DHS Public-Private Analytic Exchange Program Report: Combatting Illicit Activity Utilizing Financial Technologies and Cryptocurrencies Phase I

The following is the first in a series of reports on illicit uses of cryptocurrency published by the Department of Homeland Security's Public-Private Analytic Exchange Program. The second report in the series is also available:


DHS Public-Private Analytic Exchange Program Report: Combatting Illicit Activity Utilizing Financial Technologies and Cryptocurrencies Phase II

Combatting Illicit Activity Utilizing Financial Technologies and Cryptocurrencies Phase I

Page Count: 48 pages
Date: September 2022
Restriction: None
Originating Organization: Department of Homeland Security Public-Private Analytic Exchange Program
File Type: pdf
File Size: 3,984,543 bytes
File Hash (SHA-256): 0464E17C6039E259E10A3C5540E940599AB112A70251D3F4E6145ACD6A3E7F2E

Download File

Private and public sector analysts and subject matter experts working in the cyber financial landscape gathered through a series of meetings to examine the use of financial technologies and cryptocurrencies by illicit actors. The key research points investigated include discovering the most common illicit finance activities, the most exploited elements of financial technologies, the legal vulnerabilities that allow exploitation, pseudo-anonymity in online transactions, weaknesses in Know-Your-Customer laws, and the risks of use associated with other emerging blockchain applications (i.e. NFTs). The research gathered from investigating these areas led to the development of suggested, effective changes to reduce illicit activity in this space and identifying the key stakeholders to implement these changes. This paper seeks to provide guidance in navigating cryptocurrencies, emerging digital payment solutions, and other blockchain applications to both consumers and stakeholders to minimize the illicit use of these platforms. While illicit use cannot be eliminated altogether, it can certainly be reduced with better consumer knowledge and better practices/regulations issued by key stakeholders.

Money Laundering

Money laundering traditionally begins with ill-gained fiat currency that criminals wish to make usable. One strategy is to have money mules transfer these funds into bank accounts for later transfer/withdrawal. Cryptocurrency has opened new avenues for money launderers utilizing bank deposits by mules who then purchase cryptocurrency. Bitcoin ATMs are another popular method for money mules to convert fiat currency into cryptocurrency. Bitcoin ATMs are physical machines where people can buy cryptocurrency with cash, requiring varying amounts of personal information to use. Once the fiat currency is converted into cryptocurrency, there are multiple ways it can be laundered, making it difficult for law enforcement to track.

Cryptocurrency mixers, for example, aid in obfuscating the origins of the processed cryptocurrency. This happens by rapidly pooling currency streams into many small transactions across many wallets. Mixers allow illicit actors to launder high amounts very conveniently and are not inherently illegal. The co-founder of Tornado Cash, a popular cryptocurrency mixer, told Bloomberg in March 2022 that their service can be defined as an “anonymizing software provider” which does not subject them to money transmitter regulations in the U.S. Our group examined some of the most popular and common mixers/tumblers used today and our findings are reviewed in the chart below.

Pseudo-Anonymity and Weaknesses in KYC

Pseudo-anonymity is a key factor in propelling the use of cryptocurrencies and other emerging digital assets for illicit purposes. Bitcoin is the original catalyst for this element due to its pseudo-anonymous nature. A person’s identity is tied to a fake name or pseudonym in using bitcoin which serves as their public key and bitcoin address. Bitcoin has never been truly anonymous because all transactions are available on the public network leaving anyone easily being able to see records of all transactions a bitcoin address has conducted. It is up to the bitcoin address holder to prevent their actual identity from being linked to their pseudonym in bitcoin. As other cryptocurrencies have emerged the same principles have applied in that they provide pseudo-anonymity and a means for people to make transactions that aren’t under their true identity. As we’re entering a new phase of digital assets, they are taking it a step further by providing complete anonymity or near complete anonymity which is discussed with Monero and NFTs in a later section. However it has largely been a misconception that cryptocurrencies are completely anonymous and even with their pseudo-anonymous nature, illicit actors have not been able to hide from authorities.

NFTs and Other Blockchain Applications Risk of Illicit Use

Other, emerging blockchain applications such as NFTs and digital payment services such as gaming currency and P2P services present a great risk of illicit use. While these forms are just starting to emerge in criminal cases, they have the potential for large-scale mis-use by illicit actors. The first U.S. federal criminal case involving NFTs occurred in March 2022 and provides a great case study into how this class of digital assets can be misused.

Case Study – NFT “Rug Pull Scheme”

Ethan Vinh Nguyen and Andre Marcus Quiddaeon were both arrested in Los Angeles in March 2022 after they were charged with conning buyers of NFTs worth 1.1 million. They were charged with both wire fraud and conspiracy to commit money laundering after issuing a set of NFTs known as “Frosties”. The purchasers of “Frosties” were supposed to be eligible for exclusive hodler rewards including early access to a meta verse game and giveaways. These types of NFTs which offer special bonuses are specifically known as utility NFTs. Nguyen and Quiddaeon subsequently ditched the project after selling out just hours after launching and transferred the money earned from the sales of the NFTs to multiple cryptocurrency wallets under their control. They started their project under pseudonyms which further demonstrates the pseudo-anonymity involved in online blockchain applications. Criminals can hide behind online identities while promoting their NFTs and ultimately perform a “rug pull” leaving any investors defrauded.

Share this: