Proof of State is the Wednesday edition of Fortune Crypto where Leo Schwartz delivers insider insights on policy and regulation.
The myth of crypto as an untraceable haven for cybercriminals has long been busted, even if Bitcoin still carries the reputation as a dark web currency used to buy drugs and hire hitmen. If anything, blockchain’s immutable records provide better opportunities for insight into illicit activity than plain old cash, creating a golden age for law enforcement investigations thanks to the rise of analytics firms like Chainalysis and TRM Labs.
A new report from TRM Labs adds another wrinkle to the “whack a mole” game between illicit actors and law enforcement, as its global head of policy, Ari Redbord, a former Department of Justice prosecutor and U.S. Treasury undersecretary, put it. Cybercriminals are also aware of the tracing reality of crypto and have acted accordingly. According to the report, Bitcoin has receded dramatically, accounting for 97% of total illicit crypto volume in 2016 and just 19% in 2022. “We lived in a world again, just a few years ago, where really all you needed was to track and trace the flow of funds on Bitcoin,” Redbord said. “Tracing certainly has changed.”
The report lays out an arms race between cybercriminals and global law enforcement, where illicit actors are using new attempts to evade detection, from privacy coins like Monero and Zcash to mixers like Tornado Cash, and regulators are close on their tails. According to TRM Labs, illicit actors have mostly turned to Ethereum and Binance Smart Chain for hacks, with 68% and 19% of overall volume, respectively, and have almost exclusively turned to Tron for terrorist financing, which represents 92% of overall volume. “Really, over the last few years, we’ve seen a shift to digital battlefields, where wars are fought on blockchains,” Redbord said.
Despite the ever-evolving methods of illicit actors, Redbord maintained that law enforcement—and especially regulators, including the Treasury Department—are mostly winning the battle. While hacks are still happening at a fast clip, a priority has been closing off-ramps into fiat currency for state actors like North Korea, with the Treasury’s Office of Foreign Assets Control controversially sanctioning crypto addresses and mixers for the first time last year.
The growing popularity of cybercriminals turning to Tether on Tron—a confluence of two notoriously unregulated crypto tools—provides another challenge. As a stablecoin, Tether is particularly appealing because of its peg to the U.S. dollar. Tron has the advantage of lower transaction fees than other blockchains like Ethereum, along with the perception of existing outside the watchful eyes of regulators.
“We have seen Russian cybercriminals, drug cartels, and even North Korean state actors look to Tron, where there is an ecosystem of non-compliant crypto businesses ready to convert funds,” Redbord said, adding that there has been a 240% increase in the use of Tether on Tron over the last year for terrorist financing.
While TRM Labs is able to provide tracing capacities on Tron, the shift still demonstrates the ongoing risks that offshore crypto venues pose to regulators. Last week, the Department of Justice announced a new cyber section within its national security division. Even if Congress is dragging its feet on crypto, the rest of the government isn’t waiting around.
Leo Schwartz
leo.schwartz@fortune.com
@leomschwartz