Editor's Note: Criminals have long benefited from new technologies, and the current era of digitalization has been no exception. In the first two parts of this series on crime and technology we explored how criminals have adopted new technologies to communicate and coordinate activities, as well as establish new marketplaces online. Both have facilitated the expansion of traditional criminal activity, such as drug sales, as well as the emergence of entirely new criminal activities, such as hacker-for-hire services. In the third and final article of this series, we will explore how criminals have adopted new financial instruments to facilitate old and new criminal activities. As with new forms of communications and marketplaces, new financial tools present both opportunities and vulnerabilities to the criminals who adopt them. 

A cryptocurrency is a financial instrument that exists solely in digital form. Its original creators designed it as a system that allows people to send money quickly and easily to each other around the world, avoiding the fees, regulations and delays of transfers associated with traditional physical cash-based currencies. The underlying technology that made cryptocurrency possible is blockchain, a decentralized system for keeping accurate, secure digital records.

Cryptocurrency technology graduated from theory to practice in 2009 with the launch of Bitcoin, the most successful of the thousands of cryptocurrencies that have followed in its wake. A decade ago, cryptocurrencies were an untested novelty mostly for financial speculators and internet hobbyists. As of July 2021, however, the total market capitalization of all cryptocurrencies combined was $1.4 trillion, $635 billion of which is in Bitcoin, representing about half of the total cryptocurrency market by value. Since its inception, the value of a single bitcoin has risen from around $1 to over $30,000, making many of those early speculators and hobbyists millionaires in the process. Amid growth in the wider cryptocurrency market, Bitcoin's rise in value has made it a somewhat mainstream financial instrument, with financial institutions like Morgan Stanley and MasterCard incorporating Bitcoin into their services and offerings. 

How Criminals Use Cryptocurrency

Contrary to popular perception, criminal activity makes up a very small percentage of the cryptocurrency market. A recent report by the blockchain data analytics firm Chainalysis on criminal exploitation of cryptocurrencies estimated that only between 1-2% of transactions by volume were linked to criminal activity, representing nearly $30 billion in 2020. The United Nations estimates that global criminal activity amounts to $1.5 trillion to $4 trillion per year, so cryptocurrency makes up a small fraction of overall criminal financial activity. More conventional financial vehicles such as cash, real estate and luxury items remain the most popular options for criminals to conduct transactions and conceal illicit gains. Furthermore, as major cryptocurrencies like Bitcoin go mainstream and regulation of the cryptocurrency market increases, criminals cannot conduct cryptocurrency transactions with impunity. Even so, cryptocurrencies still offer immense opportunities for criminal exploitation. 

As noted in the first two parts of this series, cryptocurrencies have facilitated criminals' adoption of other technologies such as encrypted communications and online marketplaces. Criminals can use cryptocurrencies to complete transactions hammered out over encrypted messaging platforms, and online criminal marketplaces deal almost exclusively in cryptocurrencies. In short, these alternative currencies complement alternative communication platforms and marketplaces. Criminal uses for cryptocurrencies roughly break down into two different categories: conventional criminal activity, and new forms of criminal activity. 

Conventional Criminal Uses for Cryptocurrencies

The conventional criminal uses for cryptocurrencies include the purchase of illicit goods and services, money laundering and ransom payments. In these cases, cryptocurrencies either replace or supplement conventional financial instruments that have traditionally facilitated criminal activity. As noted in part two of this series, online criminal markets have broken the billion-dollar per year mark in transactions, a volume made possible by cryptocurrencies. Online criminal marketplaces account for the second-largest volume of criminal cryptocurrency transactions behind scams (something we will address later). Cryptocurrencies provide a degree of anonymity, are easy to transfer over international boundaries and mostly do not fall directly under government regulation, thereby making them essential to the operations of online criminal marketplaces. 

Cryptocurrencies have also facilitated money laundering by offering criminals an additional instrument to obscure illicit funds and move them around the world quickly and efficiently. As noted in a previous analysis on money laundering, cryptocurrencies alone are not sufficient, but when used in conjunction with traditional tactics such as structuring, fraudulent invoices and trade-based money laundering, they offer criminals a valuable tool. Criminals also appear to be increasingly adopting cryptocurrencies to facilitate money laundering, nearly tripling the estimated volume of bitcoin used in money laundering from $1 billion in 2018 to $2.8 billion in 2019 — and presumably more today, according to Chainalysis. 

