2019 Global Digital Asset Anti-Money Laundering (AML) Research Report

0. Summary

Digital assets such as Bitcoin were mainly used in the early days to purchase illegal items such as drugs and counterfeit banknotes from the dark web. Now, with the gradual maturity of blockchain technology, as a mainstream digital asset, Bitcoin has become the value target sought by many people. It has also extended more use cases, and illegal transactions are no longer its mainstream use. However, through in-depth analysis of a large number of addresses and transactions, PeckShield found that illegal transactions are still widespread in digital asset transactions, and the absolute size is still expanding.

The PeckShield security team comprehensively combed the status of "illegal or unregulated" transactions using digital assets in recent years, and analyzed the following three aspects of data:

Major security incidents and losses: PeckShield statistics found that: 11 major security incidents occurred in 2017 with a total loss of USD 294 million; in 2018, 46 major security incidents occurred with a total loss of USD 4.758 billion. There were 63 major security incidents in 2019, with a total loss of US $ 7.679 billion.

Darknet market transaction scale: As of now, there are about 60,000 darknet websites running the TOR protocol, about half of which are engaged in illegal transactions. The transaction demand in the dark web market is very large, and large black markets are constantly being closed, but soon new black markets will emerge, and the total transaction volume is still growing. The total number of Bitcoins flowing into the dark web in 2018 was 330,000, and in 2019 it was 540,000. Based on the current transaction price, the total amount was $ 2.1 billion and $ 3.9 billion, respectively.

International unregulated capital flows: The flow of funds using digital assets as a carrier has been huge internationally, but the legal definition of digital assets such as Bitcoin in different countries is still very vague, meaning that these liquid funds have not been reasonably Regulatory compliance.

The in-depth research of the PeckShield security team found that the total amount of funds flowing from China through digital assets to foreign countries in 2017 was US $ 10.1 billion, 2018 was US $ 17.9 billion, and 2019 was US $ 11.4 billion. The total amount in three years exceeded China's US $ 3 trillion. 1% of reserves.

Since this year, governments and international agencies have begun to study how to supervise these digital assets. For example, in June 2019, the FATF made regulations requiring that from June 2020, digital asset service providers must report transactions with a value in excess of USD 1,000 / Euro. Equipment.

1. Background and research methods

In November 2008, a mysterious person under the pseudonym Satoshi Nakamoto published a paper on the Internet, "Bitcoin: A Peer-to-peer Electronic Cash System" (Bitcoin: A Peer-to-Peer Electronic Cash System) , Announced the birth of crypto assets Bitcoin, and also started the ups and downs of the development of blockchain technology for ten years.

Bitcoin was originally designed to be a decentralized global electronic payment system that does not require verification by third-party intermediary platforms and can be used by anyone. Because of its anonymity and global nature, Bitcoin has attracted the attention of various illegal traders, including dark web vendors, as well as fraud and extortion by criminals.

In the early days, Bitcoin mainly served as a circulation medium in the dark web market, including the purchase of drugs, counterfeit banknotes and other goods. Silk Road is the first famous dark web black market where almost all prohibited items can be bought. It was later seized by the US FBI in 2013 [1].

With the continuous maturity of blockchain technology and the expansion of application scenarios, the current Bitcoin transaction volume for illegal uses only accounts for about 2% of its total transactions [2]. More transaction volumes are still mainstream legal uses, however, A worrying fact is that the illegal use of Bitcoin has continued to increase in recent years.

PeckShield data shows that the value of bitcoin flowing into the dark web in 2019 is more than $ 3.9 billion, and the amount of bitcoin flowing directly to the exchange is more than $ 200 million. Among them, some of the assets may be due to the influx of stolen funds after the digital asset exchange was hacked, and in the cases of fraud and extortion, criminals asked the victims to pay with digital assets such as Bitcoin.

In this report, we comprehensively combed the unregulated digital asset transaction data (including the use of digital assets for illegal uses, etc.) in the past year, and conducted in-depth and detailed statistics and analysis. It includes data in the following three areas: 1) major security incidents and losses in recent years; 2) the scale of transactions on the dark web market; and 3) unregulated international capital flows.

1.1 Research methodology

The PeckShield research team collects public raw data on and off the blockchain network, and conducts professional, systematic, and in-depth research and analysis based on this. Over the past year or more, PeckShield has accumulated a large amount of on-chain data and transactions on the head public chain, generated massive address labels, built a rich and comprehensive database, and developed professional data analysis tools.

