Crypto-assets and the Financing of the Criminal Economy: Dangerous Liaisons?

Cryptocurrencies are a virtual haven. Initially confined to a small circle of experts (coders, miners), the use of these crypto-assets quickly became “a new breeding ground for money laundering” (Clément and Lelieur 2021). This development is explained by the inherent characteristics of these new instruments of exchange and speculation, notably pseudonymity (the protection of users’ identities through cryptographic keys), their near-global accessibility, the speed of transactions, and low transaction costs. In 2023, the company dedicated to Bitcoin tracing activities estimated the total value received by crypto-asset addresses involved in illicit activities[1] to be $24.2 billion[2]. Their use has enabled criminals to explore new opportunities, including as a means of payment on the dark web (child sexual abuse material, ransomware), in the implementation of criminal schemes (scams and stolen funds), money laundering and tax fraud, as well as the financing of criminal and terrorist organisations.

A facilitated means of laundering

Various tools and techniques enhance the confidentiality of transactions in crypto-assets, thus complicating the tracing of financial flows. Among these are:

• Privacy-focused crypto-assets such as Monero (XMR), Dash (DASH), and ZCash (ZEC). These incorporate by design advanced privacy features that make transaction tracing particularly difficult. These “privacy coins” use techniques such as ring signatures, confidential transactions, and stealth addresses to conceal the origin, amount, and destination of funds. The share of leading pseudonymised (Monero) or semi-pseudonymised cryptocurrencies (Dash and ZCash) in circulation on Binance in 2018 is estimated at USD 42 billion, i.e. 8.8% of the total in circulation (see graph).

Volume in circulation in billions of dollars in 2018 on Binance.

Anonymisation protocols such as CoinJoin, which group transactions from multiple users into a single larger transaction, thereby making it more difficult to identify links between inputs and outputs. This technique has the advantage of anonymising flows for crypto-asset transactions which, like Bitcoin, do not integrate advanced privacy features by design. The share of Bitcoin transactions carried out using the CoinJoin protocol stood between 2% and 7.5% between 2011 and 2018. All of these Bitcoin transactions are anonymous and may – or may not – originate from fraudulent sources.

Share of Bitcoin transactions carried out using the CoinJoin protocol (late 2011 – early 2018)

Sources: zkSNACKs, the company behind the Wasabi Wallet.

Instant exchangers, which do not require Know Your Customer (KYC) identity verification, also provide a conducive environment for anonymous transactions.

A means of payment on the dark web: Silk Road and beyond

Crypto-assets, particularly Bitcoin, have found a notable application as a means of payment on the dark web. The 2013 closure of Silk Road by the FBI—one of the first platforms to use Bitcoin as a means of payment for criminal activities—alerted authorities to the possibilities offered by these new payment methods. A year later, in 2014, the Financial Action Task Force (FATF), an international body dedicated to combating money laundering and terrorist financing, organised its first summit devoted to the risks associated with crypto-assets in the field of anti-money laundering and counter-terrorist financing (AML/CTF). Despite growing awareness among authorities, the use of crypto-assets as a means of illegal payment persists and has expanded to other areas of criminality: by 2021, 60% of ransomware demanded payment in crypto-assets. Thus, in 2023, ransom payments experienced a significant resurgence, exceeding one billion dollars globally (Chainalysis 2024). This increase is attributed to the development of increasingly sophisticated ransomware and the emergence of specialised criminal groups (LockBit, ALPHV/BlackCat) who do not hesitate to target victims (public sector bodies in healthcare or education) likely to pay ransoms quickly to recover their data.

Crypto-assets: a tool for implementing criminal schemes

In 2023, the landscape of crypto-asset-related crime evolved noticeably (Chainalysis, 2024). Although crypto-asset platforms have succeeded in better protecting funds—with a decrease of more than 50% in stolen amounts—the number of hacking attempts paradoxically increased, showing that the threat remains very real. In May 2024, for instance, Japanese exchange platform DMM Bitcoin suffered a major security breach resulting in the theft of approximately $305 million in Bitcoin.

In the area of scams, a similar trend can be observed. Although total revenue generated by scams has decreased, certain specific forms—such as “approval phishing” scams and romance scams—have gained prominence. Approval phishing scams primarily target popular ERC-20 tokens on Ethereum, which require approval to interact with smart contracts.

Terrorist financing: a persistent threat

The amounts involved in terrorist financing through cryptocurrencies remain relatively low compared with traditional funding methods (cash donations, transfers via informal banking systems), notably due to the difficulties donors face in anonymising transactions. Crypto-assets offer several advantages: they enable fundraising on a global scale, the transfer of funds to remote areas where conventional banking systems are inoperative, and the discreet acquisition of weapons, communications equipment, or other illicit resources. In October 2024, the US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Abd al-Muhsin Abdallah Ibrahim al-Sharikh, an individual based in Syria who provided financial support to Hayet Tahrir al-Sham (HTS), a terrorist organisation. Al-Sharikh collected donations from sympathisers via social media and encrypted messaging platforms, then used decentralised exchange platforms (DEXs) and mixing services to obscure the origin and destination of funds. He subsequently converted the cryptocurrencies into cash and channelled them to HTS through traditional illicit financing networks. This OFAC action highlights the ongoing threat of terrorist financing via cryptocurrencies and the need for increased vigilance and cooperation between the public and private sectors to counter such activities.

Challenges and outlook for tackling crypto-related crime

The European Union (EU) has introduced the MiCA (Markets in Crypto-Assets) regulation, which represents significant progress by requiring greater transparency from crypto-asset platforms. This regulation directly addresses anonymisation processes by imposing Know Your Customer (KYC) and Customer Due Diligence (CDD) requirements on crypto-asset service providers. These measures aim to make it harder to use cryptocurrencies for criminal purposes by requiring platforms to verify users’ identities and report suspicious transactions.

Alongside these national and regional initiatives, organisations such as Interpol and Europol play a key role in international cooperation. Interpol facilitates the exchange of information and coordination of investigations among law enforcement agencies worldwide, while Europol supports EU Member States in combating organised and cybercrime by providing technical and operational expertise to track down criminals attempting to exploit crypto-assets.

---

^[1] Let us recall that a financial flow may be classified as illicit based on its origin (source), the method used to transfer it across a border (channel), or its final use.

^[2]  The 2024 CryptoCrime Report, The latest trends in ransomware, scams, hacking, and more, Chainalysis, february 2024,