rounded

Source: Chainalysis

Compiled by: Baishui, Golden Finance

 

2024 has seen many positive developments in the cryptocurrency ecosystem. Cryptocurrencies continue to gain mainstream acceptance in many ways following the approval of spot Bitcoin and Ethereum exchange-traded products (ETPs) in the U.S. and revisions to the FASB’s fair accounting rules. Additionally, YTD inflows to legitimate services are the highest since 2021, the peak of the last bull run. In fact, YTD total illicit activity has fallen 19.6% from $20.9B to $16.7B, indicating that legitimate activity is growing faster than on-chain illicit activity. This is an encouraging sign for continued cryptocurrency adoption around the world.

 

These global trends are also reflected in Japan’s crypto ecosystem. Overall, Japanese services generally have lower exposure to global illicit entities, such as sanctioned entities, darknet markets (DNMs), and ransomware services, as most Japanese services are primarily targeted at Japanese users. However, this does not mean that Japan is completely immune to cryptocurrency-related crime. Public reports, including from Japan’s Financial Intelligence Unit (FIU) Japan Financial Intelligence Center (JAFIC), have highlighted that cryptocurrencies pose a significant money laundering risk. While Japan’s exposure to international illicit entities may be limited, the country is not without its own local challenges. Off-chain criminal entities that exploit cryptocurrencies are prevalent.

 

In this article, we’ll look at two key cryptocurrency crime issues that deserve close attention in Japan: money laundering and fraud.

 

Money Laundering and Cryptocurrency

 

First, let’s explore the relationship between money laundering and cryptocurrency. Money laundering in the context of cryptocurrency is often associated with concealing the proceeds of on-chain crimes such as DNMs and ransomware. But as the world continues to embrace cryptocurrency, illicit actors are eager to take advantage of powerful new technologies. With the right tools and knowledge, investigators can use the transparency of blockchain to uncover and disrupt illegal activity both on-chain and off-chain.

 

Crypto-native money laundering

 

The process of laundering funds obtained on-chain is often complex, as cybercriminals use a variety of services to obscure the source and movement of funds. Crypto-native money laundering presents ongoing challenges for cryptocurrency services and law enforcement agencies.

 

 

The first stage of crypto-native money laundering – placement – ​​always involves cryptocurrency. Despite the transparency of blockchain, criminals often choose cryptocurrencies for money laundering because it is often easier to create private wallets that do not require know-your-customer (KYC) information than to launder money through traditional placement strategies such as money mules. The intermediate stages of money laundering (layering) can take many forms. In traditional fiat money laundering, this might involve sending funds through multiple bank accounts and/or shell companies. In crypto, this might involve:

 

  • Intermediary Wallets or Hopping: The use of multiple individual wallets complicates tracing and often accounts for more than 80% of the total value flowing through these money laundering channels. For investigators and compliance professionals using Chainalysis, detecting illegal activity and tracing it through intermediary wallets can be relatively simple.

  • Cryptocurrency obfuscation services: Obfuscation services can take many different forms, such as mixers, cross-chain bridges, and privacy coins. While these services are widely used by money launderers, they also have legitimate privacy use cases and are not inherently illegal.

  • Mixers: These services mix cryptocurrencies from different users to obfuscate the origin and ownership of funds. In line with the general pick-up in market activity, mixers will begin to recover in 2024.

  • Cross-chain bridges: These services and protocols facilitate the transfer of assets between different blockchain networks, creating complex transaction networks.

  • Privacy coins: Coins like Monero and Zcash use advanced cryptography to hide transaction details, which makes them attractive to illicit actors.

  • Stablecoins: Increasingly becoming the preferred vehicle for illicit money transfers, reflecting the overall growth in stablecoin adoption globally over the past few years. But using stablecoins also increases the risk for money launderers, as many stablecoin issuers are responsive to authorities and have the ability to freeze funds.

  • Over-the-Counter (OTC) Brokers: OTC brokers are located all over the world and can facilitate large trades with minimal scrutiny, often bypassing public order books and KYC requirements.

 

While some cybercriminals may keep their ill-gotten gains in personal wallets for years (presumably hoping that authorities will turn their attention elsewhere), most bad actors look to move funds from crypto to cash. More than 50% of illicit funds flow directly or indirectly to centralized exchanges after using obfuscation techniques. Illegal actors may turn to centralized exchanges for money laundering because of their high liquidity, easy crypto-to-fiat conversions, and integration with traditional financial services that help blend illicit funds with legitimate activity. Hundreds of centralized services currently receive more than $1 million in illicit funds each year.

 

Non-crypto native money laundering

 

Traditional money launderers are entering cryptocurrencies using methods similar to fiat-based strategies. Unlike crypto-native money laundering, non-crypto-native money laundering starts with a placement phase involving fiat currency. Typically, criminals will first use a bank account to deposit fiat funds, which will then be converted into cryptocurrencies. Criminals can then layer their funds, just like crypto-native money laundering.

