top of page
  • Writer's pictureS Pettigrove and M Bacina

Money laundering in the metaverse

Financial crime compliance company Elliptic has released the 2024 instalment of its annual report on ‘Preventing Financial Crime in Cryptoassets’, which sheds light on emerging trends in the use of cryptocurrencies to perpetuate financial crimes, including money laundering, fraud and scams.

Elliptic’s report provides a comprehensive overview of a variety of financial crime typologies and potential red flag indicators that can help registered digital currency exchanges and other intermediaries mitigate the use of cryptoassets to perpetuate financial crimes. The report also identifies a number of emerging trends in relation to financial crime involving the use of cryptocurrencies.

  • Criminals are exploiting artificial intelligence (AI) techniques when perpetrating crimes involving cryptoassets, enabling them to scale their illicit activity.

While cryptocurrencies and AI have generally been viewed as distinct technologies, it appears that both developers and criminals are increasingly exploring the innovative potential of combining these technologies to very different ends. Elliptic’s report identifies a marked rise in the use of artificial intelligence techniques in cyber crime. Criminals are using AI tools to make their illicit activity more immune to detection. For instance, some have generated deepfake images to lend authenticity to their scam messages and fabricate identification documents. Large Language Models (LLMs) have also been used to identify exploits in software code, and send scam messages to a greater number of victims.

  • Stablecoins have featured increasingly in crypto financial crime typologies.

Stablecoins enjoy greater price stability compared to other cryptoassets due to being pegged to traditional assets. This makes them an effective on-and-off ramp for threat actors to convert illicit fiat currencies into volatile cryptoassets like Bitcoin, often on non-compliant exchanges. From this point, they can sell those crypto assets and get ‘clean’ fiat currency back, concealing its illicit origin.

The red flag indicators associated with stablecoin-enabled laundering include: customers suddenly exchanging large volumes of funds for stablecoins with no clear explanation, and the use of exchanges or brokers that do not observe anti-money laundering and counter-terrorism financing (AML/CTF) requirements.

As an example, the US Department of Justice seized $9 million worth of Tether/USDT in November 2023. This crypto had been bought using money stolen from victims of romance scams, using the ‘chain-hopping’ technique of swapping the fiat currency for a variety of cryptoassets. Later, a further $225 million worth of USDT was seized, with Tether cooperating with US law enforcement.

In January 2024, the United Nations Office on Drugs and Crime reported that organised criminal groups in Asia have been making increased use of the stablecoin USDT on the TRON blockchain to launder funds. Law enforcement reports from China and the US have also highlighted the prominence of stablecoins like Tether in the world of illegal online gambling and narcotics trafficking.

  • Cryptoasset exchanges located in high risk jurisdictions continue to offer an important lifeline to criminal actors seeking to convert funds from crypto into fiat currencies.

High-risk jurisdictions refer to those which are subject to sanctions and embargoes, on FATF’s list of High Risk and Non-Cooperative Jurisdictions, and/or poor AML/CTF regulations. Exchanges located in these jurisdictions frequently have opaque ownership structures and no real KYC (know your customer) procedures in place, facilitating broader illicit activity involving cryptoassets.

  • Ransomware attackers and other cybercriminals continue to leverage elaborate money laundering schemes, involving privacy coins, cryptocurrency mixers, cross-chain services, and “peeling-chain” techniques

Cryptocurrency mixing services pool illicit-origin cryptocurrencies together with others to obfuscate the trail back to the original source. “Peeling-chain” refers to the sending of funds through multiple intermediary wallets before reaching their final destination, which can serve to obfuscate their (illicit) source and destination. Cross-chain services allow movement between one blockchain and another.

Each of these methods shares the same objective of increasing the complexity of the chain of transactions from illicit funds to clean funds, to enhance the anonymity with which cryptoassets are already associated.

  • Money laundering in the metaverse

Metaverse platforms like the Sandbox and Decentraland offer users the ability to enter an immersive world and engage in an increasingly rich variety of experiences using avatars. Users can buy land, wearables, and other digital goods using ERC-20 and non-fungible tokens or even access DeFi protocols like lending platforms.

Unfortunately, according to Elliptic, enterprising criminals are also setting up shop in the metaverse. While instances of metaverse-related crime remain “relatively small”, Elliptic identifies the metaverse as an emerging area for money laundering. Potential techniques including use of phony NFTs, theft of or ransomware attacks on virtual goods, drug dealing through illegal storefronts and terrorism financing.

The Elliptic report highlights the ever evolving threat of financial crime with new developments in technology. Ironically, the nature of this threat is revealed by the very transparency of the blockchain which criminals seek to exploit. Digital currency exchanges should continue to keep these typologies under review, consider them as part of their ongoing AML/CTF risk assessment and ensure that their AML/CTF program has systems and process in place to address these emerging threats.

By Michael Bacina, Steven Pettigrove and Anson Lee


bottom of page