Figure 1 Analysis tool architecture

As shown in Figure 1, our tool library can be divided into three main parts:

1) Transaction-level databases of major public chains. By building full nodes and parsing the public data storage files of the public chain, we have generated transaction-level databases for major public chains, including Bitcoin, Ethereum, EOS, and TRON public chains, and update them in real time;

2) Massive address labels. Due to the anonymous nature of the blockchain network, most of the user identity information behind the on-chain addresses is unknown. We collected off-chain information and analyzed the correlation of on-chain transactions, and then integrated machine learning algorithms to generate a total of more than 60 million address tag libraries. Based on this, we launched a series of digital asset summary and traceability analysis;

3) Data analysis and visualization software. We independently developed data analysis and visualization tools for data analysis of 1) and 2), so that we can mine relevant visual data paths and charts from massive and irrelevant data, such as major digital assets The asset balance of the exchange and the frequency and total amount of mutual transfer transactions; the transfer path and final flow of stolen money in fraud security incidents. In the rest of the report, we list several important cases based on the results presented by these analytical tools.

In Chapter 3 of this report, we conducted a systematic analysis of dark web digital asset transactions. We have created a TOR webpage collection and analysis tool written in Python that can run in parallel and at high speed. First, we find a large amount of webpage content from the dark web server, and then analyze the webpage structure, content, keywords and other information, and use it to There are a large number of digital asset addresses in the dark web.

1.2 Disclaimer

The content of this report is based on our understanding of the blockchain industry and a number of research practices. However, due to the anonymous nature of the blockchain, we cannot guarantee the absolute accuracy of all data here, and PeckShield cannot make mistakes, omissions, Or take responsibility for losses caused by using this report.

At the same time, PeckShield is not an investment advisor, broker, or trader, and we do not have non-public information in this research area. Therefore, this report is not intended as a basis for investment advice or other analysis.

2. Security incident statistics and typical cases

After more than a decade of rapid development, blockchain technology has extended a complete industrial ecosystem including public chains, alliance chains, digital asset exchanges, digital wallets, mining farms, mining pools, and mining machine manufacturers. On October 24 this year, the country listed the blockchain technology as a core technology breakthrough, laying the confidence and foundation for the subsequent development of the blockchain industry.

However, the early blockchain ecosystem was immature, and various security issues were common in all aspects. The PeckShield security team has collated major blockchain security events that occurred from 2017 to 2019, and our data shows:

Figure II Statistics of security incident losses in the past three years

In 2017, there were 11 major security incidents with a total loss of US $ 294 million, of which 8 were hacking incidents and 3 were fraud incidents. The biggest loss came from the hacking incident of the mining platform NiceHash that occurred on December 07. A total of more than 4,700 Bitcoins were stolen with a loss of approximately US $ 80 million; in addition, there were multiple cases of wallet theft with a total value loss of more than US $ 65.5 million.

In 2018, there were 46 major security incidents with a total loss of US $ 4.758 billion, including 42 hacking incidents and 4 fraud incidents. The biggest loss came from the hacking incident on April 22, where hackers used the BatchOverFlow vulnerability in the Ethereum ERC20 smart contract to attack the US chain BEC smart contract, which caused the value of BEC digital assets to almost zero, and the market value evaporated by $ 900 million. It is worth mentioning that among these 46 major security incidents, the exchange theft incident included 17 cases, with a total loss of $ 870 million.

In 2019, there were 63 major security incidents with a total loss of US $ 7.679 billion, including 43 hacking attacks and 20 fraud incidents. Compared with 2018, the security incidents on the exchange this year have dropped by 20%. Two of the most significant security incidents were: the stolen 7,074 BTC of Binance, and the stolen 342,000 ETH from the South Korean exchange Upbit. Overall, The probability of an outbreak of a security event on the exchange is significantly reduced. However, this year's fraud-like security incidents have increased fourfold, becoming the largest security threat in the blockchain world, especially the funds of PlusToken, TokenStore, OneCoin and other projects, which have caused huge losses ranging from hundreds of millions of dollars.

2.1 2017-2019 Security Event Evolution

Figure 2 is the statistics of the loss of blockchain security events in the past three years. Below we will further analyze and interpret these security incidents from different dimensions of data.

