2023 Anti-Money Laundering Trends in Blockchain

SlowMist
12 min readJan 13, 2024

In our previous report, we primarily analyzed the top ten attack of 2023. This report will focus on the anti-money laundering (AML) trends in the blockchain sector for the same year.

Freezing and Recovering Funds

Thanks to the robust support of our InMist Intelligence Network partners, SlowMist aided clients, partners, and publicly hacked entities in freezing over 12.5 million U.S. dollars in funds throughout 2023.

There were 31 incidents in 2023 where victims of attacks were able to recover all or part of their lost funds. The total stolen funds amounted to approximately 384 million U.S. dollars, of which 297 million was successfully recovered, accounting for 77% of the stolen amount. In these 31 incidents, the funds of 10 protocols were fully returned.

What is Anti-Money Laundering

Anti-money laundering (AML) is a systematic project wherein governments use legislative and judicial powers, mobilize relevant organizations and commercial entities to identify possible money laundering activities, handle related funds, and punish involved institutions and individuals. This is done to prevent criminal activities. Internationally, both money laundering and anti-money laundering activities primarily occur in the financial sector, with almost all countries placing the AML responsibilities of financial institutions at the core. International cooperation in AML also mainly occurs within the financial sector. In recent years, money laundering crimes have become more diversified and concealed, with trends increasingly using the difficulty of tracing virtual currencies to hide the origins of illegal funds. AML is becoming one of the biggest challenges faced by regulatory compliance institutions.

Blockchain Anti-Money Laundering Trends

In 2023, the world of cryptocurrencies continued to experience turmoil and instability. During the previous crypto bull market, the actions of industry giants SBF and CZ seemed to have a significant impact on the market. However, in November, a federal grand jury found SBF guilty of fraud and conspiracy related to the collapse of FTX. Just a few weeks later, Binance accepted the charges and paid a fine of $4.3 billion, with CZ agreeing to relinquish control over Binance. As the crypto asset industry fluctuates between a turbulent “crypto winter” and a bear market, governments and international organizations have adopted a more cautious approach. Regulatory policies on cryptocurrencies are still being gradually developed across various countries.

Stablecoin Regulations

The Navigating the Global Crypto Landscape with PwC: 2024 Outlook, released on December 19, reveals that in 2023, as many as 25 countries and regions have developed legislation or regulations for stablecoins. These include Austria, The Bahamas, Denmark, Estonia, Finland, France, Germany, Greece, Japan, Luxembourg, Portugal, Spain, Sweden, and Switzerland. The majority of these jurisdictions have also ensured or implemented all other scrutinized regulations, including a framework for cryptocurrency regulation, licensing or registration, and compliance with the Financial Action Task Force’s (FATF) Travel Rule.

However, the report notes that some major countries like the United States, the United Kingdom, and Canada have not yet finalized legislation for stablecoins or established a comprehensive regulatory framework for cryptocurrencies. In contrast, crypto-friendly countries/regions like Singapore and the United Arab Emirates have adopted all cryptocurrency-related regulations except those pertaining to stablecoins.

Of the jurisdictions analyzed, about 18% or only 8 have not initiated any regulation for stablecoins. This group includes Bahrain, Brazil, India, Taiwan, Turkey, and others. Additionally, 23% of the reviewed jurisdictions, including Australia, Hong Kong, and Singapore, have commenced the regulatory process for stablecoins and are actively adopting relevant laws.

SEC Enforcement Actions

In November, the United States Securities and Exchange Commission (SEC) published the enforcement results for the fiscal year 2023. The report indicated that the SEC initiated 784 enforcement actions, a 3% increase from 2022. These actions resulted in penalties totaling $4.949 billion, the second-highest in history, only behind the $6.4 billion in 2022. The SEC noted that the fiscal year 2023 was a year of fruitful enforcement efforts, with key investigations involving areas such as cryptocurrencies, cybersecurity, false statements by publicly traded companies, and market manipulation.