 

Non-cryptocurrency-native money laundering involves off-chain criminal activities such as drug trafficking and fraud. Identifying novel on-chain money laundering patterns often reflects the detection of unusual transactions and patterns based on fiat currencies. In non-cryptocurrency-native money laundering, on-chain analysis often starts from centralized exchanges, making it difficult to identify illegal transactions without additional context. Although tracing the movement of these funds can be challenging due to a lack of evidence, data science techniques can flag indicators of potential non-cryptocurrency-native money laundering.

 

One way to identify non-cryptocurrency-native money laundering is to make repeated transfers below the reporting threshold, which we discuss in more detail in our 2024 Cryptocurrency Money Laundering Report. While these thresholds vary by country, the Financial Action Task Force (FATF)—the international body that sets AML/CFT standards—recommends that cryptocurrency transactions over $1,000/€1,000 be subject to the travel rule. Authorities set this threshold at $3,000. Additionally, the U.S. Bank Secrecy Act (BSA) requires reporting of cash transactions over $10,000.

 

Transactions above these values ​​trigger additional scrutiny, while transactions below these thresholds, even if they are as little as a dollar, do not face the same level of scrutiny.

 

The chart below shows the value of funds moved to centralized exchanges by transfer size year-to-date in 2024. It showed a significant surge in transfer amounts, just below and slightly above the reporting thresholds of $1,000, $3,000 and $10,000. Transfers slightly above these thresholds may be due to rounding differences in exchange rates. This surge is typical of bad actors adjusting payment methods to avoid triggering reporting requirements. Transactions that fall slightly below reporting requirements are one of the red flag indicators highlighted by the FATF in its guidance for virtual asset service providers (VASPs) to help identify suspicious behavior.

 

 

Consolidation of funds

 

Exchanges may also benefit from monitoring consolidated wallets that interact with their services. When money launderers layer funds through many intermediary wallets, the transaction flow is often not simple and linear. Instead, money launderers may split funds into many different wallets and then reunite the funds after multiple transactions.

 

Merge wallets receive and combine funds from multiple wallets or sources. If funds are transferred through multiple independent intermediary wallets and then combined at a single address, this may indicate an attempt to avoid detection.

 

The Chainalysis cryptocurrency investigation diagram below shows this type of behavior in a known scam ring that targets senior citizens. In this case, the scammers may instruct victims to purchase crypto assets using a specific service, Exchange 1. Each victim is then instructed to send funds to a different wallet controlled by the scammer. The scammers then combine these funds into a single wallet and cash out at Exchange 2.

 

 

It would be difficult for Exchange 1’s compliance team to directly connect victims to the scammers, especially if the intermediary addresses were one-offs with no prior illicit relationship, unless they traced the transactions back to the consolidated wallet. Using many intermediaries prior to consolidation is a well-known tactic that prevents Exchange 1’s compliance team from understanding the connections between all victims who sent funds.

 

While the above example is relatively simple, more complex money laundering networks feature consolidation wallets that aggregate funds from dozens or even hundreds of intermediary wallets. Querying Chainalysis data allows investigators to find major consolidation wallets, which often serve as useful clues. For example, the top 100 Bitcoin consolidation wallets in 2024 year-to-date - all of which are two-hop transactions from exchanges - received nearly $1 billion ($968 million) worth of Bitcoin from more than 14,970 different addresses.

 

 

Zooming out further, we find that over 1,500 combined wallets received a total of $2.6B worth of Bitcoin in 2024; each of these individuals received funds from at least ten different wallets. Again, we can’t say for sure that this represents money laundering — in fact, much of it likely represents legitimate inflows. But this activity may warrant additional scrutiny.

 

Illegal Activities in Japan: Money Laundering and Fraud

 

In Japan, based on our conversations with key industry players and statistics and documents released by local authorities, we have consistently observed that the most common illicit use of cryptocurrencies is money laundering from non-crypto native crimes and scams. We will discuss how Japan recognizes these issues and explore how to estimate the extent of damage caused by such crimes.

 

Money Laundering for Non-Crypto Crime

 

As mentioned before, it is difficult to track non-crypto native crime cases at scale without context — often only known to law enforcement, financial institutions, crypto services, and/or victims. Nonetheless, some of our clients have provided us with information that addresses the attribution issue, allowing us to better understand the state of non-crypto money laundering in Japan. Based on the information we have received so far, many illicit accounts on centralized exchanges are set up to receive fiat funds from traditional forms of fraud and phishing campaigns, stealing funds from online bank accounts. We published a blog last year discussing our on-chain analysis of a Japanese money laundering case that started with a non-crypto native crime.

 

According to 2023 statistics released by the Japan National Police Agency (JNPA), in 2023, there were 19,038 reported fraud cases in Japan, with total losses of 45.26B yen (about $300 million). These figures exceed the figures for 2022, indicating that this type of fraud is still growing and remains a serious problem. Although these statistics do not involve the amount of fiat currency converted into cryptocurrency, as we explore later, we assess that a large part of this is cryptocurrency-based money laundering.

