The use and adoption of cryptocurrencies have surged in recent years as crypto entered the mainstream. With the proliferation of new coins, however, there has also been a notable rise in illicit use and abuse.
CoinJournal analyzed a report by Chainalysis to assess how widespread crypto crime is, which types are most common, and which year saw the largest losses to crypto criminals.
-
Crypto scams rose 82% in 2021 to $7.8 billion
-
72% of the $3.2 billion stolen funds came from DeFi protocols
-
As a percentage of total crypto transactions, scams fell by 66%
How bad is crypto really compared with fraud in the trad-fi (traditional finance) world? Is the criticism justified, or is it media hyperbole? Is crypto truly a haven for bad actors?
Crypto Crime Trends for 2022
The raw numbers are striking. According to the survey, crypto-based crime hit $14 billion in 2021 — a steep increase compared with $7.8 billion in 2020.
But if we want to compare that with trad-fi, we need to exclude some categories. Terror financing, darknet markets and several other categories are broad and difficult to measure equivalently in fiat. We can all agree that U.S. dollars are not immune to being used for drugs, stolen goods, and other illicit activity.
Here we focus on whether crimes specific to cryptocurrency — fraud, hacks, scams and similar schemes — occur as frequently as mainstream outlets claim, and how they compare with trad-fi. It’s an imperfect apples-to-oranges comparison, but it’s useful context.
Crypto Scams & Stolen Funds
Two categories stand out by year-over-year growth and contribution: scams and stolen funds. Scams rose 82% in 2021 to $7.8 billion, while $3.2 billion in cryptocurrency was stolen in 2021 — a 516% increase from 2020.
That is troubling, but headline numbers only tell part of the story. A deeper look shows much of this growth occurred inside DeFi, the newest sub-industry of crypto.
DeFi
Seventy-two percent of the $3.2 billion stolen came from DeFi protocols. Of the $7.8 billion in scams, $2.8 billion is attributable to rug pulls — a classic DeFi scam in which founders create a token, remove liquidity, and run off with investors’ funds.
The true losses are higher: the $2.8 billion counts the drained liquidity but does not fully capture the subsequent collapse in token value, which often exceeds 90%.
Putting the Numbers in Context
Can we exclude DeFi when comparing to trad-fi, given DeFi’s rapid emergence? Cumulatively, scams and stolen funds increased 129% from $4.8 billion to $11 billion, while DeFi transaction volume jumped 912% in the same period. Overall crypto transaction volume rose 567% from 2020 to 2021. Viewed holistically, the rate of illicit activity relative to the expanding market tells a different story.
How does this compare proportionally to trad-fi? A study by UK Finance shows £1.28 billion ($1.67 billion) stolen from card payment fraud in 2019 alone (credit, debit, charge and ATM). Another dataset reports $160 million in online banking fraud losses in the UK in 2020. These figures are for the UK only and are not directly comparable to global DeFi losses, but they illustrate that fraud is not unique to crypto.
Online banking is established; DeFi is new. Hype around meme coins and rapid trends across Binance Smart Chain and Ethereum attracted retail capital as investors chased quick gains. That environment was fertile for speculative gambling and opportunistic scams, obscuring the genuine utility-building projects in the space. DeFi encompasses projects from serious protocol builders to copycat forks with no real value, and the broader term “cryptocurrency” is even more diverse.
Trad-Fi
We should not paint all of DeFi with the same brush any more than we would condemn the entire trad-fi sector for individual scandals. Wirecard’s decade-long fraud wiped out $2 billion on its balance sheet while auditors continued working. Bernie Madoff’s Ponzi scheme resulted in estimated losses of around $64.8 billion. Jordan Belfort’s fraud caused investor losses in the hundreds of millions and became a Hollywood story.
Trad-fi is massive and complex, making it hard to compare total losses, industry size and crime growth directly. The unfortunate reality is that any rapidly growing sector invites bad actors trying to profit from change, especially when regulatory oversight lags.
Differences
The meaningful difference is the scale and ease of single large thefts in DeFi. Of the $2.8 billion in rug pulls in 2021, 90% came from one exchange fraud — Thodex — whose CEO allegedly shut down withdrawals and fled with customer funds. In other cases, hacks like the $625 million Ronin/Axie Infinity exploit and the $600 million Poly Network breach made headlines. Poly Network’s incident took a strange turn when the attacker returned funds and was later offered a security advisory role.
White-hat hackers also play a role. SushiSwap was warned about a $350 million vulnerability by an ethical hacker, and Polygon paid a $2 million bounty for a bug that could have compromised $850 million in user funds.
Whether malicious or white-hat, the reality is that it’s easier to steal hundreds of millions from a laptop through blockchain vulnerabilities than to pull off equivalent heists in trad-fi. While overall illicit activity may decrease as crypto matures, the anonymity and digital nature of the space make unusually large thefts possible.
Large-scale frauds do occur in trad-fi as well, but the crypto space’s unique characteristics change the attack surface and the scale of single incidents.
Positive Trajectory
The Chainalysis report also documents improved law enforcement capabilities. The CFTC pursued investment fraud charges, the FBI disrupted prolific ransomware groups like REvil, and OFAC sanctioned crypto services linked to money laundering. These enforcement actions are worth noting.
The IRS reported seizing more than $3.5 billion in illicit crypto in 2021, the U.S. Department of Justice seized $56 million in the BitConnect case and $2.3 million tied to the Colonial Pipeline ransomware incident. Law enforcement has increasingly targeted on-ramps and bridges between crypto and fiat to disrupt illicit flows. The blockchain’s transparency can hinder criminals, because large movements are visible and harder to launder at scale without detection.
Looking Ahead
Total crypto transactions rose 567% to $15.8 trillion from 2020 to 2021, while scams and stolen funds rose only 129%, implying a 66% decline in illicit activity as a share of total transactions. That ratio is a clearer metric than absolute dollar figures alone.
If transaction volume remained at $15.8 trillion in 2022 and illicit activity continued to fall proportionally, scams and stolen funds for 2022 would amount to roughly $3.7 billion — a significant drop from $11 billion in 2021.
Without the dramatic industry growth seen in 2021, the frequency of large thefts and scams appears to decline substantially. This extrapolation offers a visual sense of how crime metrics might evolve as the market matures.
Conclusion
Authorities are increasingly understanding and regulating the once-wild western frontier of crypto. Enforcement actions are accelerating and regulation is catching up. When adjusted for rapid growth, hacks and security breaches in crypto appear to be falling proportionally. Fraud exists in trad-fi as well, and comparisons must account for industry size and maturity.
Nonetheless, the sheer size of some crypto hacks is concerning. Users should exercise caution and adopt prudent custody practices. While the industry may be growing at a disruptive pace and some problems may be overstated versus similar trad-fi incidents, risks remain real.
If current trends continue, the sector is moving in the right direction.