The third conventional criminal activity that has embraced cryptocurrencies is ransom payments, specifically with the growth of cyber ransomware attacks in recent years. The perpetrators behind the recent high-profile ransomware attacks targeting Colonial Pipeline, JBS and Kaseya all demanded ransom payments in cryptocurrency. Colonial Pipeline and JBS ended up paying ransoms of $4.4 million and $11 million, respectively, in bitcoins, and it appears that at least some of the companies impacted in the Kaseya attack are negotiating payments in bitcoins or other cryptocurrencies to regain access to their networks. In the physical world, at least some kidnapping-for-ransom gangs appear to be transitioning to cryptocurrencies as well, with the first documented case of a kidnapping gang demanding a Bitcoin ransom occurring in Costa Rica in 2015. Since then, the practice has become more common, even though for now cash and physical assets remain the preferred medium for most conventional criminal activity. 

• December 2020 - A gang demanded 100 bitcoins (the equivalent of $2.3 million at the time) in ransom for the return of a local businessman's son in Bengaluru, India. 
• January 2020 - A gang in Thailand kidnapped and tortured a Singaporean businessman, demanding a ransom of $740,000, to be paid in bitcoins. 
• November 2018 - A Costa Rican kidnapping-for-ransom gang murdered an American online gambling organizer despite receiving nearly $1 million in bitcoins as ransom. 

New Criminal Activity Made Possible by Cryptocurrency

The most common form of criminal cryptocurrency transactions is scams, mostly related to speculative investment in new cryptocurrencies. Scams make up an estimated 73% of the $30 billion in annual criminal cryptocurrency activity, accounting for about $22 billion. Chinese authorities seized a cumulative $5.3 billion in cryptocurrencies and arrested dozens of people associated with the Plus Token and Wotoken Ponzi schemes in 2019 and 2020, respectively. Another common scam is a fraudulent initial coin offering (ICO) — or the launch of a new cryptocurrency. Fraudulent ICOs attract investors but then never actually launch the promised cryptocurrency. In June, the U.S. Securities and Exchange Commission charged three people with carrying out a $30 million ICO scam earlier in the year. The FBI and other national law enforcement agencies routinely issue warnings to cryptocurrency owners regarding scams and other fraudulent activity on exchanges. As cryptocurrencies continue to grow in number and value, more scams will exploit the hype surrounding cryptocurrencies, meaning that anyone who speculates in cryptocurrency should be well aware of the risk of being involved in such scams and factor it into their calculations when choosing to invest. 

Other, far less common, criminal activities involving cryptocurrency impact people without their consent or knowing participation. 

• Cryptojacking involves gaining unauthorized access to a computer in order to use the device's processing power to create more units of cryptocurrency. Currencies like Bitcoin are only able to operate by solving long, complicated calculations that ensure the integrity of the blockchain — the ledger of transactions over time. Such calculations require massive amounts of processing power but are rewarded with the payment of newly generated bitcoins in a process known as mining. A recent report from the BBC estimated that bitcoin mining consumes around 121 terawatt-hours per year — the equivalent of the annual electricity consumption of Argentina. While some people have invested thousands of dollars to build their own legitimate bitcoin mining operations, others have leveraged malware packages available for as little as $30 on online criminal markets to break into other people's devices and siphon off the processing power of their machines to mine for bitcoin. The process is essentially hijacking another's computer to create cryptocurrency, thus the name "cryptojacking." Since cryptojacking exploits only the processing power of someone's computer, it can run in the background for months or years without the owner noticing the breach. Cryptojacking campaigns typically distribute mining efforts over hundreds or thousands of devices, so the increased power consumption on a single machine is barely noticeable.
• Crypto wallet theft involves stealing the credentials to someone's cryptocurrency account and gaining control of its contents. Just as normal bank accounts rely on account numbers, PINs and passwords, cryptocurrency transactions rely on keys, or lines of code that allow users access to their cryptocurrency funds. If unauthorized individuals gain access to that key, they can transfer funds wherever they chose. Crypto wallets come in many forms, ranging from mobile apps to physical devices such as a USB drive. They are generally referred to as either being "hot," meaning connected to the internet, or "cold," meaning stored offline. Hot wallets tend to be more vulnerable because they can be compromised, but their internet connectivity makes them more convenient and user-friendly than the more secure, unconnected cold wallets. While physical wallets can be stolen just as any physical asset (and often are), they are less vulnerable to fraudulent crypto wallet apps or cyber hacks into legitimate apps that can compromise digital keys and the cryptocurrencies associated with them.
• Crypto-exchange hacks attack the online exchanges that facilitate the purchase, transfer and sale of cryptocurrencies. Cryptocurrency holders often hold their keys on hot wallets supported by these exchanges and, while major exchanges tend to invest in security to protect their investors' keys, like everything else online, they are still vulnerable. In November 2020, for example, the KuCoin exchange suffered a hack that saw an estimated $150 million stolen. Since most countries do not have a mechanism insuring cryptocurrency holdings similar to the U.S. Federal Deposit Insurance Corp.'s commitment to back up conventional bank accounts, once cryptocurrency is lost (whether through scam, theft or otherwise) it is up to the various actors involved to figure out how to remediate losses. In the case of KuCoin, they were able to arrange for the return of $126 million in stolen funds through a complex process unlikely to be replicable at scale, so there is no guarantee that the next exchange hack will be able to do anything remotely similar. And apart from the threat of hacks against legitimate crypto exchanges, as evidenced by the prevalence of scams in the cryptocurrency world, less reputable exchanges are even less likely to recover stolen assets — and their administrators might even work with hackers to defraud customers. 

How Cryptocurrencies Have Made Criminals Vulnerable to Detection

Just as with encrypted communications and online criminal marketplaces, the advantages of cryptocurrencies also come with risks to the criminals who use them. Some security experts even argue that police services have a better chance of catching illicit financial activity done through cryptocurrencies versus traditional financial vehicles because of the public nature of blockchain technology. Currencies such as Bitcoin function by adding each transaction to a publicly viewable ledger. And while the record does not specify the name of the individuals involved in the transaction, it does record an account number that can be linked to an individual with additional investigatory resources.

This is vastly different from the traditional financial sector, where transaction information is private and typically requires a warrant to view. So when, for example, criminal actors conduct a ransomware attack and demand a payment in cryptocurrency, they must provide a wallet number for the victim to direct the funds. That wallet number, and any other wallet numbers associated with it, are forever linked to criminal activity. Due to the public, open-source nature of the blockchain, anyone can conduct due diligence on an account; meanwhile, numerous websites, such as blockchain.com, provide live views of cryptocurrency transactions and the ability to search for previous transactions. The public nature of transactions at least partially explains how the FBI was able to recover $2.3 million of the $4.4 million ransom Colonial Pipeline paid to the criminal ransomware group, DarkSide, in June. 

Detecting illegal activity is one thing, but stopping it and rectifying the underlying crime is another. The FBI's seizure of bitcoins linked to the Colonial Pipeline attack was an exception — most cryptocurrency ransom payments are never recovered. Instead, the biggest weak point for criminal transactions involving cryptocurrency is converting it to cash and/or other physical assets, which online crypto exchanges play a large critical role in facilitating. Nearly all (99%) of cryptocurrency transactions involve an exchange, and governments around the world are increasingly regulating the exchanges that facilitate cryptocurrency markets in order to curtail illegal activity. Banks and other financial institutions have long been subject to penalties related to money laundering and terrorist financing; as previously noted, even though only a fraction of overall criminal activity involves cryptocurrencies, there is strong potential for growth that is increasingly of concern to financial regulators and legal authorities. Governments are using threats against cryptocurrency exchanges in an effort to get them to follow the same anti-money laundering laws and reporting requirements applied to traditional financial institutions, with some signs of success.

• July 2021 - The British Financial Conduct Authority officially identified Binance, one of the largest cryptocurrency exchanges in the world, as not being authorized to operate in the United Kingdom. While the virtual nature of exchanges (and the fact that Binance is based in the Cayman Islands) means that British citizens can still use Binance, the measure has hurt Binance's standing, especially as major banks such as Barclays and Santander blocked the exchange following the ruling. Many users have left Binance to join registered and regulated exchanges, such as Gemini, to reduce their risk. 
• June 2021 - As Binance faced legal challenges in the United Kingdom in June, it also worked with authorities in Ukraine to identify and eventually arrest members of a ransomware group using its exchange to facilitate criminal activity. 
• May-June 2021 - Several Chinese financial regulatory bodies outlawed cryptocurrency mining and trading and censors blocked social media accounts that reported on cryptocurrency trends, with more legal regulations and restrictions expected later this year. Meanwhile, China's Central Bank is working on rolling out its own state-backed cryptocurrency in part to block criminal exploitation of the technology.
• April 2021 - South Korea's Financial Services Commission threatened to shut down all 200 cryptocurrency exchanges operating in the country if they did not apply for licenses to operate as a Virtual Asset Service Provider, which would force them to adhere to anti-money laundering policies such as know your customer and filing suspicious activity reports. The deadline for application is September 2021, after which point unauthorized exchanges are at risk of restrictions. 
• April 2021 - Turkey placed restrictions on cryptocurrencies, resulting in the collapse of the Vebitcoin exchange after authorities shut down its domestic bank accounts and arrested four founders for supporting fraudulent activity. Authorities also issued an arrest warrant for the CEO of another exchange, Thodex, after he left the country with $2 billion in investors' funds. 

