Over the last few years we have seen the continued diversification of the cryptocurrency ecosystem from the rise of Ethereum to NFTs on Solana and the maturation of decentralized finance. However, as the cryptoverse has moved from Bitcoin to other blockchains and assets, so have illicit actors who seek to take advantage of the faster, cheaper movement of funds, increased liquidity and seemingly endless opportunity.

A new report by blockchain intelligence firm TRM Labs, where I am Global Head of Policy, details this move by illicit actors from Bitcoin to a diverse ecosystem of chains like Ethereum, TRON, Binance Smart Chain and more. The report shows that bitcoin transactions account for only 19% of illicit crypto volume today, compared to 97% of total illicit crypto volume in 2016, as criminals look to new blockchains and tactics like “chain-hopping” to launder money and evade detection.

ADVERTISEMENT

But, the story is not just about this seismic shift from Bitcoin to other chains. It is also about the new threat landscape in which fraud schemes continue to proliferate. According to the report, approximately $9.04 billion was lost to fraud in 2022. In addition to these activities that pose risks to retail investors, new national security threats are emerging – from terrorist financing to North Korean cyberattacks – as we quickly move toward a widening digital battlefield.

North Korea Attacks DeFi

Last year was a record setter for hacks with $3.7 billion stolen across over 175 incidents. Attacks against DeFi projects were particularly common, with approximately 80% of all stolen funds, or $3 billion, involving DeFi victims. Over a billion of that number can be attributed to North Korea.

Over the last few years, North Korea’s state sponsored Lazarus Group has attacked the DeFi ecosystem at an alarming speed and adeptly moved from laundering funds on Bitcoin to carrying out attacks on infrastructure bridges such as the $600 million Ronin Bridge hack and the $100 million Harmony Bridge exploit. In both attacks highly trained North Korean cybercriminals exploited security gaps. North Korea has shifted from Bitcoin to other chains because of simple opportunity. Weak cyber controls and massive liquidity make for attractive and relatively easy targets.

ADVERTISEMENT

Experts assert that these attacks are tied to North Korea’s weapons programs. In a recent interview with me, North Korea expert Dr. Jung H. Pak, a Deputy Assistant Secretary at the U.S. Department of State explained: “During the pandemic, the attack surface increased exponentially and the DPRK adapted and grew more sophisticated in ways to generate revenue for their regime. They have funded ballistic missile tests and are threatening the use of tactical nuclear weapons. We see cyber and crypto heists as a way that reinforces these unlawful WMD programs.”

North Korea shifted from its reliance on mining and coal trade with China, explained Dr. John Park of Harvard’s Kennedy School in that same interview, to laundering funds in Bitcoin amidst tougher economic sanctions. North Korea has shifted again from Bitcoin to Ethereum and other blockchains as cyber actors move funds between chains to obfuscate transactions and exploit coding mistakes and protocol weaknesses.

Terrorist Financiers Look To TRON

It is not just Lazarus Group that has seen opportunity beyond bitcoin. While Bitcoin was the exclusive currency for terrorist financing in 2016, it has been essentially replaced by assets on the TRON blockchain, which the report says accounted for 92% of terrorist financing in 2022.

ADVERTISEMENT

TRM identified multiple pro-ISIS groups raising tens of thousands of dollars in cryptocurrency to spread propaganda and recruit fighters. Over the course of 2022, there was a significant increase in the use of TRON among terrorist groups and associated fundraising campaigns, with some using it exclusively. The overwhelming majority of those actors collected donations in the stablecoin Tether (USDT). Among the terror financing entities tracked by TRM Labs in 2022, there was a 240% year-on-year increase in the use of Tether – against a mere 78% rise in bitcoin use.

Just last month, Israeli authorities seized millions of dollars worth of cryptocurrency belonging to the Lebanese terrorist group Hezbollah and Iran’s Islamic Revolutionary Guard Corps’ Quds Force. A total of 40 addresses were on the seizure list, all of which were Tether on the TRON blockchain. This represents Israel’s largest terrorism related cryptocurrency seizure and the first that targets Hezbollah and its primary backer, the IRGC.

In other words, by 2022, bitcoin barely figured into terror financing or hacks, with TRON dominating the former and Ethereum and Binance Smart Chain the latter. The new multi-chain reality has dramatically altered the risk calculus around cryptocurrency use and compliance.

ADVERTISEMENT

The Evolving Crypto Landscape

Why this move from Bitcoin to TRON and other blockchains by terrorist financiers? Over the last few years we have seen steady growth of Tether on TRON, in part because of TRON’s relatively low transaction fees. So if you want to move Tether from one exchange to another, it is likely much less expensive to do so on TRON than on Ethereum. This is true if you are a lawful user, but also if you are a cybercriminal looking to convert stolen bitcoin to a more stable asset and move those funds across blockchains. An ecosystem of non-compliant exchanges and a perception of anonymity also have made TRON attractive to terrorist financiers and others seeking to evade detection.

Remember, terrorist financiers, unlike Lazarus Group, are not looking for massive liquidity. As I learned in many years as a national security prosecutor, acts of terrorism are relatively inexpensive to carry out. Terrorist financiers are looking to move smaller amounts of funds more quickly and under the radar of global law enforcement looking to seize funds and disrupt terror networks.

We now see an evolving crypto ecosystem. We have moved from a world in which bitcoin was synonymous with cryptocurrency to one in which bitcoin is part – albeit a big part at about 50% of the market – of a diverse and growing decentralized financial system of myriad chains, bridges, protocols, exchanges, mixers, and assets. This new ecosystem comes with new and emerging opportunities, but also comes with novel threats.

ADVERTISEMENT

source