Sophisticated Money Laundering Instruments on the Blockchain and Where to Find Them

Published in

bilic-io

12 min readApr 2, 2022

A significant part of the global economy is immersed in dirty practices which make them illegal proceeds from illicit business transactions. To the owners of these assets, the ends are all that matters. While to the global legal structure, the means constitute infractions to the body of laws that guide global society, and thus, these proceeds must be retrieved and their handlers apprehended.

To clean illegal money, the typical criminal would route it through several financial stops and different handlers until it gets back to its origin, but as legal and clean money. The typical money launderer loves nothing more than a process which eliminates all trails that could be traced back to the culprit. It is for this reason that cryptocurrencies and its offsprings of DeFi and NFTs have become safe havens for stolen money.

To hide their origins, criminals use a variety of methods and services that deliver money to many addresses or corporations. The assets are subsequently delivered to a target location or an exchange to be liquidated from a legal source. This procedure makes tracing laundered monies back to illegal activity extremely difficult.

Money Laundering using Defi (Tornado Cash, Uniswap etc)

Against the designs of a centralized finance system which includes third party intermediaries and leaves a bunch of paper trails, Decentralized Finance (DeFi) eliminates the need for middlemen through the use of peer-to-peer financial protocols.

With DeFi, anyone with a computer and internet connection can participate on DeFi to lend, borrow, stake and trade cryptocurrencies. More so, DeFi, unlike cryptocurrency exchanges, have no stringent requirements for identity verification. Thus, users’ identities are protected when it comes to participating on DeFi platforms.

The fact that DeFi platforms protect the identity of users, they offer a very huge invitation to money launderers. Recent reports have revealed that about half of all the recently stolen cryptocurrencies were sent to DeFi platforms. In another report by The Block, about $192.82 billion remains locked in DeFi as of January 2022. The argument for the rise in using DeFi for the cleaning and funneling of illegal monies is due to its present existence outside the regulatory borders.

DeFi is built on the blockchain technology; hence, as a platform built on the decentralized ledger technology, transactions data can be accessed and traced. Money launderers therefore have to employ other strategies to eliminate the digital footprints of their transactions on platforms. Some of the strategies used include:

Peel Chain

Peel chain is used to funnel very huge sums of cryptocurrencies in and out of DeFi platforms in order to make it undetected by whatever authorities that look into very monstrous transactions. Peeling allows money launderers to break small transactions into very huge amounts of crypto asset and in this piece meal, maybe even incremental, send huge amounts of cryptocurrencies to crypto exchanges, where they are converted to fiat currencies or other cryptocurrencies. Money launderers create very long and complex peel chains so that at the time resources and processes required to trace the transactions to their financial destination become almost impossible and tedious. For instance, an individual wanting to transfer 100 ETH undetected could perform 200 different transactions of 0.5 ETH each. This might be a tedious process, but it lends in with all other normal transactions and thus raises no red flags for the sender.

Chain Hopping

Another strategy money launderer’s favor is chain hopping. Defi platforms like Change Finance, which is a multi-chain DeFi App and promotes interoperability, allow users to move their access from one blockchain network onto another. Launderers often move from one chain or cryptocurrencies to another in very quick succession. This is to lose trackers and complexify their transaction history so that it becomes almost impossible to follow the transaction trail to the destination.

Tornado Cash Mixer

Just 2 short years ago, Binance was the victim of a very swift attack that left the biggest cryptocurrency exchange at that time short of about 7000 bitcoins worth about 40million dollars as at the time of the theft, making it one of the biggest cryptocurrency theft of all times.

When investigators followed the transfer trail, it was discovered that about 5000 bitcoins of the total stolen funds were transferred and laundered through a service called chip mixer. Mixers came onto the cryptocurrency scene shortly after the emergence of the Bitcoin.

While the blockchain technology makes it impossible to put faces to wallet addresses, the decentralized public ledger keeps track of all receipts and transactions on the blockchain. Hence, transaction activities between wallets are available and can be tracked until very broad and unrelated data are sifted, cross-referenced, and narrowed down to relatively small variables from which to make better and informed guesses. This, to a large extent, is great news for crypto security and a huge deterrent for money launderers on the crypto market.

Enter crypto currency mixers. Mixers act as digital shredders that destroy the transaction history provided by the blockchain and in the process make it impossible to track transactions effectively. A very popular mixer is the tornado cash mixer.

Tornado Cash is an Ethereum DeFi application rumored to have been used by hackers to launder 100 of millions in stolen money. With Mixers like the tornado cash, cryptocurrencies are deposited into the application by the depositing address and the deposits can only be made in specific amounts as stipulated by the tornado application. This could be in ones, tens, or hundreds. The most plausible reason for this is so that each one that contributes to the pool contributes the same amount, and when a withdrawal is made it becomes impossible to know which wallets initially deposited what and took out what.