At the heart of regulation is the cultural division within the cryptocurrency-holder community between those who want to grow it into an even more mainstream financial vehicle versus those who want to keep the market small and alternative. As major banks increasingly offer cryptocurrency services, investment firms like BlackRock look to diversify portfolios by introducing cryptocurrency and even MasterCard offers credit services based in cryptocurrency, the value of currencies like Bitcoin has risen astronomically, benefiting those who invested early. But introducing more institutional involvement in cryptocurrency markets also introduces more scrutiny and regulations, since those companies are very much liable to regulations and penalties regarding criminal financial activity. As demonstrated in the British example above, government regulatory bodies may not be able to shut down cryptocurrency exchanges, but they can certainly hurt their bottom line by disincentivizing institutional relationships. For this reason, some cryptocurrency holders want to avoid the regulations that come with mainstream adoption in order to preserve cryptocurrencies' status as a truly alternative, parallel financial vehicle — even if it means less growth in the long run.

The Future of Crime and Cryptocurrencies

Similar to online criminal markets, new cryptocurrencies are launching on a daily basis that tweak algorithms and features to cater to an ever-changing market. One direction of development particularly relevant to criminal involvement in cryptocurrency is the growth in anonymity-enhanced coins (AECs), aka privacy coins. Unlike the majority of cryptocurrencies that list transactions on a publicly accessible ledger, AECs conceal the accounts involved in a transaction, making it more difficult to identify and track criminal activity. Ransomware groups such as REvil have been known to offer a discount to victims who pay ransoms in Monero, one of the more popular AECs within criminal circles. As of February, a major online criminal marketplace, White House Market, switched from dealing mainly in Bitcoin to exclusively using Monero to reduce the risk to its users. The FBI's partial recovery of the Colonial Pipeline ransom — facilitated in part by the traceability of major currencies like Bitcoin — could drive even more criminal actors to switch to lesser-known, but more discreet, cryptocurrencies. 

The challenge to criminals using Monero is that if it becomes synonymous with criminal activity, the exchanges that are already under increasing regulatory pressure from both national governments and institutional investors could place restrictions on dealing in Monero or other AECs. Such restrictions would make it harder for holders of Monero or other AECs to convert their holdings into physical assets such as cash, property or luxury goods, thereby complicating criminals' money laundering needs. Such restrictions could also decrease the overall value of AECs, thus creating an incentive for legitimate holders of cryptocurrencies to self-regulate and discourage criminal activity.

Nonetheless, despite looming regulations and the risks of being associated with criminal activity, cryptocurrencies will continue to play an important role in criminal finance, especially when it comes to online criminal activity. To be sure, as some cryptocurrencies go mainstream, the return on investment for attracting institutional investors will be well worth the sacrifice of unregulated financial activity, thereby making criminal activity more difficult. Even so, other cryptocurrencies will inevitably arise to meet demands for less transparency and more privacy, even if doing so means sacrificing market share and/or profits. This dynamic mirrors what we previously explored regarding encrypted communications apps and online marketplaces: Namely, even if many platforms seek to purge criminal activity, there will always be niche ones that arise to meet this demand. And as cryptocurrencies themselves become more widely accepted as legal tender, criminals may have less need to launder their illicitly acquired crypto funds into cash and/or other physical assets, thereby lessening their reliance on exchanges and their risk of detection.

As for the overall relationship between crime and technology, our series has shown that new technologies will allow criminals to conduct traditional activity with more efficiency and more profits, and open the door for entirely new criminal activities. The efficiencies and anonymity that new technologies afford criminal actors, however, also benefit law enforcement and regulatory bodies seeking to stop criminals. Whether it is intercepting supposedly secure messages, shutting down online criminal marketplaces or tracking criminal financial transactions, police have proven they can use technology against the criminals who adopt it. But as always, criminals' higher appetite for risk and willingness to find and exploit loopholes in the law means they will always be a step or two ahead of the state — and new technologies will help criminals maintain at least a short-term advantage.