CipherTrace Research Shows $1.7 Billion in Cryptocurrency from 2018 Thefts and Exit Scams Needs Laundering

New Cryptocurrency Anti-Money Laundering Report also outlines the impact of a new wave of regulations and uncovers emerging money laundering schemes

3.6x More Cryptocurrency Stolen in 2018 Versus 2017 According to CipherTrace (Graphic: Business Wire)

MENLO PARK, Calif.--()--New research released today in the CipherTrace 2018 Q4 Cryptocurrency Anti-Money Laundering (AML) Report reveals that $1.7 billion in cryptocurrency was stolen and scammed in 2018 — a dramatic rise in criminal activity despite a slump in the market. Criminals need to launder all these funds in order to cash out before a wave of regulations go into effect in 2019.

Theft from cryptocurrency exchanges accounted for the majority of the criminal activity: more than $950 million was stolen by hackers in 2018, representing 3.6 times more than in 2017.

On top of these thefts, the research found investors and exchange users lost at least $725 million in cryptocurrency in 2018 to exit scams such as fraudulent ICOs, phony exchange hacks, and Ponzi schemes. A cryptocurrency exit scam is a confidence game where the promoters of a cryptocurrency ICO or other venture fails to execute — or executives of exchanges say they cannot return users’ assets — and then abscond with the money. This finding indicates that a new breed of cybercriminals are shifting their techniques from hacking to insider jobs.

Interestingly, even with the downturn in the prices of many cryptocurrencies, the total dollar value of tokens stolen and scammed was much higher in 2018 than 2017, which further points to the increase in security threats against exchanges and sophistication of online criminals.

The report, which provides the industry’s most in-depth state-of-the-market look at cryptocurrency crime and AML regulations by jurisdiction, outlines the impacts of the coming wave of global regulatory enforcement and emerging money laundering schemes. By 2020 most modern economies — including the US, EU and G20 as well as Gibraltar, Bermuda and Malta — will have deployed strict cryptocurrency AML and Know Your Customer (KYC) regulations. Cryptocurrency money laundering services are getting around these regulations by obscuring the original source of funds with new and innovative money mixers, unregulated crypto-to-exchanges, and privacy coins.

“Cryptocurrency criminal activity continues to evolve and accelerate. Fortunately, pending global legislation will hamstring many criminals, global gangs, and terrorist groups by greatly reducing their opportunities to launder,” commented Dave Jevans, CEO of CipherTrace and co-chair of the Cryptocurrency Working Group at the “These tough new laws will drive bad actors to not only innovate but also flock to jurisdictions with weak regulatory oversight, as we have shown in earlier research. CipherTrace’s blockchain intelligence and anti-money laundering technology helps exchanges, financial services firms, regulators, and law enforcement work together to create trust in the crypto ecosystem.”

For the first time, CipherTrace has also identified the Top 10 Trending Crypto Threats, providing actionable threat intelligence for anyone dealing with cryptocurrency:

  1. SIM swapping: An identity theft technique that takes over a victim's mobile device to steal credentials and break into wallets or exchange accounts to steal cryptocurrency.
  2. Crypto dusting: A new form of blockchain spam that erodes the recipient's reputation by sending cryptocurrency from known money mixers.
  3. Sanction evasion: Nation states that use cryptocurrencies to circumvent sanctions and that has been promoted by the Iranian and Venezuelan governments.
  4. Next-generation crypto mixers: Money laundering services that promise to exchange tainted tokens for freshly mined crypto, but, in reality, cleanse cryptocurrency through exchanges.
  5. Shadow money service businesses (MSBs): Unlicensed MSBs that bank cryptocurrency without the knowledge of host financial institutions, thus exposing banks to unknown risk.
  6. Datacenter-scale cryptojacking: Takeover attacks that mine for cryptocurrency at a massive scale and that have been discovered in datacenters, including AWS.
  7. Lightning Network transactions: Enabling anonymous bitcoin transactions by going "off-chain" and now scaling to $2,150,000.
  8. Decentralized stable coins: Stabilized tokens that can be designed for use as hard-to-trace private coins.
  9. Email extortion and bomb threats: Mass-customized phishing email campaigns by cyber-extortionists using old passwords and spouse names and that demand bitcoin. Bomb threat extortion scams spiked in December.
  10. Crypto robbing ransomware: New malware distributed by cyber-extortionists that empties cryptocurrency wallets and steals private keys while holding user data hostage.

To download the report, visit

About CipherTrace

CipherTrace develops cryptocurrency Anti-Money Laundering, cryptocurrency forensics, and blockchain threat intelligence solutions. Leading exchanges, banks, investigators, regulators, and digital asset businesses use CipherTrace to trace transaction flows and comply with regulatory anti-money laundering requirements, fostering trust in the cryptocurrency economy. Its quarterly CipherTrace Cryptocurrency Anti-Money Laundering Report has become an authoritative industry data source. CipherTrace was founded in 2015 by experienced Silicon Valley entrepreneurs with deep expertise in cybersecurity, eCrime, payments, banking, encryption, and virtual currencies. The U.S. Department of Homeland Security Science and Technology (S&T) and DARPA initially funded CipherTrace, and it is backed by leading Silicon Valley venture capital investors. Visit for more information or follow the company on Twitter: @CipherTrace and LinkedIn: /company/CipherTrace


Leslie Kesselring
Kesselring Communications for CipherTrace or

Release Summary

CipherTrace research shows $1.7 Billion in cryptocurrency stolen and scammed in 2018, outlines impact of new anti-money laundering regulations.


Leslie Kesselring
Kesselring Communications for CipherTrace or