We summarized the security incidents that have occurred according to the type of event and the amount of losses:

1) Of the US $ 294 million in losses caused by blockchain security incidents in 2017, hacking caused US $ 192 million in losses, fraud incidents caused US $ 4.6 million in losses, and the value of bitcoin collected through ransomware was US $ 97 million;

2) The losses caused by blockchain security incidents in 2018 amounted to US $ 4.758 billion, a significant increase of 1,523% compared to 2017. Among them, hacking caused US $ 2.173 billion in losses, fraud incidents caused US $ 2.58 billion in losses, and ransomware lost US $ 5.42 million;

3) The economic loss caused by blockchain security incidents in 2019 is as high as US $ 7.679 billion, an increase of 60% compared with 2018. Among them, hacker attacks caused US $ 306 million losses, fraud caused US $ 7.373 billion losses, and blackmail incidents were US $ 550,000. Obviously, this year's major damage was caused by financial wallet fraud. The top two were OneCoin and PlusToken, which caused losses of nearly 4 billion and 3 billion US dollars, respectively, and had a huge social impact.

Figure 3 Statistics of hacking incident losses

Figure 4 Statistics of fraud incident losses

In summary, it is not difficult to see that 2017 and 2018 are relatively early in the blockchain technology. The overall security awareness of developers in the blockchain industry is weak, and the majority of hacking incidents caused by the vulnerability of the project itself.

Since 2019, the entire blockchain ecosystem has been educated in hacking the market for a year or two, and developers ’overall security defense measures have improved. Overall, security incidents due to vulnerabilities have decreased. However, a batch of funds, including OneCoin, PlusToken, TokenStore, TRON super community, etc., broke out. Data show that the amount of losses due to fraud in 2019 reached a staggering $ 7.374 billion, an increase of nearly $ 4.8 billion compared to 2018. This is due to the strong wealth effect of the digital asset market. For ordinary users, the technology and participation threshold are relatively high, which has given some speculators the possibility of concocting various scams.

OneCoin was founded in 2014.The scam illegally earned 4 billion U.S. dollars from the victims. Its leader was arrested in the United States in March 2019. In June 2019, the PlusToken project ran away, involving multiple digital assets, causing at least 30 Loss of 100 million US dollars; and TokenStore and TRON super community caused tens of millions of dollars of losses respectively.

Figures 3 and 4 show the loss statistics of hacking incidents and fraud incidents, respectively. In the following chapters, we will screen three typical fraud cases with huge social impact and heavy user losses, and analyze their incident process and fund transfer in detail.

2.2 PlusToken event

PlusToken claims to be a "cryptocurrency wallet and exchange" registered in South Korea, but its true face is a Ponzi scheme that attracts investors with high returns. PlusToken promises to give investors a 10% -30% monthly interest rate, and with this high return attract a large number of investors to invest more than 200,000 BTC, 780,000 ETH, and 26 million EOS in valuable digital assets [3] [4] [5], involving more than 3 billion US dollars of funds and more than 3 million users, the impact is very wide and the damage is huge.

On June 29, 2019, PlusToken users reported that they were unable to withdraw coins, and the project party was also exposed by the media. Subsequently, six main responsible persons were reportedly arrested by the Chinese police. However, the huge amount of stolen money involved has not yet been recovered and returned to the victims.

PeckShield was involved in the follow-up investigation of PlusToken funds at the first time, and performed lock monitoring and tracking on several key addresses involved in its wallet. Figure 5 is a digital asset tracking tool developed by PeckShield, CoinHolmes, to review the PlusToken event and track the flow of funds.

It can be seen that PeckShield locked and monitored the target address for several careful decentralized transfers and even confused money laundering operations, and finally some funds flowed into the exchange.

The first phase is mainly fund transfer. From March 14, we observed that the addresses starting with 14BWH6G became active and transferred funds to other accounts in batches. A total of 95,228 BTC were transferred and emptied.

In the second stage, money laundering occurred. From August 20th, the CoinHolmes system monitored the convergence of funds at many running addresses, and 91,779 BTCs originally belonging to multi-signature addresses were aggregated into 5 single-signature addresses. Then transfer from the single sign address. Some funds do not flow directly into the exchange, but are obfuscated through ChipMixer-like tools, and then sold through OTC OTC channels.

As of now, the impact of the PlusToken incident has not ended, and a large number of digital assets have not yet been transferred, which has become a very unstable factor in the digital asset market, so that once the market for unknown reasons falls, everyone will put The reason comes down to "PlusToken smashing." PeckShield is continuously monitoring its relevant addresses, and combining the forces of all parties in the blockchain ecosystem to track the marks, while assisting the police in tracking digital assets at risk, helping victims to reduce losses as much as possible.