Significant enforcement actions taken by the SEC in the crypto ecosystem included:

  1. NFT Issuers Impact Theory and Stoner Cats: The SEC sued these NFT issuers under federal securities laws, marking an expansion in the SEC’s regulatory scope. Both companies agreed to settlements with the SEC, paying approximately $6.1 million and $1 million, respectively, after being accused of selling unregistered securities.
  2. Kraken Settlement: Kraken settled with the SEC for $30 million over its staking services, which were deemed unregistered securities, fitting the definition of an investment contract.
  3. Linus Financial Agreement: The SEC reached a settlement with the Nashville-based crypto services company Linus Financial for allegedly offering and selling unregistered retail crypto lending products.
  4. Coinbase Lawsuit: The SEC’s lawsuit against Coinbase alleges that the exchange has been operating as an unregistered securities exchange, broker-dealer, and clearing agency. Coinbase has filed a motion to dismiss the lawsuit, with a decision expected in January of the following year.
  5. Ripple and XRP: The SEC claims that Ripple’s token XRP is a security. However, Judge Torres clarified in her ruling that XRP itself is not a security. Another judge, Rakoff, later overruled a motion that would have impacted the case, leaving the judgment still divided and undecided.
  6. Bitcoin Spot ETF Applications: Despite numerous applicants and years of back-and-forth battles with the SEC, the commission has never approved a Bitcoin spot ETF. The latest deadline for the SEC to respond to these applicants is between January 5th and 10th, 2024.
  7. Civil Suit Against Binance: In June, the SEC filed a civil lawsuit against Binance, accusing the exchange of being unregistered and illegally supplying and selling securities to U.S. investors. The SEC has consistently refused Binance’s requests to dismiss the lawsuit, and the legal battle is ongoing.

Anti-Money Laundering Sanctions

  1. April 2nd: The United States Department of the Treasury sanctioned three North Koreans for providing money laundering support to the North Korean hacker group Lazarus Group.
  2. May 25th: Binance assisted U.S. law enforcement in seizing $4.4 million and freezing accounts associated with organized crime in North Korea.
  3. August 24th: As per the U.S. Treasury Department press release, the Justice Department charged Roman Semenov and Roman Storm, the co-founders of Tornado Cash, who were arrested by the FBI and IRS on charges of conspiring to launder money, operate an unlicensed money transmitting business, and violate sanctions regulations. The Treasury Department stated that despite knowing Lazarus Group was laundering hundreds of millions of dollars worth of stolen virtual currency for North Korean interests through its mixing service, Tornado Cash’s founders continued to develop and promote the service without meaningful measures to prevent its use for illegal purposes.
  4. October 18th: The U.S. Department of the Treasury imposed sanctions on several individuals and entities, alleging support for Hamas’s terrorist activities. This included a Gaza-based exchange and a business called “Buy Cash Money and Money Transfer Company.” The Treasury stated that this business has a history of providing financial support to terrorist groups. Buy Cash was previously associated with wallets seized by the Israeli National Bureau for Counter Terror Financing in 2021, accused of “providing funds, material, technology, services, or support to Hamas,” with transactions involving assets including Bitcoin.
  5. October 31st: The Japanese government decided at a cabinet meeting to freeze assets of 9 Hamas members and a virtual currency trading company involved in funding the Palestinian armed political faction Hamas.
  6. November 22nd: The U.S. Department of Justice announced that Binance and Changpeng Zhao pleaded guilty to federal charges in a $4 billion resolution. The U.S. Treasury’s settlement announcement with Binance stated that the Financial Crimes Enforcement Network (FinCEN) would impose a $3.4 billion civil penalty on Binance, along with five years of regulation and significant compliance commitments, including ensuring Binance’s full exit from the U.S.
  7. November 29th: The U.S. Department of the Treasury sanctioned the cryptocurrency mixing service Sinbad for supporting transactions related to the North Korean hacker organization. Sinbad’s website was also seized by the U.S. Federal Bureau of Investigation, the Dutch Financial Intelligence Unit, the Office of the Dutch Prosecutor, and the Finnish National Bureau of Investigation. Sinbad.io (Sinbad, also known as Sindbad) is a virtual currency mixer and a primary tool for laundering money for the Lazarus Group on behalf of North Korea. Sinbad facilitated the laundering of millions of dollars in stolen virtual currencies and was the mixer of choice for the Lazarus Group. Operating on the Bitcoin blockchain, Sinbad facilitated illegal transactions by obscuring their origins, destinations, and counterparties. Some industry experts believe Sinbad is another version of the Blender.io mixer.

