Data: Crypto scams, hacks cost investors $14 billion in 2021

·4 min read

Soaring retail and institutional interest in cryptocurrency last year also led to a boom in criminal activity that cost investors billions, underscoring the urgency of efforts to regulate the digital coin movement.

According to research firm Chainalysis, cryptocurrency addresses associated with illegal activity accumulated $14 billion. But when weighted against all cryptocurrency activity, the figure accounted for a relatively paltry 0.15% of total funds changing hands on any blockchain — the lowest on record, according to the firm.

The data comes amid a broad debate about how to regulate crypto, with officials determined to protect the rising class of small buyers flocking to digital currencies.

“By absolute numbers, crime is still growing but the ecosystem is becoming safer. Of course, there [are] a lot of caveats to that,” said Kim Grauer, Chainalysis' director of research.

In the last five years, the firm found that the majority of criminal revenue always came from financial scams. However, amid explosive growth in cryptocurrency, total economic activity across all blockchains jumped from $2.3 trillion to $15.8 trillion, shrinking the significance of activity associated with crime.

Economic activity has boomed on-chain, but Chainalysis attributes much of the volume to decentralized finance (DeFi), which has also opened a window for criminal activity in a segment of the market where scams brought in $7.7 billion.

While criminals made off with about $200 million in DeFi related scams, a single “rug pull” scam by Turkish cryptocurrency exchange Thodex made up the vast majority of funds lost.

Theft proved the second highest type of crime, with DeFi protocols proving to be a hot target. Criminals stole $3.2 billion worth of cryptocurrency in 2021, with 72% of that total coming from DeFi protocol attacks or exploits.

A key obstacle for breaking down cryptocurrency crimes comes with overestimating how much on-chain data can track all crime. In most cases, Chainalysis can only attribute illicit transactions to crime that originates on-chain — as opposed to someone who steals, then converts those funds into cryptocurrency.

The ransomware threat

The website,, tracks a timeline of DeFi exploits over the past two years. By that documentation, DeFi protocols suffered close to 60 exploits in 2021, an average of about one attack per week.

The largest protocols targeted include Cream Finance, which suffered 3 different attacks totaling $186 million, and the Poly Network — which originally lost $600 million in August before the hacker returned $342 million days later.

On the other hand, funds stolen in ransomware attacks like the Colonial Pipeline incident in June 2021, where victims were forced to pay out $5 million, are minor by comparison.

“Ransomware attacks against critical infrastructure can be, arguably, far more threatening than a financial scam that promises 50% returns on DOGE for life,” Chainalysis’ Grauer told Yahoo Finance.

“But because scams can disguise themselves as legitimate services, they potentially have more time to increase the revenue they take from victims before getting caught,” Grauer added.

DeFi growth and crime

According to DeFi Pulse, the total value locked (TVL) in DeFi protocols sits at $100 billion, up by $12 billion over the past week.

Victor Fang, the founder and CEO of blockchain forensics startup Anchain, told Yahoo Finance over the last year his company has seen a massive influx of customers seeking help retrieving lost or stolen smart contract-based digital assets, among other things.

One high-profile customer is the Securities and Exchange Commission (SEC). The agency signed a contract deal with Anchain back in August to assist the regulator in monitoring illicit wallet addresses, and suspicious transactions with in the space.

In October, SEC Chair Gary Gensler told Yahoo Finance that DeFi “is going to end poorly” unless investor protections are bolstered.

The latest regulatory action happened earlier this week, after the Commodities and Futures Trading Commission fined DeFi protocol, Poly Market, $1.4 million for operating an “unregistered binary options market,” and ordering the protocol to “wind down” its operation.

Fang forecasts "10x growth over the next 3 years" in DeFi related assets, but agreed that crime will undoubtedly follow the money.

"Such rapid growth will continue to encourage attack vectors of increasing complexity, requiring both the public and private sectors to place more focus on the types of tools they keep in their crypto compliance technology arsenal," Fang added.

The majority of DeFi activity and related crime occur on the Ethereum blockchain, where high transaction costs create an additional barrier for entry for smaller retail investors.

David Hollerith covers cryptocurrency for Yahoo Finance. Follow him @dshollers.

Read the latest financial and business news from Yahoo Finance

Read the latest cryptocurrency and bitcoin news from Yahoo Finance

Follow Yahoo Finance on Twitter, Instagram, YouTube, Facebook, Flipboard, and LinkedIn