Cryptocurrency and crime

Cryptocurrency and crime describe notable examples of cybercrime related to theft (or the otherwise illegal acquisition) of cryptocurrencies and some methods or security vulnerabilities commonly exploited. Cryptojacking is a form of cybercrime specific to cryptocurrencies that have been used on websites to hijack a victim's resources and use them for hashing and mining cryptocurrency.

According to blockchain analysis company Chainalysis, around US$2.5 billion was laundered through Bitcoin between 2009 and 2018, and the fraction of cryptocurrency transactions linked to illicit activities has been on the rise since early 2019. In 2021, 0.15% of known cryptocurrency transactions conducted were involved in illicit activities like cybercrime, money laundering and terrorism financing, representing a total of $14 billion.

Background
There are various types of cryptocurrency wallets available, with different layers of security, including devices, software for different operating systems or browsers, and offline wallets.

Novel exploits unique to blockchain transactions exist, and aim to generate unintended outcomes for those involved. One of the more well-known issues that open the possibility for exploits on Bitcoin is the transaction malleability problem.

The Immunefi Crypto Losses 2022 Report lists industry losses from frauds and hacking as a combined total of US$3.9 billion for the year, and at US$8 billion for 2021.

Notable thefts
In 2018, around US$1.7 billion in cryptocurrency was lost to scams, theft and fraud. In the first quarter of 2019, the amount of such losses rose to US$1.2 billion. 2022 was a record year for cryptocurrency theft, according to Chainalysis, with US$3.8 billion stolen worldwide during 125 system hacks, including US$1.7 billion stolen by "North Korea-linked hackers".

Exchanges
Notable cryptocurrency exchange compromises resulting in the loss of cryptocurrencies include:


 * Between 2011 and 2014, US$350 million worth of bitcoin was stolen from Mt. Gox.
 * In 2016, US$72 million was stolen through exploiting Bitfinex's exchange wallet, users were refunded.
 * On December 7, 2017, Slovenian cryptocurrency exchange NiceHash reported that hackers had stolen over $70 million using a hijacked company computer.
 * On December 19, 2017, Yapian, the owner of South Korean exchange Youbit, filed for bankruptcy after suffering two hacks that year. Customers were still granted access to 75% of their assets.
 * In 2018, cryptocurrencies worth US$400 million were stolen from Coincheck.
 * In May 2018, Bitcoin Gold had its transactions hijacked and abused by unknown hackers. Exchanges lost an estimated $18 m and Bitcoin Gold was delisted from Bittrex after it refused to pay its share of the damages.
 * In June 2018, South Korean exchange Coinrail was hacked, losing over $37M worth of crypto. The hack worsened an already ongoing cryptocurrency selloff by an additional $42 billion.
 * On July 9, 2018, the exchange Bancor, whose code and fundraising had been subjects of controversy, had $23.5 million in cryptocurrency stolen.
 * Zaif US$60 million in Bitcoin, Bitcoin Cash and Monacoin was stolen in September 2018
 * Binance In 2019 cryptocurrencies worth US$40 million were stolen.
 * Africrypt founders are suspected of absconding in June 2021 with US$3.6 billion worth of Bitcoin
 * PolyNetwork (DeFi) suffered the loss of US$611 million in a theft in August 2021.
 * Japanese cryptocurrency exchange Liquid was compromised in August 2021 resulting in a loss of US$97 million worth of digital coins
 * Cream Finance was subject to a US$29 million theft in August, 2021 and $130 million October 28, 2021.
 * On December 2, 2021, users of the BadgerDAO DeFi lost around $118,500,000 worth of bitcoin and $679,000 worth of ethereum tokens in a front-end attack. A compromised API key of the Cloudflare content delivery network account allowed injecting a malicious script to the web interface. BadgerDAO "paused" all smart contracts due to user complaints.
 * On December 6, 2021, the cryptocurrency exchange BitMart lost around $135M worth of Ethereum and an estimated $46 million in other cryptocurrencies due to a breach of two of its wallets. Although BitMart stated that it would reimburse its clients, many BitMart clients have not received any money from the exchange as of January 2022.
 * On December 12, 2021, users of VulcanForge lost around $135M worth of PYR due to breaches of multiple wallets. Partnering centralized exchanges had been notified of the hack and they have pledged to seize any stolen funds upon deposit.
 * On January 27, 2022, Qubit Finance (DeFi) lost around $80M worth of Binance Coin due to a flaw in the smart contract that enabled the withdrawal of the said amount in exchange for a deposit of 0 ETH.
 * In March 2022, the largest cryptocurrency theft of the year, US$625 million in ether and USD coin was stolen from the Ronin Network. Hacked nodes were finally discovered when a user reported being unable to withdraw funds. The heist was later linked to Lazarus Group, a North Korean state-backed hacking collective, by the U.S. Treasury Department.
 * On September 20, 2022, Wintermute was hacked resulting in theft of US$160 million. The company attributed the vulnerability to a service used by the platform that generates vanity addresses for digital accounts.
 * On September 25, 2023, it was reported that $200 million was stolen by hackers from crypto firm Mixin Network. The company stated that the database of its network's cloud service provider was attacked by hackers resulting in the loss of the assets.