The deposited funds are left for a short while to allow the deposited funds mix with other funds within the system so that no transaction exist as a single transaction but a bunch of transaction layered, bunched, and mashed together to create a single compound transaction that cannot be tied to a single wallet address. And then the funds are withdrawn via a different address referred to as the relayer, and sent to the recipient address, which is often different from the deposit address. This breaks the on-chain connection between the deposit address and the recipient address.

It is also important to note that most users of the platform often make use of VPN services to mask their IP addresses so that the deposit IP address is not connected to the withdrawal address.

Tornado cash mixer’s ability to mash and mix transactions to remove the historical transfers of cryptocurrencies to and from different wallets makes it a very useful tool in the hands of money launderers. In January of 2022, about 4006 ETHs were stolen from crypto.com. Investigations into the theft revealed that the stolen Ethers had been laundered through Tornado cash in batches of 100s to unknown accounts.

According to Strom, founder of Tornado Cash, in an interview with CoinDesk, Tornado version 2 would include a cryptographic note in the transaction history of Ether during transactions to help determine the provenance of funds. While this might increase the ability to track the movement of illicit funds through the platform, Tornado continues to attract huge cryptocurrency transactions because of its ability to mask transaction information.

Money Laundering using NFT’s

The physical art industry has always been attractive to money launderers because of its subjective price, scarcity effect, unpredictability, and vulnerability to manipulation. Undoubtedly, these factors, including anonymity, which is the icing on the cake, also play out in the NFT industry, resulting in the consequent embrace of the NFT industry by both legitimate and questionable business individuals. A thorough analysis of the NFT market immediately reveals its inorganic financial value explosion and the erratic movement of huge funds to purchase almost worthless digital pieces. But who cares? What is worth shit to James might be worth gold to John, right? Well, isn’t that the right technological recipe for the manipulation and funneling of dirty money into sweet old, legally acceptable monies?

One of the popular ways money launderers utilize the NFT platforms for laundering dirty money is through Wash Trading, which refers to putting up one’s NFT for sale, and then purchasing it by oneself multiple times, and, in the process, manipulating the value significantly.

What money launderers do is create an account on NFT platforms, create or buy a piece of art on the platform, and ‘Wash Trade’ the NFT asset in their possession, using different accounts on the same platform to increase the price of the asset. When the price of the asset is significantly pumped up, they sell the asset to themselves and receive their dirty illegal money through the sale of an NFT as legitimate money which is withdrawn and circulated in society.

Chainalysis, in its report, identified 262 users who sold an NFT to a self-funded address more than 25 times, creating $8.5 million in profits. Close analysis showed that certain transactions on OpenSea showed very irregular pricing and certain accounts could be traced to have transferred funds to other wallet addresses and then used to purchase NFTs from the foundation account.

This practice serves to funnel dirty and illegal money through a legitimate digital art platform back into the economy as legitimate money.

How to track money laundering in Defi and NFT’s

The anonymity of cryptocurrencies makes it impossible to uncover the identities or persons behind wallet addresses. In fact, it is this feature which makes NFTs and other cryptocurrencies slaughter houses for infected meat. On NFT market platforms, a lot can be observed by looking at the item transaction history. Here, we can see the creation of items, their historical listings, and how transactions have been made. Chinalysis, in their report, revealed that a lot of the wash trades that manipulate NFT values can be seen from just looking at the item activity histories.

There is an argument that a combination of blockchain investigation tools can increase precision for tracing and tracking cryptocurrency transactions and identifying their provenance. However, the processes of attribution and tracing all make it possible to reduce the numerous variables involved in a single crypto transaction to a manageable minimum so that investigators can make the most informed guesses with the information and data at their disposal. Using Mixers, and other strategies makes successful tracking impossible irrespective of the technologies that are used. More so, money Launderers use Peel chain and chain hopping to make tracking to final destination and uncovering the owners of addresses impossible.

Tying strings of crypto-wallet addresses to individuals still presents a problem. One of the ways to solve these problems is the institution of compulsory KYC for NFT and DeFi platform users. This will make sure that wallet addresses have identities attached to them. This will make tracing easier and effective.

Strengthen policy regulations around using DeFi and NFTs. Such regulations would be aimed at monitoring and arresting the dangerous activities of money launderers. These policy regulations must be dynamic, and flexible but with incremental strictness.

