Ransomware payouts rejected in 2022: Crystal Blockchain

by Arthur · December 22, 2022

Known cryptocurrency payments to ransomware hackers “totaled just $16 million, compared to nearly $74 million in 2021,” says blockchain intelligence firm Crystal Blockchain.

This may be surprising given the fact that the number of ransomware attacks has increased since 2021, according to cybersecurity researchers. This year, the infamous Conti ransom gang, known for terrorizing US hospitals during the COVID-19 pandemic, ceased operations, but new groups are constantly emerging.

Nick Smart, Crystal’s director of blockchain intelligence, told CoinDesk that it may be premature to conclude that ransomware attacks are in permanent decline.

“Since the Conti leaks, we were able to gather a lot more information about historical ransomware and ransomware activity, which means we have a better idea of what it was like before. Because of the way ransomware generally works, it’s not possible to tell what happened now, as many companies do not disclose payment information publicly, Smart said.

Regrouping

Analysis of on-chain activity shows that crypto services with high money laundering risk scores – meaning they receive funds from fraud and cybercrime more often than others – are seeing a decline in popularity, the report said.

“We can see that overall crypto funds are increasingly being traded between lower risk [virtual asset service providers] probably due to increased regulation, registration and client expectations,” the report states.

At the same time, crypto exchanges and services that manage to keep “dirty” crypto out have further tightened anti-money laundering policies, effectively scaring away criminal actors: “The amount of funds sent to low-risk exchanges from fraud fell by 24% in 2022 compared to 2021, it says the report.

Offline wallets, which allow users to directly control their money, are becoming increasingly popular among crypto users in general, the report says: more funds are being sent to such addresses.

Cross-chain bridges are still popular for illicit transactions. Bitcoin-to-Ethereum bridge service Ren, for example, received nearly half of all crypto from sanctioned entities, the report said. The service, linked to the now-failed exchange FTX, is popular with hackers.

“Perhaps the biggest supporter of this trend was the FTX thief, which almost drained the protocol’s entire liquidity crossing chains,” says Smart. It’s nothing new: cybercriminals have already used Ren actively before. However, the recent enforcement actions benefited the protocol.

“I think a lot of the attention on Ren grew after Tornado Cash was sanctioned [by the U.S. Treasury Department]which shows that criminals are always developing tactics to try to beat blockchain intelligence companies and compliance teams,” Smart said.