Wallets
The Parity Wallet has had two security incidents amounting to 666,773 ETH lost or stolen. In July 2017, due to a bug in the multisignature code, 153,037 ETH (approximately US$32 million at the time) were stolen. In November 2017, a subsequent multisignature flaw in Parity made 513,774 ETH (about US$150 million) unreachable; as of March 2019, the funds were still frozen.

Energy
Notable cases of electricity theft to mine proof-of-work cryptocurrencies include:


 * In February 2021 Malaysian police arrested six men involved in a Bitcoin mining operation which had stolen US$2 million in electricity
 * Ukraine authorities shut down an underground gaming and cryptocurrency farm in July, 2021, accused of stealing $259,300 of electricity each month
 * In July 2021 Malaysian authorities destroyed 1,069 cryptocurrency mining systems accused of stealing electricity from the grid
 * In May, 2021 UK authorities closed a suspected bitcoin mine after Western Power Distribution found an illegal connection to the electricity supply

Bitcoin
There have been many cases of bitcoin theft. , around 980,000 bitcoins—over five percent of all bitcoin in circulation—had been lost on cryptocurrency exchanges.

One type of theft involves a third party accessing the private key to a victim's bitcoin address, or of an online wallet. If the private key is stolen, all the bitcoins from the compromised address can be transferred. In that case, the network does not have any provisions to identify the thief, block further transactions of those stolen bitcoins, or return them to the legitimate owner.

Theft also occurs at sites where bitcoins are used to purchase illicit goods. In late November 2013, an estimated US$100 million in bitcoins were allegedly stolen from the online illicit goods marketplace Sheep Marketplace, which immediately closed. Users tracked the coins as they were processed and converted to cash, but no funds were recovered and no culprits were identified. A different black market, Silk Road 2, stated that during a February 2014 hack, bitcoins valued at $2.7 million were taken from escrow accounts.

Sites where users exchange bitcoins for cash or store them in "wallets" are also targets for theft. Inputs.io, an Australian wallet service, was hacked twice in October 2013 and lost more than $1 million in bitcoins. GBL, a Chinese bitcoin trading platform, suddenly shut down on 26 October 2013; subscribers, unable to log in, lost up to $5 million worth of bitcoin. In late February 2014 Mt. Gox, one of the largest virtual currency exchanges, filed for bankruptcy in Tokyo amid reports that bitcoins worth US$350 million had been stolen. Flexcoin, a bitcoin storage specialist based in Alberta, Canada, shut down in March 2014 after saying it discovered a theft of about $650,000 in bitcoins. Poloniex, a digital currency exchange, reported in March 2014 that it lost bitcoins valued at around $50,000. In January 2015 UK-based bitstamp, the third busiest bitcoin exchange globally was hacked and US$5 million in bitcoins were stolen. February 2015 saw a Chinese exchange named BTER lose bitcoins worth nearly $2 million to hackers.

