Cryptocurrency Fraud Update

A little while ago, we discussed data theft and fraud within the world of cryptocurrency. Read our previous blog post for a refresher. Blockchain analytics company, Chainanalysis, recently published its 2024 crypto crime report. Let’s review the current state of affairs:

Based on already identified illicit crypto wallets, Chainanalysis found that, in 2023, $24.2 billion was received by illicit addresses—cryptocurrency wallet addresses connected to illegal activity. However, the amount of funds received by illicit addresses is likely much higher because it does not include funds sent to addresses that have not yet been identified as illicit, funds derived from non-crypto native crime, or funds associated with crypto platforms accused, but not convicted of fraud. While this figure is lower than the amount received by illicit addresses in 2022, Chainanalysis found that a much higher proportion of the funds were attributed to sanctioned entities, accounting for approximately 61.5% of the total illicit transaction volume in 2023. Most of this total is driven by cryptocurrency services that were sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), or are in sanctioned jurisdictions, and can continue to operate because they are in jurisdictions where U.S. sanctions are not enforced. The explanation for this is simple, as sanctioned entities are cut off from traditional financial systems they resort to alternative mechanisms to store, send, and receive funds.

Two examples of such sanctioned entities were “crypto mixer”[1], Tornado Cash, and Russia-based crypto exchange, Garantex. In August 2022, OFAC sanctioned Tornado Cash, which has been used to launder more than $7 billion worth of cryptocurrency since its creation in 2019. This figure includes over $455 million stolen by the Lazarus Group, a Democratic People’s Republic of North Korea state-sponsored hacking group that was sanctioned by the U.S. in 2019. Nonetheless, since its designation, Tornado Cash received a total of $822 million in cryptocurrency.

Due to the decentralized nature of its operations, Tornado Cash cannot physically be shut down and its activities cannot be stopped easily, though its inflow substantially diminished after its designation. Another issue is the quick replacement of these crypto mixers once an OFAC designation takes place. Almost immediately after Tornado Cash’s designation, crypto mixer Sinbad became the preferred mixer for North Korea-affiliated hackers. In November 2023, OFAC sanctioned Sinbad and mixer YoMix has since acted as a replacement. This highlights the challenge of enforcing sanctions on decentralized entities and the need for regulation in the decentralized finance or “DeFi” ecosystem.

[1] A “crypto mixer” is a service that mixes potentially identifiable or “tainted” cryptocurrency funds with others in an effort to obscure the original source of the funds.

Similarly, Garantex was sanctioned by OFAC in April 2022 for its affiliation with illicit actors yet continues to receive crypto as it is within a region that does not comply with OFAC sanctions. In fact, Garantex operates out of Federation Tower at the heart of Moscow’s International Business Center. Garantex’s continued activities introduces serious sanctions risks for compliant crypto platforms that may be exposed to Garantex. As a result, they need to be vigilant and screen for possible exposure to Garantex in order to remain compliant.

Chainanalysis further found that so-called “approval phishing”, often with romance scam tactics, stand out as threats. “Approval phishing” scams are a form of crypto scam in which attackers try to deceive individuals into authorizing a harmful blockchain transaction, granting permission for their address to use certain tokens within the victim’s wallet. In last year’s report, Chainanalysis identified $5.9 billion in scamming revenue.

That estimate has since increased to $6.5 billion. Romance scams also frequently known as “pig butchering” scams, in particular, grew significantly in 2023, more than doubling in revenue year-over-year, and activity growing 85 times since 2020. In a typical romance scam, fraudsters contact individuals and attempt to build relationships with them in order to trick them into sending them funds. Targeted Approval Phishing Scams (TAPS) involve scammers presenting phony investment opportunities to victims. They also involve scammers impersonating other individuals in order to trick victims into sending them cryptocurrency. The loss attributable to TAPS has also grown over the last two years, with at least $374 million suspected to have been stolen in 2023.

Prosecuting Scammers

In addition to OFAC sanctions to combat money laundering on crypto platforms, DOJ continues to investigate and prosecute individuals in connection with their activities on these platforms. In August 2023, the U.S. Attorney for the Southern District of New York unsealed an indictment charging Roman Storm and Roman Semenov with conspiracy to commit money laundering, conspiracy to commit sanctions violations, and conspiracy to operate an unlicensed money transmitting business in connection with their alleged creation, operation, and promotion of Tornado Cash. Storm was arrested on the same day in Washington and Semenov is believed to be in Dubai.

Moreover, in December 2023, the U.S. Attorney for the Central District of California unsealed an indictment against four individuals—Lu Zhang, Justin Walker, and Joseph Wong of California, and Hailong Zhu of Illinois—for their involvement in a “pig butchering” scam wherein they encountered victims on dating services, social media, or through unsolicited messages or calls, often masquerading as a wrong number. They formed relationships with their victims and slowly gained their trust, eventually introducing the idea of making a business investment using cryptocurrency. 

Once funds were sent by the victims to accounts controlled by the scammers, the fraudulent investment platforms would first show significant gains to induce the victims to make additional investments. Ultimately, “when the hogs are fattened and ready to be slaughtered” the scam would come to an end, and the victims would be unable to withdraw or recover their funds. They would lose their entire “investment”. Zhang, Walker, Wong, and Zhu were charged with conspiracy to commit money laundering, concealment money laundering, and international money laundering.

Mere days before the unsealing of this indictment, the U.S. Attorney for the Central District of California unsealed an additional superseding indictment charging David Gilbert Saffron, and Australian national, and Vincent Anthony Mazzotta Jr. of California with operating a cryptocurrency Ponzi scheme that defrauded victims of more than $25 million. The two men allegedly conspired to run a fraudulent scheme aimed at persuading victims to invest in different “trading programs”. These programs falsely claimed to utilize an artificial intelligence automated trading bot to manage victims’ investments in cryptocurrency markets, promising substantial profits.

Rather than investing victims’ funds in cryptocurrency, however, Saffron and Mazzotta allegedly misappropriated victims’ funds to pay for personal expenses including private chartered jet flights, luxury hotel accommodations, private mansion rentals, a personal chef, and private security guards. Saffron and Mazzotta are charged with conspiracy to commit wire fraud, wire fraud, conspiracy to obstruct justice, conspiracy to commit money laundering, and money laundering.

Conclusion

As I said in my previous blog post, cryptocurrency is not an untraceable, unseizable asset perfect for crime and OFAC’s and the U.S. Department of Justice’s increased efforts in sanctioning and prosecuting entities and individuals for their involvement in illicit activities on crypto platforms are prime examples of that fact. Nevertheless, and as usual, fraudsters will continue to find ways to make your valuable assets their valuable assets—may it be through scams directly related to cryptocurrency or non-crypto native crime where funds will ultimately make their way to crypto platforms.

If you or someone you know has been the victim of a crypto scam or some other form of scam, please contact us. We may be able to help.