Almost Half of All Crypto May be 'Dirty'

Author: Jan Santiago

August 29, 2023

It is almost dogma on Twitter that "just" 0.15% of cryptocurrency is used in criminal activity. This is in reference to Chainalysis' annual Crypto Crime Report for 2021. For 2022 the reported percentage rose to still "just" 0.24% of all cryptocurrency transactions of that year, amounting to $20.6 billion. The normal use case of this statistic in public is as if all 99.76% of crypto transactions is legitimate and economically positive.

Chainalysis' statistic certainly does not match the public perception of cryptocurrency as being riddled with fraud and crime. What's with the jarring disconnect between public perception and the 0.15% or 0.24% numbers, which often get spun into soundbites and truism about crypto?

A Conservative Case for the Minimum Rate

Chainalysis formed its estimates based only on illicit cryptocurrency addresses known to it. Its numbers would necessarily be the conservative minimum, as it only counted addresses that it accepts to be from criminal activity. Cases that are unreported, undetected and with insufficient proof of criminality weren't counted. Since Chainalysis gets its data mostly from its clients among law enforcement and crypto institutions, their dataset might rather reflect their clients' priorities. Case-building of multimillion-dollar hacks, sanctioned entities, and business ransomwares would likely to be more complete compared to petty cryptocurrency crimes. If the following is any indication, 43% of illicit transaction estimate by Chainalysis for 2022 are transactions from OFAC-sanctioned entities – priorities of US national security and foreign policy.

The average netizen hardly cares about OFAC. But he/she is vastly more exposed to petty crypto-scammers and criminals online, in addition to unending news of crypto frauds and hacks. These form the basis of public perception, which affects public policy downstream.

Chainalysis researchers are open about being conservative when labeling which transactions are criminal [1]. Chainalysis always insists on screenshots and a lot of supporting data before blacklisting any crypto address. On principle, it is akin to only counting cases where there are identifiable witnesses or victims who could testify in a court of law. It is not a wrong approach, and it is an understandable approach. Chainalysis' core business is in providing law enforcement the most accurate data to conduct investigations and not make reputation-damaging mistakes. But that standard is inappropriate for the purpose that their statistic is being used for in the public.

It wouldn't matter if Chainalysis only missed the mark by a few half-percent. As the below can illustrate, there are rather many, many more universe of possibilities that Chainalysis underestimated crime on the blockchain by many, many fold.

The Scale of Pig Butchering

Take romance and investment scam victims, notoriously too embarrassed to report their victimhood. The bigger the loss the more painful the reporting. This writer has had the experience having to push and teach US immigrant pig butchering scam victims to (please) report their losses somewhere official, and individual losses are in the $100,000 range. If a tree fell in the forest with no one to hear it, does it make a sound?

To give an idea of the scale of the crypto scams in the real world, consider that the US FBI reported that $3.3 billion has been lost to cyber investment scams in 2022, mostly with pig butchering scams [2]. US Deputy Prosecutor Erin West, who has become the tip of the spear of US law enforcement efforts against pig butchering scams, has been vocal in her opinion that the true losses to pig butchering scams could at least be 3 times more – $9.9 billion [3]. We are mostly talking about US statistics, and pig butchering scams have been a massive plague also in Japan, Korea, Australia, and in European and Southeast Asian countries. In contrast, Chainalysis only reports that total crypto scams, including pig butchering scams, "fell" to $5.9 billion in 2022. Fascinating.

Criminal Activity Off-chain but Still Involving Crypto Aren’t Counted

The crypto schemes you heard of don't count

Chainalysis did not include the epic collapses of mega crypto entities like FTX ($8 billion in real, fiat money missing), Celsius ($4.7 billion lost), Three Arrows Capital ($3 billion lost), among others. When Terraform Labs of the infamous US Terra coin collapsed, $45 billion in total market cap (a nebulous idea [4]) vaporized. They were excluded because those schemes did not occur on-chain, Chainalysis argues. That is, they mostly exist as (criminally) reckless borrowing and fraudulent accounting. Unsanctioned use of other people’s money, like buying swanky apartments, are done off-chain, strictly speaking. Never mind, if you will, that their victims believed that they were doing crypto investments.