A major bitcoin exchange, Bitfinex, was compromised by the 2016 Bitfinex hack, when nearly 120,000 bitcoins (around US$71 million) was stolen in 2016. Bitfinex was forced to suspend its trading. The theft was the second-largest bitcoin heist ever, dwarfed only by the Mt. Gox theft in 2014. According to Forbes, "All of Bitfinex's customers... will stand to lose money. The company has announced a cut of 36.067% across the board." Following the hack the company failed to refund customers, though efforts are continuing. In 2022, the US government recovered 94,636 bitcoin (worth approximately $3.6 billion at the time of recovery) from the 2016 thefts of the Bitfinex exchange, reported as the "largest financial seizure" in U.S. history. By February 2022, the amount of bitcoin stolen in 2016 had increased in value to $4.5 billion. Two people were arrested for the thefts in 2022; married couple Ilya “Dutch” Lichtenstein and rapper Heather "Razzlekhan" Morgan were charged with conspiracy to commit money laundering and conspiracy to defraud the United States.

On May 7, 2019, hackers stole over 7000 Bitcoins from the Binance Cryptocurrency Exchange, at a value of over 40 million US dollars. Binance CEO Zhao Changpeng stated: "The hackers used a variety of techniques, including phishing, viruses, and other attacks... The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time."

Thefts have raised safety concerns. Charles Hayter, founder of the digital currency comparison website CryptoCompare said, "It's a reminder of the fragility of the infrastructure in such a nascent industry." According to the hearing of U.S. House of Representatives Committee on Small Business on April 2, 2014, "these vendors lack regulatory oversight, minimum capital standards and don't provide consumer protection against loss or theft."

Ethereum
In June 2016, hackers exploited a vulnerability in The DAO to steal US$50 million. Subsequently, the currency was forked into Ethereum Classic, and Ethereum, with the latter continuing with the new blockchain without the exploited translations.

On November 21, 2017, Tether announced that it had been hacked, losing $31 million in USDT from its core treasury wallet. The company has 'tagged' the stolen currency, hoping to 'lock' them in the hacker's wallet (making them unspendable).

In 2022, hackers created a signature account on a blockchain bridge called "Wormhole" and stole more than $300 million worth of ether.

Exit scams and ponzi schemes through initial coin offerings (ICOs)
Most exit scams (or rugpulls) as well as many ponzi schemes involving cryptocurrencies are performed through Initial Coin Offerings (ICOs). As an example, according to a report by Satis Group almost 80% of all projects launched through an ICO in 2017 were scams. These scams usually involve attracting investments from mostly retail investors, inflating the price and the perpetrators subsequently abandoning the project in question after selling off their own shares.

The novelty of ICOs accounts for the current lack of governmental regulation. This lack of regulatory measures as well as the pseudonymity of cryptocurrency transactions and their international nature across countless jurisdictions in many different countries can make it much more difficult to identify and take legal action against perpetrators involved in these scams. Since 2017 the SEC has been actively pursuing groups and individuals responsible for ICO-related scams.

