DHS Public-Private Analytic Exchange Program Report: Combatting Illicit Activity Utilizing Financial Technologies and Cryptocurrencies Phase II

The following is the second in a series of reports on illicit uses of cryptocurrency published by the Department of Homeland Security's Public-Private Analytic Exchange Program. The first report in the series is also available:


DHS Public-Private Analytic Exchange Program Report: Combatting Illicit Activity Utilizing Financial Technologies and Cryptocurrencies Phase I

Combatting Illicit Activity Utilizing Financial Technologies and Cryptocurrencies Phase II: A Focus on the Evolution of Digital Assets by Threat Actors and Organized Criminal Groups

Page Count: 89 pages
Date: September 2023
Restriction: None
Originating Organization: Department of Homeland Security Public-Private Analytic Exchange Program
File Type: pdf
File Size: 2,818,787 bytes
File Hash (SHA-256): 4479D6160344D4455EDF0F2B8F1C730BB1FFAB989598E6B781CE918322B65C66

Download File

Private and public sector professionals and subject matter experts working in the cyber financial landscape gathered to examine the use of financial technologies and cryptocurrencies by illicit actors. Phase 1 of this research focused on a general overview of the emerging illicit activity pertaining to digital assets and the peer-to-peer payment space. This included discovering the most common illicit finance activities, the most exploited elements of financial technologies, the legal vulnerabilities that allow exploitation, pseudo-anonymity in online transactions, weaknesses in Know-Your-Customer laws, and the risks of other emerging blockchain applications (i.e. NFTs).

Phase 2 of the research serves to build upon the foundation laid in Phase 1. The Phase 2 research further explores: the criminal groups utilizing digital assets in illegal activities; how these criminal groups are conducting illicit activity and recruiting members; cryptocurrency ATMs and Point-of-Sales illicit uses; generative AI applications in cybercrime; darknet market use of digital assets; the evolving use of cryptocurrencies (especially the year to date change); criminal activity’s impact on government and private sector; and additional policy recommendations. Although illicit use can never be completely eliminated, it can be mitigated by increased consumer knowledge, proactive law enforcement investigations, and better practices and regulations issued by key stakeholders.

Russian Intelligence Services Leveraging Cryptocurrency for Operational Purposes

Due to the ability to facilitate clandestine payments through a variety of different tradecraft methods, cryptocurrency has been leveraged by not only Russian-based non-state actors and criminal groups, but also by state-sponsored Russian Government entities and intelligence services. On 9 June 2023, the US Department of Justice (DOJ), released a public statement detailing a variety of unsealed charges related to cryptocurrency exchange hacks, money laundering, and illicit activity conducted by multiple Russian threat actors, with direct ties to Russian intelligence services.

Russian nationals Alexey Bilyuchenko and Aleksandr Verner, were charged with conspiring to launder approximately 647,000 bitcoins over the course of a three-year period, following their hack of major cryptocurrency exchange, Mt. Gox, dating back to 2011. Per the recently unsealed indictment, it was revealed that in 2011, both Bilyuchenko and Verner gained access to Mt. Gox users’ data, transactional database, and the private keys, which were necessary to facilitate all trading movement on the exchange. Between 2011 and 2014, approximately 647,000 bitcoin was moved out of Mt. Gox hosted wallets to other cryptocurrency exchanges, which included BTC-e and TradeHill. Additional assets were also moved to Bilyuchenko’s and Verner’s own Mt. Gox accounts. Notably, the exchange BTC-e was administratively run by Bilyuchenko up until it’s shut down in 2017 by the FBI for illicit activity and money laundering on behalf of Russian-based ransomware gangs. Additional investigative reports unsealed by the Department of Homeland Security (DHS), reveal that Bilyuchenko and Verner moved the bitcoin from Mt. Gox to the exchange BTC-e at the time it was operational, after which it was further transitioned to two now-defunct bitcoin companies, Bitlnstant and Memory Dealers. Bitlnstant was a cryptocurrency exchange that was founded by Charlie Shrem, who in 2014, was sentenced to two years in prison for money laundering.


Cartel Finance

Mexican-based drug cartels have historically generated significant amounts of illicit proceeds through their global presence and narcotics distribution rings. A recently released report from the International Narcotics Control Board estimates that Mexican drug cartels are believed to launder approximately $25 billion per year in Mexico. Subsequently, their need to conceal these proceeds and launder their funds is necessary to maintain the success of their operations. In April 2023, the FBI and DEA indicted twelve people associated with the Sinaloa cartel, a transnational criminal organization that allegedly laundered over $16.5 million, a majority of which was moved via large bulk cash drops in hotel rooms and parking lots of various US cities to include Chicago, Boston, New York City, Baltimore, Philadelphia, among many others. The funds would then be laundered through multiple shell companies, after which they were ultimately transferred to bank accounts in Mexico. In a recent investigation led by the US Drug Enforcement Agency (DEA), it was determined that an illicit drug cartel was moving methamphetamine and cocaine across the US, Mexico, Europe, and Australia by leveraging the world’s largest cryptocurrency exchange, Binance. The group allegedly laundered over $40 million in illicit proceeds via this exchange.

Terrorist Financing

Terrorist organizations rely on a consistent influx of funds in order to carry out and plan their operations. Historically, they have leveraged donations and the religious obligation of tithe in order to raise money. Other forms of revenue generation include illegal drug and arms dealing, with a combined need to finance their own members and associates. In recent years, this tradecraft has shifted to a reliance on cryptocurrency for fundraising, financing attacks, purchasing equipment, supporting fighters and their families, among other purposes. Jihadi blogs alone, have become the source of millions of dollars in bitcoin in the form of donations to ISIS, Al-Qaeda, Hamas, and the Muslim Brotherhood. In conjunction with all the aforementioned threat actors, these groups also significantly leverage social media platforms for the purpose of soliciting donations from their followers. They will utilize communication platforms such as the messaging app Telegram, which allows for encrypted and clandestine messaging. They will utilize Facebook and Twitter for the purposes of posting their wallet addresses to receive donations, as well as provide their supporting base with PDF and video guides for how to obtain, and donate cryptocurrency. Bitcoin is the most frequently used due to liquidity, alongside AEC’s such as Monero, Z-Cash and Dash, among others.

Share this: