases involving ETH, we find that integrating wallets frequently use decentralized exchanges (DEX) or bridges to convert ETH to USDT.
How to read this chart:
– Blue: Funds flowing from Japanese exchanges to suspicious scam addresses
– Red: Funds from the initial address to the first consolidation point
– Green: Funds from the first consolidation point to the second consolidation point
– Purple: Funds from the second integration point to the DEX (ETH<->USDT)
Given the speed at which money launderers use new wallet addresses, tracking them individually in real-time is not easy, but we can still identify common consolidation points from the clusters we have identified to estimate the scale of these illicit activities. In this case, we estimated the potential amount of illicit funds related to Japanese cases using the following process:
Tracking funds categorized as illegal clusters in Japan to find consolidation points;
At the consolidation points, aggregate amounts received from Japanese tagged clusters and Japanese exchange clusters are exposed.
Here’s what we found:
Estimated value of non-cryptocurrency native money laundering activities – USD
Estimated value of scams in Japan – USD
As mentioned earlier, these estimates are consistent with those published by Japanese authorities.
The changes in money laundering strategies we observe from numerous threat actors remind us that the most sophisticated illegal actors are continually adjusting their laundering strategies and exploiting new types of cryptocurrency services. By studying these new on-chain money laundering methods and patterns, and learning how to disrupt them, law enforcement and compliance teams can become more effective.