Examples of ICO-related scams

 * AriseCoin (AriseBank): AriseBank marketed itself as the world's first decentralized bank, falsely claiming to be able to offer FDIC-insured accounts, VISA-cards as well as services related to cryptocurrency and making other false statements. AriseBank promoted its AriseCoin through celebrity endorsement and social media in order to raise the US$1 billion the company was aiming for. Their ICO was halted by the SEC in early 2018 with their CEO and COO receiving a fine of US$2.7 million.
 * BitConnect: Bitconnect was among the highest performing cryptocurrencies in 2017, promising investors enormous returns through a trading bot. At its height it reached a market capitalization of US$3.4 billion. In early 2018 the exchanged ceased to operate with investors losing millions of dollars, amounting to a total of US$14.5 million. It later turned out that the initial profits were generated through a ponzi scheme by paying earlier customers with money made through newer customers. Legal action against the perpetrators was taken on an international scale.
 * Centra: Centra was a Miami-based company claiming to offer a cryptocurrency-based debit card backed by VISA and Mastercard. The company raised US$32 million by October 2017 through an ICO and few months later performing an exit-scam. In April 2018 two of the founders were arrested. It was soon revealed that neither Mastercard nor VISA backed the company in their alleged efforts.
 * Modern Tech (PinCoin/iFan): Based in Vietnam, Modern Tech hosted two separate ICOs for PinCoin as well as iFan promising monthly returns of 48%. After the initial success the founders ran off with approximately US$660 million raised from 32,000 investors. The founders are still at large and none of the funds have been retrieved.
 * PlexCoin: After Dominic Lacroix and Sabrina Paradis-Rogers (the founders of PlexCoin) had officially raised around US$15 million through a fraudulent ICO in August 2017 while promising a return of 1,354 % within a month, the SEC filed a civil complaint in December of the same year against them and sought an injunction to cease those sales, freeze the assets involved, pay civil penalties and prohibit the ones responsible behind the token launch from participating in any future offerings of cryptocurrency. Shortly after Lacroix was sentenced to two months in prison and fined CA$110,000 by the Quebec Superior Court. The SEC's proceedings lead to seven-figure fines for the defendants in 2019 and a retrieval of the investors' funds. During the proceedings the SEC was able to prove that the success of the ICO was inflated by the founders who in fact had raised US$8.5 million instead of the US$15 million they had announced.

Ponzi schemes
Ponzi schemes are another common form of utilizing blockchain based technologies to commit fraud. Most schemes of this sort use multi-level marketing schemes to encourage investors to conduct risky investments. Onecoin is one of the more notable examples of cryptocurrency-ponzi schemes: Founded in 2014 by Ruja Ignatova, OneCoin is estimated to have generated US$4 billion in income. While at least in China some of the investors' funds have been recovered and several members of the organisation arrested in the U.S., Ignatova herself is still at large.

Money laundering
Due to the inability of third parties to de-pseudonymize cryptotransactions criminal entities have often resorted to using cryptocurrency to conduct money laundering. Especially ICOs lacking KYC guidelines and anti-money laundering procedures are often used to launder illicit funds due to the pseudonymity offered by them. By using ICOs criminals launder these funds by buying tokens off of legitimate investors and selling them. This issue is intensified through the lack of measures against money laundering implemented by centralized cryptocurrency-exchanges.

A well-known early example of money laundering using cryptocurrencies is Silk Road. Shut down in 2013 with its founder Ross Ulbricht indicted for among other counts a money laundering conspiracy, the website was used for several illicit activities including money laundering solely using Bitcoin as a form of payment.

Apart from traditional cryptocurrencies, Non-Fungible Tokens (NFTs) are also commonly used in connection with money laundering activities. NFTs are often used to perform Wash Trading by creating several different wallets for one individual, generating several fictitious sales and consequently selling the respective NFT to a third party. According to a report by Chainalysis these types of wash trades are becoming increasingly popular among money launderers especially due to the largely anonymous nature of transactions on NFT marketplaces. Auction platforms for NFT sales may face regulatory pressure to comply with anti-money laundering legislation.

Regulatory measures
Canada is generally regarded as the first state-actor implementing regulatory measures dealing with money laundering conducted by usage of cryptocurrencies. By 2013 the Financial Crimes Enforcement Network (FinCEN) — in direct reference to the centralized exchange Mt. Gox — issued regulations making it clear that all crypto-to-fiat exchangers had to apply KYC- as well as anti-money laundering methods. Any suspicious transactions have therefore to be reported to the authorities. Centralized exchanges have to register as money transmitters, with the exact definition of who and what constitutes a money transmitter in the cryptosphere being somewhat blurred and regulations differing between the different states of the U.S. An important exemption from these regulations are decentralized exchanges due to the fact that they do not hold any fiat-currency.

