In 2024, the cryptocurrency sphere witnessed tremendous growth, exceeding $10.6 trillion in transaction volume. However, the level of illicit cryptocurrency activity experienced a significant drop, with estimated illegal transactions totaling $45 billion— a decline of 24% year-over-year. This figure now represents a mere 0.4% of overall cryptocurrency flows.
A recent report by TRM Labs highlighted notable trends regarding crypto crime. While there was a decline in illicit transactions overall, ransomware incidents reached alarming heights. Cybercriminals from North Korea were particularly active, reportedly stealing nearly $800 million. Additionally, scams focused on financial grooming were found to have generated substantial sums.
Tracking illicit crypto activity proves to be challenging, as demonstrated by the revisions in previous years’ estimates. For instance, in 2023, estimated illicit activity was originally reported at $34.8 billion but was later adjusted upward to $58.7 billion. If 2024 follows this trend, final estimates for that year could exceed $75 billion, illustrating the complexities involved in accurately assessing crypto crime in real-time.
TRON emerged as a leading blockchain platform frequently utilized by illicit actors, facilitating 58% of all criminal crypto flows. However, this network also witnessed a notable decrease in its illegal transactions, with a drop of $6 billion attributed to targeted enforcement measures. Law enforcement actions, including the freezing of illicit assets totaling over $130 million, contributed significantly to this decline. Additionally, TRON had been linked to sanctioned entities, with almost half of its illicit transactions related to blacklisted funds.
Entities that have faced sanctions were still the primary source of illicit flows, although their share decreased by 33% to $14.8 billion. Major crypto exchanges like Garantex from Russia and Nobitex from Iran accounted for more than 85% of transactions connected to sanctioned entities. The U.S. and allied nations have intensified enforcement efforts, leading to the blacklisting of 86 cryptocurrency addresses associated with cybercriminal activities, ransomware groups, and illicit exchanges.
While there has been considerable interest in privacy-oriented cryptocurrencies such as Monero, terrorist organizations largely continued to favor stablecoins in 2024. Such groups reportedly utilized USDT and other stablecoins for fundraising efforts, benefiting from their liquidity and seamless transfer capabilities.
The surge in ransomware attacks remains a crucial concern. In 2024, there were 5,635 publicly documented ransomware incidents, surpassing the previous year’s record of 5,223 attacks. Approximately $2.2 billion in cryptocurrency was stolen through hacks and exploits, marking a 17% increase from 2023. Decentralized finance (DeFi) platforms were particularly targeted, with hacks averaging around $14 million each. Notably, North Korean hackers played a substantial role in overall crypto theft, accounting for 35% of the stolen funds.
Fraud-related losses, although reduced by 40% year-on-year to $10.7 billion, still remained a significant part of the illicit crypto landscape. Scams such as “pig butchering,” which involve deceiving victims into fake investments, accounted for at least $2.5 billion— a 58% decline compared to the prior year.
The combination of targeted enforcement actions, changes in criminal behaviors, and market dynamics illustrates the evolving landscape of cryptocurrency-related crime. Despite the apparent decline in overall illicit activity, specific threats like ransomware and high-profile hacks continue to pose significant risks, underscoring the need for ongoing vigilance and adaptive approaches in combating cryptocurrency crime.