The founders of the above collapses may argue that their ventures were simply failed but honest investments. Only after many long years may the courts determine that much if not the entirety of those crypto enterprises was fraudulent, and even convict their founders as criminals. When that comes, should those billions of US dollars' worth of cryptocurrency that went into, through and from those crypto entities be put under the 'criminal' and 'illicit' side of the crypto ledger?

Don't ask, don't tell

Crypto transactions can be illicit and criminal by their origin off-chain. Drug sales, arms sales, child exploitation sites, kidnapping ransoms, illegal online gambling etc., require someone reporting them as such and making it to the right database. The shame and stigma of being a victim of romance / investment scams won't be belabored here. Even if reported, local police generally don't bother with them, let alone properly document them with all the crypto addresses and TXIDs. In any case, individual cases are likely a magnitude or two more than what police can have time to investigate or document (or care[5]).

Pig butchering scam is not just a rich country disease. Losses in developing countries may not be as not eye-catching in USD terms but are no less substantial in number of victims or impact. This author has encountered numerous victims from Malaysia to the Philippines [6], some of whom had to sell their houses or cars, or go into debt [7]. There are little data on how much, because police there don’t keep track of crypto crimes, as far as I know. They presumably have even much less resources and know-how than ‘developed’ countries on what to do with crypto crimes.

Then there are illicit transactions that are hardly reported because they are rather 'victim-less' — victimization is indirect. Good (bad) examples are tax evasion, bribing, stashing of proceeds of offline crime, and payments between criminals. In Southeast Asia, ransom payments for human trafficking victims of pig butchering scam gangs do not get reported. Reportedly, Chinese scam company owners in Myanmar trust only storing their cash loot back into crypto on their ImToken wallets. In transactions between criminals, mostly with money they shouldn't have, obviously neither party would self-report.

Exchange volumes are dark matter

Cryptocurrency transactions between accounts of the same cryptocurrency exchange are not visible on-chain. They become an internal accounting matter only known to that exchange. There are early cases of pig butchering scam victims sending crypto to scammers using the same exchange. Additionally, almost 10 times more cryptocurrency trades occur inside exchanges [8]. Money laundering disguised as trades inside exchanges wouldn't be visible on-chain.

The Denominator is Grossly Inflated

Chainalysis also did not include in their $20.6 billion estimate for crypto crimes in 2022 the $23.8 billion of money laundering they detected. While Chainalysis says that it tries to only count meaningful economic activity (value actually changing hands) when analyzing money laundering [9], they were not applying the same treatment to the vast number of non-suspect transactions. This may well be inflating the total cryptocurrency transaction volumes being compared to, the denominator to the 0.24%.

Trading a wash

For one, cryptocurrency activity is rife with wash trading, the practice of self-dealing, self-trading and carrying out of circular transfers, to create the appearance of bustling activity with a particular token or exchange to entice investors. It can get very elaborate, with millions of dollars moving around in a large circular direction through multiple addresses [10]. A study reported that up to 70% of transaction volumes in the biggest exchanges is just hot air [11] . The US SEC accuses Binance.US of precisely that, in addition to market manipulation and trading against their customers. Hell, even one study concluded that 90% of Bitcoin transactions is not economically meaningful and mostly transfers over long chains [12].

I will dedicate more attention to a potentially under-appreciated bloat in estimating transaction volume on blockchains that operate on the UTXO model, like Bitcoin. This bias may be more operative when counting "normal" transactions than with money laundering.

Bitcoin change addresses are confusing, 8 times

Some basic terminology first:

  • Cryptocurrency address - a string of letters and characters where you send crypto to.
  • Cryptocurrency wallet - the software generating and managing for you a collection of cryptocurrency addresses that you control.

That's all for now.