As part of the Fourth Anti-Money Laundering Directive of 2015 and in an effort to combat money laundering and the financing of terrorism, the European Union has issued a directive making all member-states to have to make sure that cryptoexchanges are licensed and registered. The EU is furthermore planning to take measures to ensure that all customers of cryptocurrency-exchanges are to verify their identity as part of the registration process.

Regarding NFTs
Auction platforms for NFT sales may face regulatory pressure to comply with anti-money laundering legislation. A February 2022 study from the United States Treasury assessed that there was "some evidence of money laundering risk in the high-value art market," including through "the emerging digital art market, such as the use of non-fungible tokens (NFTs)." The study considered how NFT transactions may be a simpler option for laundering money through art by avoiding the transportation or insurance complications in trading physical art. Several NFT exchanges were labeled as virtual asset service providers that may be subject to Financial Crimes Enforcement Network regulations.

The European Union has yet to establish specific regulations to combat money laundering through NFTs. The European Commission announced in July 2022 that it is planning to draw regulations regarding that issue by 2024.

Further examples
Josh Garza, who founded the cryptocurrency startups GAW Miners and ZenMiner in 2014, acknowledged in a plea agreement that the companies were part of a pyramid scheme, and pleaded guilty to wire fraud in 2015. The U.S. Securities and Exchange Commission separately brought a civil enforcement action against Garza, who was eventually ordered to pay a judgment of US$9.1 million plus $700,000 in interest. The SEC's complaint stated that Garza, through his companies, had fraudulently sold "investment contracts representing shares in the profits they claimed would be generated" from mining. Garza was later found guilty of fraud and ordered to pay US$9 million and begin serving a 21-month sentence commencing January 2019 by the U.S. Attorney's Office District of Connecticut.

The cryptocurrency community refers to pre-mining, hidden launches, ICO or extreme rewards for the altcoin founders as deceptive practices. This is at times an inherent part of the cryptocurrency's design. Pre-mining refers to the practice of generating the currency before its released to the public.

FTX and Alameda Research founder and CEO Sam Bankman-Fried was indicted by the U.S. District Court for the Southern District of New York in December 2022 and charged with commodities and wire fraud, securities fraud and money laundering, as well as with violating campaign finance laws.

Malware attacks
Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their coins were stolen. Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys. A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address. This method is effective because bitcoin transactions are irreversible.

One virus, spread through the Pony botnet, was reported in February 2014 to have stolen up to $220,000 in cryptocurrencies including bitcoins from 85 wallets. Security company Trustwave, which tracked the malware, reports that its latest version was able to steal 30 types of digital currency.

A type of Mac malware active in August 2013, Bitvanity posed as a vanity wallet address generator and stole addresses and private keys from other bitcoin client software. A different trojan for macOS, called CoinThief was reported in February 2014 to be responsible for multiple bitcoin thefts. The software was hidden in versions of some cryptocurrency apps on Download.com and MacUpdate.

Ransomware
Many types of ransomware demand payment in bitcoin. One program called CryptoLocker, typically spread through legitimate-looking email attachments, encrypts the hard drive of an infected computer, then displays a countdown timer and demands a ransom in bitcoin, to decrypt it. Massachusetts police said they paid a 2 bitcoin ransom in November 2013, worth more than $1,300 at the time, to decrypt one of their hard drives. Bitcoin was used as the ransom medium in the WannaCry ransomware. One ransomware variant disables internet access and demands credit card information to restore it, while secretly mining bitcoins.

, most ransomware attackers preferred to use currencies other than bitcoin, with 44% of attacks in the first half of 2018 demanding Monero, which is highly private and difficult to trace, compared to 10% for bitcoin and 11% for Ether.

