New challenges arise as actors defy U.S. cryptocurrency sanctions.
In part I of our crypto crime breakdown, we explored the surge in DeFi hacks last year. In part II, we examine the impact of cryptocurrency sanctions on crime rates.
Chainalysis’ yearly report shows an increase in crime by $2.5 billion USD from 2021 to 2022. With U.S. cryptocurrency sanctions on the rise, there is relative growth in crime as individuals and entities skirt regulations and continue to use sanctioned technology. As 2022 saw a surge in Office of Foreign Assets Control (OFAC) sanctions, 44% of 2022’s illicit transaction volume came from sanctioned entities.
What is OFAC?
The Office of Foreign Assets Control (OFAC) is an agency of the U.S. Treasury Department. OFAC is a key regulator who administers and enforces economic and trade sanctions. OFAC first stepped into the cryptocurrency sphere in 2018 when it began sanctioning individual addresses associated with Specially Designated Nationals and Blocked Persons. These addresses typically act on behalf of targeted countries or are associated with drug trafficking or terrorist groups. Beginning in 2021, OFAC began sanctioning entire cryptocurrency services associated with cybercrimes such as hacking, ransomware attacks, drug trafficking, money laundering and more recently, a Russian paramilitary group in Ukraine.
In August 2022, OFAC sanctioned Tornado Cash, a non-custodial smart contract platform that allows users to send and receive Ethereum anonymously by mixing funds to obfuscate the transaction’s original source. The platform offers users financial privacy, security and requires no special skills or knowledge to operate. However, some users have taken advantage of the anonymity Tornado Cash provides and are using it to conceal illegal transactions.
Tornado Cash has been used to launder $7 billion worth of virtual currency since 2019 and has been linked to sanctioned groups such as North Korea’s infamous hacking group, Lazarus. As a result of OFAC’s sanctions, many users could no longer access their funds. OFAC’s decision called into question whether the technologies used to facilitate illicit transactions should be sanctioned if innocent users are impacted by this sweeping strategy. Furthermore, technology sanctions do not necessarily stop entities from using the tool for illicit activities.
For instance, in our last N+1 Insight we examined the March 13th Euler Finance hack, which cost the company $196 million. The hacker used Tornado Cash to anonymize 1000 ETH ($1.6 million), but in a surprising turn of events, returned all recoverable assets from the exploit. According to Chainalysis reports and the Euler Finance hack, Tornado Cash is still used for illicit activity despite sanctions. While sanctioning entities generally facilitates a decrease in criminal revenue, there are still many cases of defiance. Tether, a Hong Kong based stablecoin, reportedly will not comply with the sanctions set out by OFAC as they continue to work with Tornado Cash wallets. Tether stated that there have been no direct requests for them to stop.
OFAC fines Bittrex
The first enforcement was levied against Bittrex last year after the company failed to comply with sanctions. The cryptocurrency exchange Bittrex settled with OFAC, paying $29 million in fines. Bittrex was unsuccessful in blocking individuals from sanctioned countries, like the Ukraine, Cuba, Iran, Sudan, and Syria, from using its service. As of March 2023, Bittrex has pulled out of the U.S. due to these regulatory challenges.
More to come
Cryptocurrency is clearly on OFAC’s radar and, as a result, there is potential for more sanctions and fines in 2023 alongside broader regulation within the space. OFAC has indicated that those in cryptocurrency will be held to similar standards as those in the traditional finance industry.