Back to the list

Sanctions caused cybercriminals to lose $15M in potential revenue in 2 months

source-logo  cryptoslate.com 11 January 2023 07:39, UTC

The biggest crypto-related sanctions by the U.S. Office of Foreign Assets Control (OFAC) in 2022 caused a significant dip in the potential revenue of illicit actors, Chainalysis found.

The U.S. sanctioned a number of crypto-related individuals and entities last year for drug trafficking, money laundering, and ransomware activities. Chainalysis studied the impact of the sanctions on criminals that used three major entities — Russian crypto exchange Garantex, darknet marketplace Hydra, and crypto mixer Tornado cash.

Chainalysis found that in the 60 days following the sanctions designation, 20 cybercriminal administrators that used the above services, lost $14.99 million in potential revenue. Cybercriminal administrators refer to addresses attached to individuals with links to cybercrime organizations.

Additionally, 42 entities dealing with stolen crypto potentially lost $1.8 million in the 2 months after the studied services were sanctioned, Chainalysis estimated.

Furthermore, 23 entities related to scams and 11 entities with darknet links potentially lost over $306,000 and around $271,000, respectively. Another $52,227 and $57,727 was lost by 10 fraud shops and 6 ransomware-linked entities, respectively, as per Chainalysis estimates.

However, the average estimated loss of potential revenue after two months of sanctions levy across each category of crypto crime was significantly lower. On average, cybercriminal administrators lost the most, with the estimated loss of revenue pegged at around $750,000.

Darknet markets, entities dealing with stolen funds, and scammers lost $25,000, $43,000, and $13,300, respectively, in potential revenue on average. Contrastingly, Chainalysis estimated that the potential revenue of fraud shops increased by $5,000 on average in the 2 months following sanctions.

Sanctions impact on Hydra, Garantex, and Tornado Cash

Hydra and Garantex were both sanctioned on April 5, 2022. Earlier the same day, German police seized the servers of Hydra, which primarily facilitated drug trafficking. This effectively shut down the illegal marketplace.

Russia-based Garantex, however, announced that it was freely operating after the sanction designation. Ethereum-based Tornado Cash was sanctioned in August and again in November. The website was taken down and the decentralized autonomous organization (DAO) behind the decentralized finance (DeFi) protocol was shut down.

About 68.2% of all funds that flowed into Hydra in the 2 months before sanctions, originated from illicit addresses. Another 12.6% of funds flowed from risky addresses into Hydra. Risky addresses are those that have links to risky entities, such as a high-risk exchange.

But since Hydra was shut down the same day as the sanctions were levied, its inflows dropped to zero in the following 2 months.

On the other hand, inflows to Garantex steadily increased in the two months following the sanction designation. Before the sanction, it received 6.1% and 16.1% of funds from illicit and risky addresses, respectively.

In the 4 months prior to the sanction, Garantex’s monthly inflows stood at $620.8 million on average. But after the sanctions, monthly inflows jumped to around $1.3 billion until October.

Tornado Cash received 34% of its funds from illicit activities before the sanction. Stolen funds made up 99.7% of all illicit funds Tornado Cash received during the 2-month period. Crypto stolen in the Harmony Bridge attack accounted for 65.7% of all stolen funds received by the mixer. In the 30 days following sanction designation, fund inflows to Tornado Cash dropped by 68%, Chainalysis noted.

Crypto sanctions’ effectiveness depends on jurisdiction and technical constraints

In the case of Hydra, German law enforcement coordinated with U.S. authorities and effectively shut down the illegal marketplace. Therefore, Chainalysis noted that sanctions can be “extremely effective against entities with key operations in cooperative jurisdictions.”

But the impact of sanctions against Garantex was virtually non-existent because Russia did not enforce U.S. sanctions. Chainalysis wrote:

“This case [of Garantex] shows that it is difficult to effectively sanction entities whose home jurisdictions have no formal cooperation channels with OFAC.”

Lastly, sanctions against DeFi platforms like Tornado Cash are less effective since the smart contract can keep running indefinitely even if the website does not exist, Chainalysis said. Therefore, sanctions against DeFi services “act more as a tool to disincentivize the service’s use” rather than shutting down the usage completely.