Global Policy

China

China has maintained a stringent policy towards cryptocurrencies. In 2021, China declared a complete ban on cryptocurrency trading and halted all business activities related to cryptocurrencies. On November 13th, the Financial Stability Bureau of the People’s Bank of China published an article titled “Effectively Preventing and Resolving Financial Risks, Firmly Guarding Against Systemic Risks.” The article highlighted that the rectification work in areas such as virtual currency trading was basically completed, with a firm stand against domestic cryptocurrency trading speculation. In December, the People’s Bank of China released the China Financial Stability Report (2023), which comprehensively assessed the soundness of China’s financial system in 2022. The report addressed the risks associated with crypto assets and stated the continuation of rectifying illegal financial activities like virtual currency trading speculation. Additionally, the report summarized China’s regulation of crypto assets and the global dynamics of crypto asset regulation, noting that “in recent years, many countries’ regulatory authorities and international organizations have started assessing the risks of crypto assets, introducing regulatory policies and countermeasures, generally adhering to the principle of ‘same business, same risk, same regulation,’ regulating crypto asset operations commensurate with their risk levels, minimizing regulatory data gaps, reducing regulatory fragmentation, and eliminating regulatory arbitrage.”

Despite China’s strong containment of cryptocurrencies, the country continues to encourage the exploration and application of blockchain and digital currency-related technologies, responding and adjusting timely to emerging issues. Data shows that since the digital yuan was first introduced in January 2022, by the end of June, the transaction volume of the central bank’s digital yuan was about 1.8 trillion yuan. On December 2nd, the People’s Bank of China and the Central Bank of the United Arab Emirates renewed a 350 billion yuan/18 billion dirham (approximately $4.9 billion) currency swap agreement in Hong Kong, extending the bilateral currency swap agreement for five years to promote financial and economic ties. The two sides also signed a Memorandum of Understanding on Strengthening Cooperation in Central Bank Digital Currencies to enhance technical cooperation in the development of central bank digital currencies. On October 9th, six departments, including the Ministry of Industry and Information Technology, the Central Cyberspace Affairs Commission, the Ministry of Education, the National Health Commission, the People’s Bank of China, and the State-owned Assets Supervision and Administration Commission, jointly issued the “High-Quality Development Action Plan for Computing Power Infrastructure.” The plan proposes that by 2025, computing power will exceed 300 EFLOPS, with the proportion of intelligent computing power reaching 35%, and balanced development of computing power in the eastern and western regions. In December, the Ministry of Industry and Information Technology, in its response to Proposal №02969 of the First Session of the 14th National Committee of the Chinese People’s Political Consultative Conference, stated that in addition to measures like “formulating a Web3.0 development strategy document suitable for China’s national conditions” to improve top-level design, it will also strengthen research and regulation of Web3.0 technology, engage in international exchanges and cooperation on Web3.0, and increase technological promotion and dissemination.

Hong Kong SAR, China

Hong Kong, as a regional financial center, is transforming itself into a cryptocurrency hub. On June 1st, Hong Kong’s virtual currency licensing system officially opened, allowing platforms interested in virtual asset business to apply for a license and be regulated by the Hong Kong Securities and Futures Commission. On December 22nd, the Securities and Futures Commission issued Circular on SFC-authorised funds with exposure to virtual assets, replacing the previous Circular on Virtual Asset Futures Exchange Traded Funds issued on October 31, 2022. The notice stated that licensed institutions can issue and manage spot ETFs for virtual assets (like Bitcoin and Ethereum) that are permitted to trade on licensed trading platforms or recognized financial institutions, via both physical and cash subscription and redemption methods. In light of the JPEX incident, the CEO of the Securities and Futures Commission emphasized the importance of regulation, stating that Hong Kong’s direction in developing the Web3 ecosystem will remain unchanged, and that virtual asset trading is an essential part of this ecosystem. The Commission and the Police Force have established a working group on virtual asset trading platforms, sharing information on suspicious activities and regulatory violations to jointly bring lawbreakers to justice. The Hong Kong Monetary Authority is also further strengthening cryptocurrency trading regulation to prevent money laundering and fraud, while the Securities and Futures Commission continues to review and enhance existing regulatory systems. On December 22, the Securities and Futures Commission (SFC) of Hong Kong issued Joint circular on intermediaries’ virtual asset-related activities and Circular on SFC-authorised funds with exposure to virtual assets, stating that they are “ready to accept applications for the recognition of virtual asset spot exchange-traded funds (ETFs).”

