Chainalysis Inc. Director of Research Kim Grauer joins Yahoo Finance Live to discuss the prevalence of crypto scams and what to expect in the NFT market
JULIE HYMAN: $14 billion in pilfered cryptocurrency last year. That's according to research firm Chainalysis. But if you put that number of perspective, it accounts for a very small percentage of overall crypto trading. Let's get some more perspective now from Chainalysis Director of Research Kim Grauer. Our David Hollerith who covers crypto is with us as well.
So, Kim, first of all, how do you figure this out? I'm curious. And how do you put that number in perspective for us?
KIM GRAUER: It's really just the core business model of the company that I work for, Chainalysis, where we identify services. And many services operating and the crypto space are illegal wallets, ransomware addresses, sanctioned entities, scam accounts, stolen funds, terrorist financing wallets. And so since that is the business of what we do, we identify those illicit wallets in the criminals that control them, we just have to look at the total value flowing in and out of those wallets.
And then each year, we take a moment and we say what happened this year. Let's look at what changed throughout the year, and then we're able to actually identify how criminals adapted, which crime types grew, which ones fell, and then figure out why that is.
DAVID HOLLERITH: Yeah, and, Kim, you know, I think one area that I was sort of surprised about when I saw the report was just how low ransomware was compared to other types of crime like scams, or theft, or something like that. And could you sort of put ransomware in proportion to us? Because, obviously, it's a more threatening crime to most of the world, I would think.
KIM GRAUER: Yeah. I think it's hard to directly compare the absolute values received by different crime types to each other and then draw meaningful comparisons. So scamming is in the billions and billions of dollars every single year. And that's because a few scams can grow to be huge. We saw Plus Token a few years back was scammed multiple billions of dollars from millions of different people.
And then ransomware-- hundreds of millions of dollars received by ransomware funds. But the rate at which that's growing is what is really concerning. And on top of that, we know that there's a ransomware underreporting problem. So we know that we're just kind of scratching the surface of how much ransomware activity is actually happening.
So there's other things to consider besides just the absolute value. You want to look at the number of criminals, the rate at which it's growing, the impact. So a lot of these scams are financial scams of people hoping to get 50% returns for life, whereas ransomware sometimes what we saw last year was the attacking of critical infrastructure and hospitals.
JULIE HYMAN: I also want to ask about who is perpetrating these scams. Because you guys were also out with some data that North Korea is responsible for a decent chunk of it-- $400 million worth of digital assets last year. So what does that tell us about who is perpetrating this stuff? And what are the implications of that for users?
KIM GRAUER: Yeah. Again, each crime type has different-- has a different ecosystem that's driving the trends. It has different bad actors. When it comes to hacking, which was one of the biggest-- in terms of growth, the biggest crime type to look out for, we know that there's a history of nation-state activity behind hacking. And we know specifically North Korea, in particular, uses cryptocurrency hacks in order to generate large quantities of revenue for North Korea itself.
But we also have other bad actors. We have organized criminal groups who [AUDIO OUT] professional money laundering. We have other types of nation state actors that are using ransomware. Or we have criminal groups who maybe we don't know exactly who they are, but we might know where they're located and we can figure out some other information about where they are based on kind of their blockchain forensics.
And then on the other side of that, you have scammers who are just your everyday scammer who are creating a website and realizing that, hey, maybe I can scam someone down the street out of some cryptocurrency. So you know, all of these different scamming-- all of these different crime profiles exist and tend to gravitate towards a different crime type.
DAVID HOLLERITH: And, Kim, NFTs are obviously-- they were probably the most booming sector over the last year in terms of cryptocurrencies. And you know, they're also the newest. So there's a lot less understood about how the market works. And there's been plenty of examples of scams and sort of theft in the past. Could you sort of just explain what you expect in terms of trends or sort of issues the NFT marketplace has to sort of address this year?
KIM GRAUER: We're definitely paying attention to NFTs, and specifically what it means for criminal activity. And what we've found has been a few different ways that criminals have leaned into these new technologies for NFTs, but also DeFi more broadly. So with NFTs, we're seeing some wash trading, which you can actually prove with blockchain analytics. You can see these trends of people kind of-- of people carrying this activity out.
We're seeing money laundering and all of this stuff we're going to highlight in the NFT section of the report that's coming out soon. But DeFi more broadly is a great example of how criminals are using the most cutting edge technologies to carry out crime, and really in two ways. One, they're targeting DeFi platforms.
So let's hack these new DeFi protocols where the code is open source, the demand is there, the people are putting money into these DeFi-- let's hack those places. Let's create scams around DeFi. Or, alternatively, criminals might be using DeFi protocols to launder money. Now, again, just to put this into perspective, this always does happen.
Criminals are the most opportunistic out there. They're always using-- when there's an opportunity to be exploited, it will happen. But if you put this into perspective, all criminal activity that we've identified accounts for just 0.15% of all transactions-- of all economic transaction activity in 2021, which is pretty small, I think.
JULIE HYMAN: So, Kim, is this something that people who are investing in this stuff need to worry about actively? And is there anything that they can do defensively? I mean, to your point, it's coming from a lot of different actors and it's coming in a lot of different ways. So is there even a defensive posture that one can take?
KIM GRAUER: There's a lot of things that you can do to protect yourself. And let's take scamming. For example, we've seen real powerful industry solutions to the age-old problem of scamming. For example, we highlight in our report how one exchange is actually implementing a new policy where they are-- or not a new policy, they will alert customers if they're sending to a known scam.
And then the people on the exchange can be informed. And actually, this has proved extremely effective in reducing the amount of scamming. But you can also do your due diligence. All of the same kind of red flags that the SEC has been talking about for years apply here. So is there information on the people who are creating this project? Are they promising unreasonable returns for life?
Many of the scams that we identify when you retroactively look at the website, the things they promised, the way that it worked, there were red flags. And not to say you can-- there's a silver bullet. Definitely anyone can be a victim of a scam, because oftentimes, these services can also appear legitimate, and then there's just what we saw-- a rug pull where suddenly the founder will run away with the funds. And that's much harder to protect against. But there are basic steps you can take just like to protect yourself from scams in kind of, like, the financial world more broadly.