Figure 5 PlusToken Asset Transfer Process

2.3 Binance theft of 7,000 BTC

Binance, a world-renowned digital asset exchange, issued an announcement on the morning of May 08, saying that at 1:15 am that day, Binance was under a large-scale systemic attack by hackers. Hackers obtained a large number of API keys, and Google verified the 2FA code. According to the information, 7,000 BTC were taken away at one time [6].

According to our data, in this hacking incident, Binance lost a total of 7,074 BTC (based on the day's price, valued at approximately US $ 42 million). PeckShield security personnel analyzed the entire process of the hacker's attack, and performed a full path restoration of the assets on the stolen chain (see Figure 6) and found that:

Figure 6 Binance Asset Transfer Diagram

Step 1: 20 major decentralized storage addresses

After the hacking was successful, the funds were first decentralized and stored. A total of 7,074 BTCs were distributed at 20 main (more than 1 BTC) new addresses with an amount ranging from 100 to 600 per address.

Step 2: Start to aggregate addresses and implement asset transfers

After storing the stolen 7,074 BTC, 7 hours later, the hacker began to organize funds again, first clearing 2 of the 20 addresses, and storing 2 of them with 566 and 671, respectively. BTC is aggregated into 1,226 BTCs and transferred to two new addresses starting with bc1qkwu and bc1q3a5. Finally, 519.9 BTCs in the funds were transferred to another address, and the remaining 707.1 BTCs stayed at the original address.

Finally, transfer funds to

bc1q2rd, 16SMGih, 1MNwMUR, bc1qw7g, bc1qnf2, bc1qx36, bc1q3a5.

Step 3: Implement money laundering through ChipMixer.

In a period of time thereafter, hackers began to perform money laundering operations in batches, split the funds into small amounts, and then confuse them with tools like ChipMixer, and then sold them off-site OTC channels.

2.4 New Zealand Exchange Cryptopia Hacked

In January 2019, hackers attacked Cryptopia, a virtual asset exchange in New Zealand, and stole digital assets mainly based on ETH (then valued at about $ 16 million at the time) and disappeared [7]. After a few months, hackers began to use different methods for money laundering.

Figure 7 Cryptopia stolen asset transfer

As shown in Figure 7, according to CoinHolmes data, in May 2019, hackers first aggregated 5,000 ETH into the decentralized exchange EtherDelta, disguised as buyers and sellers, and eventually converged into the Huobi exchange.

After 4 months, the hacker took another action. On September 22, among the key addresses of stolen assets in Cryptopia, addresses starting with 0x845f93 transferred 5,010 ETH to addresses starting with 0xd759ea, and decentralized transfer of money laundering operations began. The hacker first transferred 120 ETH to Yobit and found that it was not frozen before transferring large amounts of ETH. A total of 1,410 ETH flowed into the Yobit exchange.

From October 11th to 17th, hackers adopted a new money laundering method to transfer funds. Among the key addresses of Cryptopia's stolen assets, addresses starting with 0x9481bd were diversified to 657 ETH, and some of them were converted to DAI through Uniswap decentralized exchanges, and eventually flowed into the well-known DeFi lending platform Compound, and a small amount A project called DeFi 2.0.

It is not difficult to see that after the Cryptopia exchange was stolen, hackers laundered money in various ways, including not only traditional use of centralized exchanges, but also decentralized exchanges, and the DeFi project Compound. Because centralized exchanges may be frozen and traced, decentralized exchanges and DeFi lending platforms with greater liquidity have gradually become new options for hackers to launder money.

3. Dark Web Funds Flow

In the mid-1990s, the U.S. Naval Laboratory developed an anonymous, confidential communication mechanism that was originally intended for confidential information communication between US government agencies. However, the research results of this project were not adopted by the government. However, in 2004, the code was open sourced by the US military. The server running these codes forms an independent network on the Internet. Their web pages are not visible to search engines such as Google and Baidu, and mainstream browsers cannot access these web pages, so this network is also known as the dark web [8 ].

Darknet, also known as Darknet, Dark Web, or TOR network. TOR is an abbreviation of The Onion Router. The TOR protocol encrypts a packet layer by layer like an onion, and then forwards it through a series of randomly selected routers. Since each router can only decrypt the next layer, and only knows the address of the next site, monitoring at any point on this link cannot know the source and destination of this communication. This not only protects the identity and location of the viewer, but also combats network blockades.