 

According to a report published by the JNPA Cyber ​​Affairs Bureau, in this case, nearly half of the funds reported stolen from online bank accounts, totaling 8.73B yen ($57.89 million), were sent to bank accounts of cryptocurrency exchanges. These flows of funds indicate that cryptocurrencies are now being used as a common tool for fraudsters to launder money.

 

Fraud trends affecting Japan

 

As mentioned in our Crypto Crime Report, scams are one of the most serious illegal categories in cryptocurrency. We have previously discovered clusters of well-known cryptocurrency scams with touchpoints in Japan, but today, Japanese law enforcement agencies are also keeping a close eye on new trends in scams - social media-based investment scams and romance scams.

 

Recent investment scams often place investment solicitation ads on major social media platforms to attract the attention of potential victims. Scammers impersonate well-known economists or celebrities to attract more followers and direct them to group channels on popular messaging apps through URLs on the ads, where many of the fake members actively comment and applaud the channel host. Victims are drawn into conversations with the scammers (who often claim to be the channel owner or assistant) and are ultimately instructed to trade on the fake investment website.

 

Romance scams, also known as “pig-sucking scams” ​​because bad actors say they “fatten” their victims for the maximum possible value, are a significant and growing problem with cryptocurrency. Pig-sucking scammers first establish a relationship (usually romantic, as the name implies) with their victims for a period of time, usually initiating contact through pretend text messages to the wrong number or through dating apps. As the relationship deepens, the scammers eventually get the victim to invest funds (sometimes in cryptocurrency, sometimes in fiat) in a fake investment opportunity and continue to do so until contact is eventually severed.

 

The latest statistics from the JNPA on such scams show the following figures from January to August this year, which are significantly higher than last year:

 

  • Investment fraud: 6,868 cases reported, totaling 64.14 billion yen ($424.97 million) — 9.9% of which were cryptocurrencies

  • Romance scams: 4,639 cases reported, totaling 23.65 billion yen ($156.7 million) — 17.7% of which were crypto

 

After the Japanese government recognized that this was a major threat to Japanese citizens, the cabinet held a meeting to discuss countermeasures and policies, including strengthening investigation capabilities for cryptocurrencies, preventing illegal bank withdrawals, and establishing a legal framework to fully support asset seizure and recovery.

 

Our on-chain analysis of fraud and scam cases in Japan

 

While it is difficult to track off-chain money laundering at scale, we can track the flow of funds when our clients alert us to the activity and provide the addresses and transactions involved, as we did last year. As we continue to work closely with our clients and partners in Japan to strengthen our data, especially on off-chain money laundering activities, we can also analyze the fraud and scams involving cryptocurrencies in Japan.

 

Here are the total receipt values ​​for clusters reported as fraudulent accounts and scams in 2023 and 2024 (as of June).

 

Reported as fraud (non-crypto native) (Total value received from Japanese exchanges) – USD

 

Reported as Scams (Total Value Received from Japanese Exchanges) - USD

 

As always, we must caution that these figures are lower-end estimates, especially for off-chain crime, as many scams and frauds go unreported.

 

Nonetheless, these campaigns all share a common pattern: the use of consolidated wallets. While the initial addresses that receive funds directly from exchanges are distributed and ephemeral, funds from these addresses are ultimately sent to a much smaller number of private wallets and/or deposit addresses on exchanges.

 

 

When we narrowed down the cases involving ETH, we found that integrated wallets often used decentralized exchanges (DEX) or bridges to convert ETH to USDT.

 

 

How to read this graph:

 

– Blue: Funds flowed from Japanese exchanges to suspected scam addresses

– Red: Funds from the initial address to the first consolidation point

– Green: funds from the first integration point to the second integration point

– Purple: Funds from the second integration point to the DEX (ETH<->USDT)

 

Given how quickly money launderers use new wallet addresses, it is not easy to track them individually in real time, but we can still identify common integration points from the clusters we have identified to estimate the scale of these illegal activities. In this case, we estimated the amount of potential illegal funds associated with the Japanese case by following the following process:

 

  • Tracking funds that have been attributed to illegal clusters in Japan to find integration points;

  • At the merge point, the received exposure amounts from the Japanese tag cluster and the Japanese exchange cluster are aggregated.

 

Here’s what we found:

 

Estimated value of non-cryptocurrency native money laundering activity – USD

 

Estimated value of fraud in Japan – USD

 

As mentioned earlier, these estimates are consistent with those published by the Japanese authorities.

 

The changes in money laundering tactics we have seen from a wide range of threat actors remind us that the most sophisticated illicit actors are constantly adapting their money laundering tactics and leveraging new crypto services. By studying these new on-chain money laundering methods and patterns, and learning how to disrupt them, law enforcement and compliance teams can be more effective.