Threat Management, Threat Management

DeFi thefts beget DeFi for money laundering

Cage Chen speaks with an attendee at the Cook Finance booth during the DCentral Miami Conference at the Miami Airport Convention Centre on Nov. 30, 2021, in Miami. (Photo by Joe Raedle/Getty Images)
Cage Chen speaks with an attendee at the Cook Finance booth during the DCentral Miami Conference at the Miami Airport Convention Center on Nov. 30, 2021 in Miami. (Photo by Joe Raedle/Getty Images)

The amount of cryptocurrency transferred from illicit wallets to decentralized finance (DeFi) services spiked 1,964% between 2020 and 2021, with 2021 becoming the first year since 2018 where cryptocurrency exchanges were not the destination for more than half of transactions from cybercriminals, according to a preview of an upcoming annual report from Chainalysis.

"I think that we've been lucky enough to be able to identify a theme for each year in our reports that's really captured the heart of what was that changed. Last year, it was the year of ransomware. The year before that it was the year of the scam. And I think this year is the year of DeFi coming into criminal activity — not only in the sense that DeFi protocols are being hacked, but also the way criminals are utilizing DeFi protocols to launder money," said Kim Grauer, Chainalysis director of research.

Chainalysis provides advanced tracking of cryptocurrency flows from wallets associated with crime, used by law enforcement and other interested parties. Per their upcoming report, Chainalysis saw $8.6 billion in cryptocurrency transferred from illicit wallets to services in 2021; $900 million went to DeFi.

The funds most likely sent to DeFi, counterintuitive enough, came from the same criminals stealing from DeFi. When online criminals who specialize in direct theft of cryptocurrency send money to be laundered, just under half of it goes to DeFi systems. Stolen fund wallets sent $750 million to DeFi to be laundered, $5 out of every $6 using DeFi for laundering.

Graph and data: Chainalysis

Most types of criminals did not send an appreciable amount to DeFi, with centralized and high-risk exchanges and mixers generally being popular across other criminal enterprises.

DeFi theft has increased over the past year, with several thefts taking place of tens to hundreds of millions of dollars worth of tokens. On Thursday, for example, hackers took Qubit Bridge for $80 million based on vulnerabilities in Qubit's code.

The theft may be leading to a need to use DeFi networks as a starting point to legitimize wealth as criminals are forced to find quick ways to exchange obscure tokens for more liquid cryptocurrency assets.

"One of the fastest things is going to a liquidity pool where you can just quickly swap those tokens into maybe Ether or something that then some mainstream exchange is more likely to convert," said Grauer.

North Korean hackers linked to more than $400 million in cryptocurrency theft were particularly likely to use DeFi for laundering, according to the report.

Bauer believes that the major message of the upcoming report is not in the nitty-gritty of where funds were specifically likely to go. Instead, she said, the most important takeaway is that cryptocurrency-based money laundering can be easier to track than fiat currency, despite the perception of anonymity.

Anti-money laundering oversight kicks in at a bank when transactions meet a minimum size. Launderers can operate with lower dollar amounts to try and avoid those issues, and keep funds as physical currency to keep bank balances low. Cryptocurrency transactions of all sizes are public, and all its currency exists on the blockchain.

More criminals operating in the physical world are trying to use cryptocurrency for laundering, she noted.

"It is good news for law enforcement," she said.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.