Figure 8 Number of dark web sites

The size of the dark web is much smaller than that of the Internet. At present, the total number of websites is only about 60,000, as shown in Figure 8. Not all websites in the dark web are engaged in illegal activities, and some are set up to promote freedom of speech and protect the privacy of users. The world's major newspapers and news organizations have websites on the dark web, including Facebook, CIA, and more. However, according to Terbium Labs research, about half of Dark Web sites are engaged in illegal activities, mainly including drug trafficking, arms smuggling, pornography, extreme terrorist activities, etc.

The emergence of Bitcoin has played a significant role in promoting illegal transactions on the dark web. In 2011, it also directly spawned the Dark Web's first famous black market, Silk Road (Silk Road). The Silk Road's annual trading volume is conservatively estimated at around $ 40 million. But the good times didn't last long. The U.S. FBI seized the Silk Road in 2013, arrested its founder Ross Ulbricht, and confiscated 144,000 bitcoins (then valued at $ 28 million).

However, Silk Road version 2.0 came out soon, and its total transaction volume before it was closed even reached a staggering $ 1.2 billion. Since then, black markets such as AlphaBay and Hansa have appeared.

Figure IX Dream Market Bitcoin Mixed Service Page

Wild fire, in spring. The old black market is constantly closed, and new black markets continue to emerge. Due to the continued demand for illegal transactions, the dark web market is difficult to completely block, but its transaction scale is still expanding. Figure 9 is a large black market currently operating, Dream Market. The page shows a bitcoin mixed currency service it provides.

3.1 Darknet Bitcoin Transaction Scale

In order to count the scale of bitcoin transactions in the dark web, we deployed multiple dark web data crawlers to find bitcoin addresses in millions of web pages, and stored them into databases in different categories, forming a dark web bitcoin address library. We then compared these addresses with our existing massive bitcoin address tags, filtered out addresses that might have mislabeled, and finally got thousands of bitcoin addresses that were engaged in transactions on the dark web. Then combined with our public chain transaction database, we can get the transaction scale data of Bitcoin on the dark web.

Our research results show that in 2018, a total of 334,329 Bitcoins flowed into these addresses; in 2019, it increased to 546,825, at the time of transaction, the total amount was $ 2.1 billion and $ 3.9 billion.

Figure 10 shows the number of transactions and the total number of bitcoin inflows from these dark web addresses each month in 2019. Figure 11 shows the total US dollars flowing into these addresses each month in 2019 at the transaction price.

Figure X Number of Transactions and Transaction Amounts Flowing into the Dark Web in 2019

Figure XI Total funds flowing into the dark web each month in 2019

From these data, it can be seen that the scale of Bitcoin's transactions on the dark web is quite huge. Although this is not the main purpose of Bitcoin, it is also an important part of Bitcoin transactions, and its scale is still expanding. There is also one dimension of data. The scale of funds flowing directly from the dark web to major digital asset exchanges will be given in the next chapter.

4. Unregulated global digital asset flows

Blockchain technology has been in development for ten years since its birth in 2009. Governments and international financial regulators have also transitioned from the initial obscurity to a clearer attempt at supervision.

Overall, all countries and regulators consider blockchain to be an emerging technology and express their acceptance and support. However, with regard to the application of digital assets represented by bitcoin, different countries have different attitudes, and all countries support, neutral, and oppose. For example, Japan recognizes Bitcoin as a legal currency; the United States believes that Bitcoin is a commodity, not a security, and cannot be regulated by securities standards; China prohibits the public trading of digital assets such as Bitcoin on exchanges.

In this chapter, we will outline the regulatory and compliance requirements for digital assets in various countries and institutions, provide the flow of unsupervised funds between countries, and the data of dark network funds flowing into major exchanges.

4.1 Regulatory and compliance requirements for digital assets by international agencies and governments

The most important international financial regulatory agency in the world is FATF (Financial Action Task Force). It is a Paris-based agency specializing in anti-money laundering and combating financial terrorism. It has 39 member states. In October 2018, FATF stated that its regulatory rules also apply to virtual assets (VA, Virtual Asset) and virtual asset service providers (VASP, Virtual Asset Service Provider), including digital asset exchanges and digital wallets.

In June 2019, FATF issued INR15 (Interpretive Note to Recommendation 15), which further clarified the details of the regulation of digital assets and gave a timetable for implementation. INR15 stipulates that countries and VASPs must implement the FATF regulatory requirements within one year, that is, before June 2020. The Group of Twenty (G20) has expressed support for this decision.

