February 17, 2023 By Mike Elgan 4 min read

Some rare good news in the world of cyber crime trends: Certain crimes declined in 2022 after years of constant rises. Should we credit crypto?

Some estimates say that cryptocurrencies have lost $2 trillion in value since November 2021. During that time, the costs associated with cyber crimes, such as ransomware payouts and financial scams, declined.

Pop the champagne! The crypto crash is also crashing cyber crime, right? Well, not so fast.

How cryptocurrencies enable cyber crime

There are four major categories of cyber crime that lean heavily on, or fully require, the use of cryptocurrencies like Bitcoin, Ethereum and Monero: ransomware, DDoS extortion, cryptojacking and crypto theft.

Ransomware is usually facilitated by cryptocurrency, for example. The scam typically involves malware-encrypted files, which perpetrators say they’ll unlock when the victim pays the ransom. Paying in crypto allows criminals to maintain anonymity and non-traceability. (In the increasingly common “double extortion” variant, malicious actors also threaten to expose the files publicly if victims don’t pay.)

DDoS extortion is similar to ransomware. Instead of gaining access to and encrypting files, however, cyber attackers launch a sustained DDoS attack until a ransom in crypto is paid.

Another major crime is illegal cryptocurrency mining, called cryptojacking. Malicious hackers gain access to computing power owned by others, usually via special malware. They then use it to mine crypto illegally.

Unlike most kinds of computer-related crimes, cryptojackers don’t steal money or data directly or demand ransom payments. Instead, they steal computer resources. This translates to higher energy costs, lower performance for users and accelerated declines in battery performance.

Cryptojacking actually rose in 2022. An Atlas VPN analysis found that instances of cryptojacking grew 3.8 times in the third quarter of 2022. (Interestingly, the number of victims declined.)

Analysts assume that cryptojackers are anticipating growth in crypto after it hits bottom and are illegally mining aggressively in the hopes of profiting.

Finally, crypto theft is the hacking of crypto exchanges and other platforms to steal coins directly from their rightful owners. This kind of attack has been reduced because the crypto exchanges themselves were going out of business with the crash in the value of cryptocurrencies.

How falling prices have affected cyber crime

Cyber criminals use dark web exchanges because they don’t check user identities. These don’t typically store currencies but merely enable the exchange of crypto from one service to another, often at inflated fees. These exchanges operate in many ways like legitimate businesses. They need to spend big on advertising, for example, in part to engender trust among malicious actors who themselves don’t want to get ripped off.

Crashing cryptocurrency prices are squeezing dark web exchanges. This reduces incentives for threat actors because it reduces income, makes vulnerability purchasing more expensive and cuts revenue needed to fund Malware-as-a-Service organizations. In other words, falling crypto prices kneecapped the purchasing power of organizations using crypto for illegal activities.

During the rapid declines in early 2022, exchanges tried to convert their crypto to fiat currencies, such as the U.S. dollar (a currency issued by a government not backed by a physical commodity, such as gold or silver), but the value after conversion wasn’t enough to sustain the business.

Advertising for dark web exchanges nearly stopped in the Spring of 2022. Many went bankrupt or out of business.

The cryptocurrency value drop radically slowed financial crimes, including illegal dark web transactions. Losses for the first half of 2022 were way down, according to blockchain data company Chainalysis. Scammer income dropped by two-thirds — 65% — for the first seven months of the year.

Why we can’t draw a direct line from crypto crash to crime reduction

It’s easy to conclude that the drop in the value of cryptocurrencies directly caused the decline in scam revenue. But that would be a mistake.

This drop wasn’t due entirely to the drop in cryptocurrency, according to the report. Both potential victims and police chalked up notable successes in countering such scams. In other words, the general defense against some of these crimes has improved, and credit there is due.

Another point to consider is that total annual scam revenue is usually determined by a very small number of very large scams. One massive scam could upend these numbers and reverse the trend.

In addition, the crash caused cryptocurrency transaction volumes — both legitimate and illegal — to fall. So it reduced “good” transactions in equal measure as “bad” ones.

Also, ransomware gangs likely don’t care if the value of cryptocurrencies is low. They demand ransoms typically in U.S. dollar amounts in the form of whatever quantity of cryptocurrencies are equivalent at the time of demand. While there may be a disincentive to strike while crypto is rapidly declining, once it hits bottom, that disincentive is removed. Volatility in one direction (down) disincentivizes ransomware temporarily. Unfortunately, ransomware is here to stay.

Most importantly, however, it would also be a mistake to assume that cryptocurrency valuations will stay low, or that reductions in crimes that rely on cryptocurrencies will stay low. The consensus among experts is that such crimes will come roaring back to life.

Be prepared for a new wave of cyber crime

The crypto declines that began in late 2021 and continued for more than a year did, in fact, disrupt everything that depended on crypto — the good, the bad and the ugly. But there’s no question that complacency is the wrong response to this brief semi-respite.

As crypto-using criminal gangs regroup, retool and re-think their operations, they will no doubt come roaring back to attack legitimate organizations with new scams and new crimes.

More from Risk Management

Digital solidarity vs. digital sovereignty: Which side are you on?

4 min read - The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts: digital solidarity and digital sovereignty.The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, positioning it as a counterpoint to the protectionist approach of digital sovereignty.What are the main differences between these two concepts, and why does it matter? Let’s…

A decade of global cyberattacks, and where they left us

5 min read - The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “'mega-breaches' were relatively rare, but now feel like an everyday occurrence.”A summary of the past decade in global cyberattacksThe cybersecurity landscape has been impacted by major world events, especially in recent years.…

It all adds up: Pretexting in executive compromise

4 min read - Executives hold the keys to the corporate kingdom. If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords.While phishing remains the primary pathway to executive compromise, increasing C-suite awareness of this risk requires a more in-depth approach from attackers: Pretexting.What is pretexting?Pretexting is the use of a fabricated story or narrative — a “pretext” — to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today