Phishing
A phishing website to generate private IOTA wallet seed passphrases, and collected wallet keys, with estimates of up to US$4 million worth of MIOTA tokens stolen. The malicious website operated for an unknown amount of time and was discovered in January 2018.

Fraud factories
Fraud factories in Asia traffic workers to scam westerners into buying cryptocurrencies online.

Other incidents
In 2015, two members of the Silk Road Task Force—a multi-agency federal task force that carried out the U.S. investigation of Silk Road—were convicted over charges pertaining to corruption. Former DEA agent, Carl Mark Force, had attempted to extort Silk Road founder Ross Ulbricht ("Dread Pirate Roberts") by faking the murder of an informant. He pleaded guilty to money laundering, obstruction of justice, and extortion under color of official right, and was sentenced to 6.5 years in federal prison. Former U.S. Secret Service agent, Shaun Bridges, pleaded guilty to crimes relating to his diversion of $800,000 worth of bitcoins to his personal account during the investigation, and also separately pleaded guilty to money laundering in connection to another cryptocurrency theft. Bridges were sentenced to almost eight years in federal prison.

Gerald Cotten founded QuadrigaCX in 2013, after graduating from the Schulich School of Business in Toronto. Cotten was acting as the sole curator of the exchange. Quadriga had no official bank accounts since banks at the time had no method of managing cryptocurrency. In late 2018, Canada's largest crypto exchange QuadrigaCX lost US$190 million in cryptocurrency when the owner died; he was the only one with knowledge of the password to a storage wallet. The exchange filed for bankruptcy in 2019.

In 2018, Ellis Pinsky, 15 years old, was accused of orchestrating a scheme to steal millions of dollars' worth of cryptocurrencies from Michael Terpin, a prominent cryptocurrency investor. The scheme involved a social engineering technique known as the SIM swap scam. The case attracted significant attention due to Pinsky's young age and the substantial amount of money involved. It raised questions about the security of digital assets and the challenges in regulating and prosecuting crimes in the rapidly evolving world of cryptocurrencies. Pinsky later reached a settlement to return $22 million in cryptocurrency to Terpin. In May 2020, Pinsky experienced a home invasion by intruders searching for remaining stolen assets. Michael Terpin, the founder and chief executive officer of Transform Group, a San Juan, Puerto Rico-based company that advises blockchain businesses on public relations and communications, sued Ellis Pinsky in New York on May 7, 2020, for leading a "sophisticated cybercrime spree" that stole US$24 million in cryptocurrency by hacking into Terpin's phone in 2018. Terpin also sued Nicholas Truglia and won a $75.8 million judgment against Truglia in 2019 in California state court.

On July 15, 2020, Twitter accounts of prominent personalities and firms, including Joe Biden, Barack Obama, Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Michael Bloomberg and Uber were hacked. Twitter confirmed that it was a coordinated social engineering attack on their own employees. Twitter released its statement six hours after the attack took place. Hackers posted the message to transfer the Bitcoin in a Bitcoin wallet, which would double the amount. The wallet's balance was expected to increase to more than $100,000 as the message spread among the Twitter followers.

In 2021, US Authorities carried out a raid on James Zhong's home in Gainesville, Georgia. Authorities found over 51,000 bitcoin that Zhong had stolen from Silk Road between 2012 and 2013. Through an error on Silk Road, Zhong was able to withdraw more bitcoin than what was initially deposited. He concealed his identity and was able to evade authorities for nearly a decade. Zhong ended up pleading guilty to wire fraud and was sentenced to 1 year and 1 day in prison along with a forfeiture of all bitcoin.

In 2022, the Federal Trade Commission reported that $139 million in cryptocurrency was stolen by romance scammers in 2020. Some scammers targeted dating apps with fake profiles.

In early 2022, the Beanstalk cryptocurrency was stripped of its reserves, which were valued at more than US$180 million, after attackers had managed to use borrowed US$80 million in cryptocurrency to buy enough voting rights to transfer the reserves to their own accounts outside the system. It was initially unclear if such an exploit of governance procedures was illegal.