United States

The United States has a relatively flexible approach to cryptocurrencies. While regulatory policies are continually updated, there is no comprehensive ban on trading, purchasing, or selling cryptocurrencies. The U.S. is further enhancing its regulatory efforts to ensure the stability of the financial system and consumer protection.

European Union

The European Union’s regulatory policy on cryptocurrencies is still under discussion and revision, attempting to balance financial security with technological innovation. Notably, in December, the EU announced new sanctions against Russian-led cryptocurrency companies and projects, intensifying the crackdown on Russian crypto company executives.

Japan

Japan is relatively open in its approach to cryptocurrencies, with established procedures and regulations to control and support the cryptocurrency market. In 2023, Japan’s National Tax Agency released general guidelines on the taxation of NFTs, including examples of income tax collection and consumption tax situations. Additionally, the Bank of Japan stated it would make a final decision on issuing a CBDC before 2026.

South Korea

South Korea has clear regulations on cryptocurrencies, including registration requirements, compliance audits, and financial consumer protection. South Korea is also promoting various blockchain-related innovation projects. In 2023, the Bank of Korea (BOK) announced details of its retail central bank digital currency (CBDC) pilot program, with 100,000 selected citizens to join in the fourth quarter of the next year. The Financial Services Commission (FSC) also announced legislative proposals and regulatory provisions for the Virtual Asset User Protection Act in December. The law aims to protect virtual asset users and establish a sound virtual asset market trading order. In response, the Financial Supervisory Service announced the establishment of a Virtual Asset Regulation Bureau and a Virtual Asset Investigation Bureau, in preparation for the implementation of the Virtual Asset User Protection Act in July of the following year.

Singapore

Singapore has always been forward-looking in its legislation on cryptocurrencies. The Monetary Authority of Singapore (MAS) released a consultation paper on a crypto consumer protection handbook in 2023, which will be followed by final guidelines. Singapore actively participates in international financial cooperation, like the policymaker group Project Guardian, comprising Japan’s FSA, the UK’s FCA, and Switzerland’s FINMA, to promote cross-border financial development and asset tokenization. MAS also launched pilot projects for digital assets and decentralized finance (DeFi) services in 2023.

In summary, due to the complexity of cryptocurrencies, regulatory policy has become a complex discussion involving financial stability, consumer protection, and anti-money laundering. However, as blockchain and cryptocurrency technologies become more widespread, more governments and institutions are getting involved, and regulatory policies are evolving towards more specific and global directions.

Summary

In summary, due to the inherent complexity of cryptocurrencies, regulatory policy has become a multifaceted and complex discussion encompassing financial stability, consumer protection, and anti-money laundering. However, it is certain that as blockchain and cryptocurrency technologies become more widespread, an increasing number of governments and institutions are getting involved, and regulatory policies are shifting towards more specific and global approaches. It is believed that the gradual clarification of regulatory rules will aid virtual asset service providers and financial institutions in combating money laundering and illegal fundraising; it will also assist in sanction screening and transaction monitoring. As a leading security company in the blockchain industry, we will actively respond to national regulatory policies and continue to vigorously promote technology applications related to regulatory compliance.

With this, the four-part interpretation of the 2023 Blockchain Security and Anti-Money Laundering Annual Report is complete.

Click the link below to access the full report:

https://www.slowmist.com/report/2023-Blockchain-Security-and-AML-Annual-Report(EN).pdf

About SlowMist

At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.

SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. They offer AML (Anti-money laundering) software, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. They have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.

By delivering a comprehensive security solution customized to individual projects, they can identify risks and prevent them from occurring. Their team was able to find and publish several high-risk blockchain security flaws. By doing so, they could spread awareness and raise the security standards in the blockchain ecosystem.

💬Website 🐦Twitter ⌨️GitHub

--

--

SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.