Chainalysis, the on-chain analysis company based in New York, presented this morning the event “Links NYC 2024″, with a talk on crime fueled by the crypto world.
In particular, we talked about the issue concerning illicit drug trafficking and the emerging role of North Korea as a leading country in hacks and exploits in the web3 sector.
Let’s explore together the dark side of cryptocurrencies, and see how Chainalysis has been committed in recent years to combatting dishonest actors in this market.
Chainalysis and crime in the USA: fentanyl trade supported by crypto
At the event “Links NYC 2024“ sponsored by Chainalysis, it emerged that one of the use cases of crypto, although not the main ones, is still linked to the commission of crimes and illicit activities such as drug trafficking
According to a study by the “Centre for Disease Control and Prevention,” from 1999 to today, almost a million people in the United States have died from drug overdoses, of which about 69,000 in 2020 alone due to the intake of opioids such as fentanyl.
The trade of this type of drug in the USA territory mainly comes from countries like China and is massively funded using crypto, which helps to evade the sanctions imposed by the US federal government.
According to a report from the “Drug Enforcement Administration” (DEA), China is indeed the main producer of fentanyl precursor substances.
As reported by Chainalysis, Chinese cryptographic addresses responsible for this type of crime have received over $37.8 million in crypto between January 2018 and April 2023, with a peak in activity in 2020 and 2022.
However, if we also consider the different thousands of addresses associated with new chemical precursor stores (even outside of China) identified by the on-chain analysis company, we see how the updated data show total inflows amounting to 250 million dollars.
Going more into specifics, we can observe how the darknet markets have recorded a strong volume of money from June 2011 onwards, despite the significant decrease in inflows after the closures of the leading markets AlphaBay and Hansa.
The sale of fentanyl and other drugs then peaked after 2022, reaching a monthly volume of about 150 million dollars in crypto.
This trend of online crime has been emphasized especially by the sanctions of the US law enforcement in recent years, which have involved various foreign illicit actors in drug transactions.
Chainalysis contributes with its advanced techniques of on-chain monitoring to identify malicious actors who pollute the world of blockchain with financial crimes and illegitimate transactions.
Since 2015, the company has helped identify and label Chinese cryptographic addresses that have received over $98 million as payments for the sale of fentanyl precursor substances, greatly reducing the devastating impact on the US territory.
Chainalysis has also discovered that chain flows to suspected chemical store addresses are related to fentanyl seizures at the US-Mexico border, suggesting that cryptocurrency transactions associated with fentanyl production correspond to regional patterns previously identified by the DEA.
Lazarus Group and North Korea: the hack of Axie Infinity and new money laundering strategies
The role of Chainalysis in the fight against crimes on blockchain does not stop only at the detection of drug trades funded in crypto but also extends to the research and monitoring of money flows coming from hacks and exploits.
According to recent estimates, it has emerged that the North Korean hacking unit Lazarus Group and other related secondary groups have stolen about 1 billion dollars from DeFi protocols from 2022 to date.
The Lazarus group represents the most ruthless hacking entity, as well as the most technically skilled, in the entire world with the North Korean government supporting this kind of activity to obtain funds necessary to finance the construction of ballistic missiles and other weapons of war.
The largest theft ever attributed to Lazarus was the one against the cryptographic video game Axie Infinity and the Ronin sidechain, which in March 2022 amounted to a whopping 600 million dollars.
The attack began when the North Korean group Lazarus gained access to five of the nine private keys held by transaction validators for the Ronin Network, thus being able to approve transactions on the network such as the withdrawal of 173,600 ETH and 25.5 million USDC.
The money from crime has been partly laundered (and is still in the process of being laundered) through various highly sophisticated techniques, which can be divided into 5 phases:
- at the beginning the funds are stolen and converted into ETH
- they are then mixed using decentralized mixers like Tornado Cash
- mixed ETH is converted into BTC
- 1 BTC is mixed in coinjoin transactions to increase privacy
- 1 BTC is deposited in crypto-fiat services for cash-out
Below is an image of the “Chainalysis Reactor“, which traces the flow of funds from the Axie Infinity exploit by North Korean hackers.
However, since the mixer Tornado Cash was sanctioned by the “Office of Foreign Assets Control” (OFAC), the Lazarus group had to think of alternative methods to launder the money stolen from Axie and continue their crimes and finance the country’s arms race.
Since then, hackers have moved on to bridges that tend to obscure the source of transferred funds, moving crypto from one chain to another.
In particular, Lazarus tried to recycle part of the stolen loot, sending ETH on the BNB chain network, then swapping it with USDD and transferring it to the BitTorrent chain.
Hundreds of similar transactions, as visible from the “Chainalysis Storyline“, have been made to clean sums ranging from $100,000 to $200,000 to a wallet.
It is estimated that all of the 600 million stolen by the North Korean group from Axie have been divided into about 20,000 wallets.
Other various techniques are implemented to clean dirty money, also using off-chain environments.
As pointed out by Chris Wong, special agent at the FBI, North Korean hackers are known to seek legitimate jobs in the United States where they are paid in crypto in order to disguise the exploit as legitimate income.
The role of Chainalysis in this context is to track the various flows of chains and monitor the movements of assets stolen by groups that carry out crimes of this kind, such as Lazarus.
Thanks to an unprecedented effort, and continuous collaboration with law enforcement and specialized companies, Chainalysis has managed to seize and freeze over 30 million stolen cryptocurrency from hackers connected to North Korea in the last 2 years.
The experts from the Chainalysis team are confident that Lazarus hackers, given the increasing tightening of local regulations and the evolution of the DeFi landscape, will find it increasingly difficult to launder money in crypto and participate in various organized crimes.