In cryptocurrencies like Bitcoin that function on the UTXO or Unspent Transaction Output model, a Bitcoin wallet software contains (keeps a list of) Bitcoin addresses that have received Bitcoin before. These are considered "unspent transactions". When a user spends Bitcoin, the wallet software spends a number of unspent transaction outputs or UTXOs (i.e., non-empty addresses) it controls, to cover the desired amount. Most likely, the wallet will overshoot and spend more than the required amount. It is rare that the amount to spend is the precise value of sums of individual UTXOs.

Amounts over the desired value are sent back to the spender as change to new addresses generated by his/her wallet. This is akin to wanting to spend $25, but you only have a $20 bill and a $10 bill in your wallet. You give both bills to the cashier, and the cashier gives you back a $5 bill as change. You put $5 back into your wallet. (Yes, UTXO sounds needlessly convoluted, but it is what it is for design and privacy reasons. The account model of Ethereum is more intuitive.)

A Bitcoin wallet software automatically handles the juggling of the UTXOs. Unless a wallet owner determines the content of each UTXO in his/her wallet and deliberately spends the exact value of individual UTXOs in his/her wallet, his/her Bitcoin transactions will almost always generate change.  A well-worn Bitcoin wallet may well have many odd UTXOs containing like 0.3482 BTC, 1.342 BTC, 0.0245 BTC, 0.000563 BTC, etc.

You might see how this complicates the tracing of Bitcoin. A Bitcoin transaction will typically list multiple input and output transactions. One mostly infers which of the receiving addresses belong to the intended recipient, and which ones are just change addresses belonging to the original sender. When looking up a conventional use case scenarios of Bitcoin on blockchain explorers, like someone purchasing a good or trading in Bitcoin, only part of the total transaction amount seen is the actual transfer of value from one Bitcoin holder to another. The rest of the Bitcoin is sent to change addresses and has no change in ownership.

 

Example of a Bitcoin transaction, using Blockchain.com explorer, showing input (left column) and output UTXOs (right column)

Another example, using Bitquery explorer, which labels which output transactions are likely to change address.

In the case of money launderers, since they use many addresses merely as pass-through, they typically send all the BTC they control at that point in time. That is, the entire transaction is the entire amount they want to move. Change addresses aren't generated as much.

Hence transaction volumes of regular Bitcoin users will be inflated by Bitcoin just going back as change, while in money laundering, all the volume can be taken at face value, minus transaction fees. Chainalysis scientists of course know about change addresses. Any blockchain tracing software worth their server space has algorithms to take change into account. However, I doubt those are being applied to the vast majority of transactions not under investigation. Likely, their transaction volumes are just taken at face value when finding the total transaction volumes for a given year as the denominator.

This is how the denominator, the total transaction volume for a given year, gets bigger. How big? Researchers that examined this question reports that the UTXO bias inflates estimations of Bitcoin transaction volumes by 8-fold [13].

What is the Game?

Chainalysis' approach is quite conservative, doesn’t count all criminal activity that involves crypto, and the denominator used is too much inflated. Saying that anywhere between 0.24% to 50% or higher of crypto transactions in 2022 is illicit is still consistent with Chainalysis' data. After all, their estimate is the conservative minimum, and evidences on the amount of legitimate transactions were not detailed. (Chainalysis covers that in another report, The Geography of Cryptocurrency.) It would be more appropriate for Chainalysis to give a range – a minimum and a maximum. A report on crypto that sounds fishy to the public will only hurt public trust and mass adoption of crypto.

To give credit, the Chainalysis report is quite transparent with its caveats. Its authors "stress that this is a lower bound estimate". They do revise their estimates when more criminal addresses become available to them. They have for example later revised their 2021 estimates of total crypto crime from 0.15% to 0.22%, representing a change from $14 billion to $18 billion. Furthermore, they admit their figure "doesn't capture proceeds from non-crypto native crime." (See above)

All this modesty, however, doesn't make it to news headlines and crypto puff pieces. Everyone has agendas, in the end. Even Chainalysis' own Crypto Myth Busting Report, written to encourage more use of crypto, disputed the "myth" of cryptocurrency being mostly used for crime, by saying that "just" 0.24% of crypto is illicit, without mentioning any of the serious caveats.

