According to oneblockchain firm’s own ecosystem data, this was one of four notable trends for the first half of 2024

Based on its own data collection ecosystem, a blockchain analysis firm has released some of its findings on crypto-crime trends for the first half (H1) of 2024.

First, its H1 data has shown that flows of stolen funds nearly doubled, and those from ransomware payments had risen by 2%. Aggregate illicit activity on-chain dropped by almost 20% year-to-date.

Second, in spite of increased flows of illicit funds in its data, the conclusion is that the rate of legitimate crypto-linked activity has been growing faster than those linked to cybercrime. However, the average amount of cryptocurrency stolen per heist in H1 had increased by almost 80%. The rise of Bitcoin value is deemed to account for 40% of the total transaction volume associated with crypto heists.

Third, crypto-criminal activity in the H1 data have been noted to pivot around and target centralized exchanges, as compared to decentralized finance counterparts. State-sponsored threat actors, including IT workers linked to North Korea, are deemed to have been increasingly leveraging off-chain methods such as social engineering to steal funds by infiltrating crypto-related services.

Fourth, the median ransom payment to the most severe ransomware strains had spiked from just under US$200,000 in early 2023 to US$1.5m by mid-June 2024, possibly because attackers have been targeting larger businesses and critical infrastructure providers that may be more likely to pay high ransoms.

According to Chainalysis, the firm that reported its data trends, the key to disrupting blockchain and crypto cybercrime is disrupting threat actors’ supply chains, including accomplices, affiliates, partners, infrastructure services providers, launderers, and cash-out points: “Because the operations for crypto heists and ransomware operate almost entirely on the blockchain, law enforcement armed with the right solutions can follow the money to better understand and disrupt these actors’ operations.”