Besides, putting in place the necessary anti-money laundering system to flag suspicious transactions is very appropriate. In August 2021, some hackers got hold of $610 million worth of stolen crypto. About $33 million was converted to the Tether stable coin. The immediate discovery of the activity and swift action of Tether’s chief technology officer, Ardoino, led the network to freeze the asset, making it impossible for the hacker to make away with the money. According to Ardoino, the money might have been lost forever had the Tether network wasted little time.

Recently stolen crypto recoveries suggest that the days when cryptocurrencies provided a haven for criminals are almost completely over. The recovery of Poly’s stolen funds, among others, suggests that blockchain investigators and forensics are getting the hang of all it takes to track down and recover stolen funds. Examples of tracking successes in the recovery of stolen or dirty money include the $2.3 million paid by the colonial pipeline to hackers who gained access to its computer network and Kucoin’s recovery of $281 million in customer assets.

It is general knowledge that the end destination of cryptocurrencies for launderers is exchanges and DeFi platforms. Especially those with no KYC provisions. For this reason, Lisa Monaco stated that the most effective strategy for apprehending money launderers within the crypto space is to follow the money trail made available by the blockchain. The blockchain is sure to document all transactions irrespective of how complex such funds might have been routed to hide their origins and obscure their destinations.

Tools For Investigating Crypto Transfers

To effectively follow the money, crypto investigators use complex tools to investigate the origins of funds, the digital footprints left by the complex layers of transactions, and the destinations of funds.

Investigating sources of funds is an attempt to identify the origin of transactions, especially the address that triggers the beginning of the financial activity. As the transaction commences and goes on, it leaves footprints as it moves from chain to chain, one exchange to the other, or from wallets to wallets.

Tracking the footprints of crypto fund flow analysis is often achieved using complex data mining techniques such as clustering, ownership analysis, and e-discovery:

Ownership analysis tries to put together a confluence of factors and evidence which uncovers the beneficiaries and identities behind wallet addresses under investigation.
Clustering algorithms, on the other hand, serve to sift, cross-reference, and identify wallet addresses that belong to the same wallet and owner. Clustering can identify thousands of addresses as belonging to a particular wallet. This helps to reduce the confusion caused by the peeling of funds and concerns the investigator with the end game in mind.
E-discovery helps to scrape crypto transaction and wallet data off the internet and personal devices and analytically weave the data into a giant digital roadmap which gives the investigator holistic insight. E-discovery often employs different tracing techniques to achieve its purpose.

Lastly, the destination of funds analysis is to identify the wallets that receive funds after they have been laundered through multiple layers of activities.

An important addition to crypto security, albeit the most important one yet, which has turned the tide in favour of forensic experts, is the development and use of sophisticated software for tracking and analysis. An example is Bitquery, which produces analytical tools and software for investigations.

Follow the Money (FTM)

The FTM tool finds all transactions related to any address flagged as suspicious and provides a graphical illustration of the inflow and outflow of assets into that account by different wallet addresses.

The software tries to identify patterns that suggest criminal activity.

A sure way to increase proficiency in crypto tracking and apprehension of stolen money is to create an all-rounded strategy for tracking. This would include using numerous and different blockchain analysis tools for the same investigation. An example is for confirmation, fraud investigation methodology which incorporates methods such as first-in, first-out (FIFO), last-in, first-out (LIFO), pro-rata distribution (Proportional Distribution), lower intermediate balance rule (LIBR), coupled with other unique methods specifically designed for specific blockchain.

Designs for Tracking Laundered Funds

An all-rounded design for tracking stolen or laundered funds would look like the Bilic design. Bilic is a blockchain forensic company that aims to help government agencies, businesses, financial institutions, and regulators detect and prevent financial crime involving crypto assets by democratizing investigation through an open intelligence marketplace. Bilic’s NIST standard-compliant investigative approach includes:

Data collection

The data collection phase would use sophisticated software to scrape transaction data off the blockchain.

Data Processing

The processing stage will convert the collected data into useful information used to track the origins, movements, and destinations of stolen funds.

Group Intelligence Gathering

This phase involves the combination of different intelligence departments in gathering information. This helps to cross-reference information to ensure a confluence point where the different data meets to show that information gathering is credible and would promote informed decision-making.

Reporting

The final phase involves presenting the findings of investigations for decision making.

Summary
The crypto space and its associated technologies, especially its security design, are still emerging, making it highly vulnerable to attacks. However, the days when hackers and money launderers funnel stolen money back into the economy with ease are gone. There are emerging sophisticated technologies and methods for tracking and apprehending suspicious transactions on the blockchain. The increasing capability of expert blockchain investigators and crypto forensic analysts is challenged by the availability and use of transaction mixers, round-tripping, and complex layering, among other strategies used by criminals to hide their footprints on the blockchain.