New research shows that decentralised finance (DeFi) protocols are becoming an increasingly significant route for money launderers, according to international law form Pinsent Masons in a briefing note on 4 February.
Cybercriminals laundered $8.6bn worth of cryptocurrency in 2021, a figure that represents a 30% increase on the previous year. Centralised exchanges are still the favourite conduit for sending and receiving illicit cryptocurrency, receiving 47% of funds sent by addresses linked to crimes last year.
But it is DeFi protocols that are experiencing the boom in money laundering activity.
DeFi protocols offer financial instruments on the blockchain without relying on intermediaries like banks and have previously been identified as a key area of growth for cryptocurrency criminality in general. Approximately $2.2bn worth of cryptocurrency was embezzled from DeFi protocols in 2021, representing 72% of all cryptocurrency theft in 2021.
Data provider Chainalysis has also reported a 1,964% year-over-year increase in the total value of cryptocurrency laundered through DeFi protocols, reaching a total of $900 million in 2021.
And these figures only account for funds generated through cryptocurrency-based crime, such as darknet market sales and ransomware attacks.
The true figure for DeFi money laundering activity, incorporating profits made from ‘offline' crimes like drug trafficking that are then converted into cryptocurrency, is likely to be far higher.
Money laundering involving cryptocurrencies is, in itself, nothing new. It still involves placing ill-gotten funds into the financial eco-system, which crypto exchanges are now a part of, before transferring the money to obscure its origin. The process is meant to allow criminals to use the funds without it alerting the attention of the authorities.
There are, however, some important distinctions between traditional and cryptocurrency-based money laundering.
Cryptocurrency can provide added anonymity for cybercriminals, and the majority of crypto exchanges and virtual asset service providers (VASPs) currently operate with significantly less regulatory scrutiny and can be used to circumvent international borders.
But while cryptocurrency may provide some advantages over traditional methods of money laundering, the technology is also publicly recorded and publicly accessible - making each and every transaction traceable.
Because of this, cybercriminals are increasingly turning to mechanisms that can further obscure the origin of their cryptocurrency funds. One such method involves joining a ‘mining pool', where cryptocurrency miners pool their resources and share their processing power to split the reward of finding a blockchain block. Money launderers can also use bitcoin ‘mixers', which obfuscate the data that links an individual to a bitcoin transfer.
Last year the US Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Suex and Chatex, two DeFi ‘gateway services' that regularly laundered funds from ransomware operators, scammers, and other cybercriminals.
Despite this, inconsistent and unaligned cross-border regulatory guidance has been identified as the top regulatory concern for the cryptoasset industry, according to a 2021 survey of Global Digital Finance's members.
In the UK, authorities' response to cryptocurrency money laundering has been informed by the Proceeds of Crime Act (POCA). Although its three central offences - the concealing offence, the arranging offence and the acquisition or use offence - are clear, POCA was drafted in in 2002, when cryptocurrency was clearly not at the forefront of lawmakers' minds.
All businesses that conduct cryptoasset activities in the UK are, however, required to be registered with the Financial Conduct Authority, in line with a 2019 update to the Money Laundering Regulations.
Regulators and law enforcement agencies are certain to evolve the playbooks they use to identify not just the proceeds of crime, which are subject to seizure, but also any individuals or entities involved in illicit dealings who may have had ‘reasonable cause to suspect' that funds were tainted.
Organisations that deal with cryptocurrencies need to ensure their financial crime framework is reviewed and updated to account for the risks associated with cryptocurrencies.
Blockchain analytical tools can assist organisations that accept payments or transfers in cryptocurrencies to trace the origins of the funds - including if there are any links to addresses associated with illicit activity. Additionally, firms can leverage digital identification tools to assess customer transactions against the customer profiles.