Illicit Crypto Crime Shifts Away From Bitcoin as Multi-Chain Era Takes Hold, TRM Labs Report Reveals

A landmark report from blockchain intelligence firm TRM Labs has exposed a dramatic shift in how cybercriminals operate across the cryptocurrency ecosystem, revealing that Bitcoin now accounts for just 19% of all illicit crypto volume — a staggering decline from 97% in 2016.

Released on June 28, the Illicit Crypto Ecosystem Report maps over 40 distinct types of criminal activity across multiple blockchains, painting a picture of a rapidly evolving threat landscape that has moved far beyond Bitcoin’s original reputation as a dark web currency.

TL;DR

• Bitcoin’s share of illicit crypto volume collapsed from 97% in 2016 to just 19% in 2022
• Ethereum now dominates crypto hack volume at 68%, with Binance Smart Chain at 19%
• TRON blockchain accounts for 92% of terrorist financing volume
• Approximately $9.04 billion was funneled into fraud schemes in 2022, primarily Ponzi and pyramid operations
• Cross-chain bridge attacks resulted in roughly $2 billion in stolen funds during 2022

The Multi-Chain Crime Evolution

According to TRM Labs’ analysis of 2022 data, cybercriminals have diversified their blockchain usage with surgical precision. While Bitcoin was once the exclusive domain for illicit transactions, the proliferation of alternative chains has given bad actors a wider toolkit for evading detection.

Ethereum has emerged as the primary target for hackers, accounting for 68% of total crypto hack volume in 2022, with Binance Smart Chain following at 19%. Bitcoin’s share of hack volume plummeted to under 3% — a far cry from 2016 when two-thirds of all crypto hacks flowed through the Bitcoin blockchain.

Perhaps the most striking shift involves terrorist financing. Bitcoin was once the exclusive currency for such activities, but TRM Labs’ data shows it has been virtually replaced by assets on the TRON blockchain, which now accounts for 92% of terrorist financing volume. The report highlighted a 240% increase in the use of Tether on TRON for terrorist financing over the past year alone.

Follow the Money: Fraud, Bridges, and Darknet Markets

The scope of criminal activity documented in the report extends well beyond hacking and terrorism financing. Approximately $9.04 billion was sent to various fraud schemes in 2022, with the vast majority flowing into apparent Ponzi and pyramid schemes that continue to prey on unsuspecting investors.

Cross-chain bridges — the infrastructure that enables cryptocurrency to pass between different blockchains — emerged as a significant vulnerability. Roughly $2 billion was stolen through attacks targeting these bridges in 2022, highlighting the security risks inherent in interoperability protocols.

Darknet markets also maintained their grip on the illicit economy, with approximately $1.49 billion in spending recorded in 2022. Over 80% of this activity took place on Russian-language darknet markets, underscoring the geopolitical dimensions of crypto crime.

The Arms Race Between Criminals and Law Enforcement

Ari Redbord, TRM Labs’ global head of policy and a former Department of Justice prosecutor, characterized the current landscape as a Whac-A-Mole game between illicit actors and law enforcement. Criminals have adopted increasingly sophisticated tactics, from privacy coins like Monero and Zcash to mixing services like Tornado Cash, all designed to obscure transaction trails.

“We lived in a world, just a few years ago, where really all you needed was to track and trace the flow of funds on Bitcoin,” Redbord explained. “Tracing certainly has changed.”

The chain-hopping technique — moving funds rapidly between different blockchains to create complex, hard-to-trace transaction paths — has become a preferred method for money laundering. The growing popularity of Tether on TRON, combining a dollar-pegged stablecoin with low transaction fees and perceived regulatory distance, presents particular challenges for investigators.

Law Enforcement Fights Back

Despite the evolving tactics of cybercriminals, TRM Labs maintained that law enforcement agencies, particularly the U.S. Treasury Department, are largely winning the battle. The Treasury’s Office of Foreign Assets Control made headlines in 2022 by sanctioning crypto addresses and mixers for the first time, representing a significant escalation in the regulatory response.

Just days before the report’s release, the Department of Justice announced a new cyber section within its national security division, signaling the government’s commitment to keeping pace with the digital evolution of financial crime. The convergence of blockchain analytics capabilities, regulatory enforcement, and institutional coordination suggests that while the battle is far from over, the tools available to fight crypto crime have never been more sophisticated.

Esteban Castaño, co-founder and CEO of TRM Labs, emphasized the significance of these shifts: “A sea change in illicit crypto activity is underway, and TRM is empowering everyone from law enforcement investigators to compliance professionals to disrupt this new era of crypto crime.”

Why This Matters

The TRM Labs report fundamentally reframes the narrative around cryptocurrency and criminal activity. As Bitcoin’s dominance in illicit transactions fades, the challenge for regulators and blockchain analytics firms has become exponentially more complex. Understanding these multi-chain crime patterns is essential for developing effective regulatory frameworks and protecting the broader crypto ecosystem. For investors and industry participants, the report underscores the importance of robust compliance infrastructure in an increasingly interconnected blockchain landscape.

Disclaimer: This article is for informational purposes only and does not constitute financial or legal advice. Readers should conduct their own research before making any investment decisions.