Key Takeaways from the 2024 Crypto Crime Mid-Year Update

We’re over halfway through the year, and ChainAnalysis has released parts one and two of their 2024 Crypto Crime Mid-Year Update. The update provides valuable insight into the cryptocurrency and cybersecurity landscape, so let’s look at the key takeaways and what they mean.

There’s Been an Overall Decline in Illicit Activity

Contrary to what one might expect, aggregate illicit activity on the blockchain decreased 19.6% from H1 2023 to H1 2024, falling from $20.9B to $16.7B. Although ChainAnalysis notes that illicit activity totals will likely rise over time, these statistics demonstrate that the legitimate use of blockchain technology is growing faster than illicit activities.

This is an encouraging trend. Cryptocurrency has had a tumultuous few years, marred by scandals such as the FTX collapse, price fluctuations, and associations with cybercrime or other illicit activities. These statistics suggest that, perhaps, the tide is beginning to turn.

But It’s Not All Good News: Stolen Funds Are on the Rise

Unfortunately, despite a general decline in on-chain illicit activity, stolen funds rose significantly in H1 2024. Stolen funds inflows nearly doubled from $857 million to $1.58 billion, while ransomware inflows rose by approximately 2%, from $449.1 million to $459.8 million.

According to ChainAnalysis, we can attribute this rise to a resurgence of attacks on centralized changes. Despite spending the past few years targeting decentralized finance (DeFi) protocols, cybercriminals in H1 2024 have returned their attention to centralized exchanges, likely because they are more lucrative targets.

This trend suggests that centralized exchanges are still vulnerable to attack despite countless awareness campaigns and significant efforts to improve cybersecurity. If they weren’t, attackers wouldn’t bother targeting them. Similarly, these stats indicate that DeFi protocols have grown more resilient in the past year.

Ransomware is on Course for Another Record-Breaking Year

Total ransomware inflows rose slightly from $449.1 million in H1 2023 to $459.8 million in H1 2024. This increase puts 2024 on course for being the highest-grossing year in ransomware’s history.

What’s more, the year has already seen the most significant ransomware payment ever recorded at roughly $75 million to the Dark Angels ransomware group, and the median ransom payment to the most severe ransomware strains has spiked from just under $200,000 in early 2023 to $1.5 million in mid-June 2024.

In slightly more happy news, the number of actual ransom payment events decreased by 27.3% year-over-year. This suggests that, while attacks have increased by 10%, fewer victims are opting to pay, likely due to better preparation and more robust defenses​.

The Rise of China-Based CSAM Networks

Perhaps the most disturbing revelation in the ChainAnalysis report is that cryptocurrency remains a means to purchase child sexual abuse material (CSAM), particularly that which originates from China-based networks.

Reporting of China-based CSAM sites has grown since late 2023, capturing a larger share of global CSAM inflows, which peaked at 38.8% of total inflows in Q1 2024​. An analysis of on-chain activity reveals that many of these sites allow users to purchase access to illicit materials for as long as 20,000 days (54 years) for just $41.

Scammers Adapt with More Targeted Campaigns

H1 2024 also saw scammers change tactics, shifting from long-duration campaigns to shorter, more targeted efforts. The average lifespan of scams has decreased from 271 days in 2020 to just 42 days in 2024​.

Pig-butchering scams, an especially dark scam technique that involves building trust and relationships with victims before exploiting them financially, generated the most revenue in H1 2024, with one Myanmar-based compound netting at least $101.22 million YTD.

Huione Guarantee: A Hub for Cybercrime Activities

According to ChainAnalysis, in H1 2024, Huinone Guarantee, an online marketplace associated with the Cambodian conglomerate Huione Group, emerged as a marketplace for cybercrime. The marketplace connects buyers and sellers – many of whom are involved in pig-butchering and other scams – and has processed more than $49 billion in cryptocurrency transactions since 2021. On-chain analysis reveals that Huione Pay has seen more than $1.9 billion in total inflows on Ethereum and $47 billion on TRON.

The rise of Huinone Guarantee as a cybercrime marketplace reflects a concerning uptick in the use of Chinese-language marketplaces and laundering networks. Unfortunately, it’s extremely difficult to track and regulate illicit transactions, especially across multiple platforms and jurisdictions. One would hope to see greater international cooperation to combat these marketplaces.

Looking Ahead

The Chain Analysis 2024 mid-year update reveals a rapidly changing crypto crime landscape characterized by increasingly sophisticated and adaptable cybercriminals. It’s clear that increased cooperation, improved detection, and bolstered regulation are necessary to combat them. Here’s hoping we see more of that in the years to come. 

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.