Imagine crossing a stream by foot, but the depth you're told is actually just the minimum depth. Imagine making decisions on how much to budget for crypto departments and supervision, based on misleading underestimates of crypto crime. More likely, you will hear Chainalysis' statistic if you are a policymaker urged to vote for crypto-friendly regulations.

The Glass is Half Empty

Here is one way a maximum could be calculated. Chainalysis looked at all the illicit and criminal crypto transactions they recognize and compared them to the year's total transaction volumes. One could instead try quantifying all the transactions demonstrably made by law-abiding citizens for legitimate purposes, then compare that to total transaction volumes. While more work, this approach shouldn't be any less valid. In the most optimistic scenario, say that we managed to positively identify 54% of cryptocurrency activity as demonstrably made by law-abiding citizens for legitimate purposes. (One study did estimate that 46% of Bitcoin transactions are illicit, the maximum estimate of crime any one study has found [14].) Like Chainalysis, we don't scrutinize the rest of the transactions to remove fat. So, a headline by CoinDesk could be:

JUST 54% OF CRYPTO IS CLEAN

 

This article was published in collaboration with The Coin Dryer.

 

References:

[1] How Big Is Crypto Crime, Really? (coindesk.com)

[2] ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED

[3] California prosecutor Erin West on the massive wealth transfer to Southeast Asia from a crypto scam called 'pig butchering' | CyberScoop

[4] The meaning of market capitalization is nebulous, to the point of meaninglessness. Crudely, market cap is calculated by multiplying a token's current market price by the total number of tokens. Imagine though if most of their owners sell most of their tokens. Of course, they won't. The token's price would quickly be worthless. Consider also that a large portion of tokens in most crypto projects are locked up in the projects' treasuries. Releasing them will ironically sink the market cap.

[5] "Crypto is not real; it's air," the police told me (globalantiscam.org)

[6] https://www.cosmo.ph/relationships/online-dating-pig-butchering-sa-zhu-pan-scam-a1213-a1213-20211101-lfrm

[7] Statistics of crypto-romance / pig-butchering scam (globalantiscam.org)

[8] Decrypting New Age International Capital Flows | NBER

[9] 3 Misconceptions about Cryptocurrency Crime Estimates - (securitiesanalytics.com)

[10] https://medium.com/chainargos/stablecoin-mechanics-3-circle-of-life-216b94c3d162

[11] Crypto Wash Trading by Lin William Cong, Xi Li, Ke Tang, Yang Yang :: SSRN

[12] Blockchain Analysis of the Bitcoin Market | NBER

[13] Can Bitcoin be Trusted? Quantifying the economic value of blockchain transactions - ScienceDirect

[14] Sex, Drugs and Bitcoin: How Much Illegal Activity is Financed Through Cryptocurrencies?| University of Technology Sydney (uts.edu.au)

Report a Scam!

Have you fallen for a hoax, bought a fake product? Report the site and warn others!

Help & Info

Popular Stories

As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu

So the worst has come to pass - you realise you parted with your money too fast, and the site you used was a scam - what now? Well first of all, don’t despair!! If you think you have been scammed, the first port of call when having an issue is to simply ask for a refund. This is the first and easiest step to determine whether you are dealing with a genuine company or scammers. Sadly, getting your money back from a scammer is not as simple as just asking.  If you are indeed dealing with scammers, the procedure (and chance) of getting your money back varies depending on the payment method you used. PayPal Debit card/Credit card Bank transfer Wire transfer Google Pay Bitcoin PayPal If you used PayPal, you have a strong chance of getting your money back if you were scammed. On their website, you can file a dispute within 180 calendar days of your purchase. Conditions to file a dispute: The simplest situation is that you ordered from an online store and it has not arrived. In this case this is what PayPal states: "If your order never shows up and the seller can't provide proof of shipment or delivery, you'll get a full refund. It's that simple." The scammer has sent you a completely different item. For example, you ordered a PlayStation 4, but instead received only a Playstation controller.  The condition of the item was misrepresented on the product page. This could be the