C’est la rançon du succès : les cryptomonnaies connaissent une adoption grandissante, avec un volume total de transactions en 2021 en augmentation de 567% par rapport à 2020, mais les activités illégales y ayant recours progressent également, d’après la dernière enquête "Crypto Crime Report" de l’entreprise Chainalysis, spécialisée dans l’analyse et la prévention des risques cyber.
Crypto-crime, however, advances with a less sustained pace.It represented $ 14 billion in 2021, an increase in "only" 79% compared to the previous year, indicates the document published this week.
Embezzlement limited to 0.15% of exchanges
If the problem increases in absolute value, it decreases in proportion: "Crime is becoming proportionately less and less important in the cryptocurrency ecosystem", write the authors.Their provisional estimate on the share of transactions associated with illegal activities in 2021 is 0.15%, but the figure will most certainly be revised upwards.The previous year, it was initially 0.34% before being reassessed at 0.62%.
The use of bitcoins, ethers, tethers, and other XRPs for the financing of terrorism is even reduced to sorrow, according to the study."We have identified a number of terrorist organizations that have tried to finance their operations with cryptocurrencies.What is more difficult to find, however, are groups that have managed to use them.»»
The armed branch of Hamas (al-Qassam brigades) brings together almost all transactions in this marginal category devoted to the financing of terrorism, but the majority of the sums were seized by the Israeli government in July.
The vulnerabilities of "defi"
On the contrary, criminal activities that experience strong progression are scams and funds, in particular with the growing use of decentralized finance (or "deffi" for decentralized finance).DEFI provides new services to cryptocurrency users, including credits, paid savings, bets, or the facilitated emission of new tokens thanks to "smarts contracts".Its use for the flight of funds has thus increased by 1.330% to $ 2.2 billion.
Concretely, two methods were used for this purpose.The first is simply to exploit the faults of the computer code.It is a classic piracy.
"But with the boom in the DEFI and the extensive possibilities of the contracts which [the] fuel, deeper vulnerabilities have started to be uncovered.»» Le code étant souvent en libre accès à la consultation, dans un souci de transparence et d’encourager l’adoption, il offre par la même occasion l’opportunité pour les pirates de repérer des failles et de les exploiter.
Handling of courses and "rug sweater"
The second technique used to steal money is to handle prices.The operation in fact consists in deceiving the financial data supplier, "the oracle", used by the DEFI platform to display the price of a token.$ 364 million was thus stolen in 2021 (especially during the hacking of Cream Finance).
Finally increasingly common scams consist in promising Monts-et-Merveille through a DEFI service, then disappearing with money.This process, called "rug sweater" ("pull the carpet") goes through the emission of a token for which each buyer will put a sequest of a sum of money under sequest.
Usually, the honest protocols provide that these bets cannot be moved without the agreement of the participants, but the criminals skillfully implement the opportunity to do without their approval.
« Alors qu’un audit du code permettant de repérer ces vulnérabilités sont courants dans l’écosystème, ils ne sont pas exigés sur la plupart des [plateformes d’échange décentralisées]»», souligne le rapport.The latter are indeed intended to be entirely automated and accessible to supervisory users.
The Thodex affair
However, the largest scam in 2021 did not need to use this kind of ploy.The boss of the Turkish exchange platform Thodex has vanished with the 2 billion dollars in cryptocurrencies of its customers.A case that represents 90% of scams last year.
Le principal enseignement du rapport est donc de garder un œil très attentif sur la DeFi, d’autant qu’elle « prend le rôle principal dans le blanchiment d’argent»».
Une activité qui a concerné pas moins de 33 milliards de dollars, mais qu’il faut mettre au regard des 800 milliards de dollars minimum blanchis dans le monde chaque année « soit 5% du PIB global»».
The authors are however optimistic about the fight against crypto-crime: “Due to the inherent transparency of blockchains, we can more easily track down illegal movements.»»
The accounts are not anonymized, but pseudonymized most of the time and the transactions are kept on the blockchain, which makes it possible to go up the activity and to find an identity by cross information.