One of the core requirements of INR15 is the "Travel Rule". It requires all transactions exceeding USD 1,000 / EUR to be reported to the FATF with the initiator information, beneficiary information and transaction amount of the transaction.

This requirement is a huge challenge for VASP, which means that institutions such as digital asset exchanges must establish a complete KYC and large-value transaction monitoring and reporting mechanism in less than one year. There are no technical difficulties such as traceability of KYC addresses.

Different countries have different attitudes towards blockchain and digital assets. The United States is the main research and development center for blockchain technology. About 1/4 of the world's blockchain companies are located in the United States. The US government also actively encourages and promotes the innovation and development of blockchain technology. However, the United States has a relatively conservative attitude towards digital assets and has strict regulations on financing projects such as ICOs. The US Securities and Exchange Commission (SEC) believes that mainstream digital assets such as Bitcoin and Ethereum are not securities and can only be used as commodities for circulation and trading. If a digital asset is deemed to be securities by the SEC, it is basically impossible to circulate in the United States at this stage. Therefore, many exchanges, currency issuers and ICO projects are not open to US citizens to avoid supervision from the US government.

The Japanese government is very supportive of blockchain and digital assets. As early as April 2017, Japan adopted the "Payment Service Act" to establish the legal status of Bitcoin as a currency and payment method. For a long time, the transaction volume of the Japanese yen against Bitcoin often exceeds half of the Bitcoin transaction volume, and Japanese financial and technology companies are also very active in the blockchain industry. However, Japan does not have clear legislation on financing projects such as ICOs, and these projects are still in a gray area that is not regulated in Japan.

The Chinese government supports the development of blockchain technology, but bans digital assets from being publicly traded on exchanges. Hong Kong, China also has a supportive attitude towards blockchain technology. Its Securities Commission has issued a "Regulatory Sandbox" that allows some companies to make some attempts in the field of digital assets.

Among the other countries in the world, countries that are more friendly to digital assets are Switzerland, South Korea, the United Kingdom, etc .; countries that maintain a neutral attitude are India, Indonesia, and so on; countries that have a strong attitude and clearly restricted Russia include Russia. Figure 12 is from howmuch.net, which lists the different levels of acceptance of Bitcoin in countries around the world.

Figure 12 The legality of Bitcoin in various countries

In the long run, digital assets will certainly be included in the supervision of various countries and financial institutions. So, is there a need for supervision at this stage? This requires a quantitative analysis of the amount of unregulated digital assets flowing between countries, and the scale at which it is used as a payment tool for illegal transactions. In the following two sections, we will show the flow of Bitcoin between different countries and the situation of illegal transactions.

4.2 Flow of funds between unregulated countries

We have accumulated a large number of exchange address tags and transaction data of major public chains. On this basis, we can analyze the daily asset balance of each major exchange and the asset flow between the exchanges. And exchanges registered in different parts of the world have different user groups. To a certain extent, exchanges can have some corresponding relationships with countries. Analyzing the flow of funds between some exchanges is basically equal to the flow of digital assets between different countries. .

For example, in the ranks of the world's major exchanges, we can use the three major exchanges whose main users are located in Mainland China and Hong Kong to represent China, and other major exchanges to represent abroad. By analyzing the flow of funds between these exchanges As a result, we have calculated the circulation of unregulated funds from domestic to foreign countries.

Figure XIII Outflow of funds from China to foreign countries each month in 2019

According to PeckShield research data, taking BTC as an example, at the current transaction price, the amount of funds flowing from China to abroad through digital asset exchanges in 2017 was US $ 10.1 billion, 2018 was US $ 17.9 billion, and 2019 was US $ 11.4 billion. The total outflow of funds in the past three years exceeded 1% of China's three trillion US dollars of foreign exchange reserves [9].

Figure XIV Total outflow of funds from China to major foreign exchanges in 2019

Figure 13 shows the amount of funds flowing from China to foreign countries in 2019 calculated on a monthly basis; Figure 14 shows the total amount of funds flowing from Chinese exchanges to foreign exchanges in 2019 according to exchange statistics.

It should be noted that we only use a few large exchanges to represent the entire country, so the statistical data is only a conservative estimate, and the actual amount of capital flow will be greater than our statistics. Even so, we find that the amount of money flowing out through the exchange each year is quite huge, exceeding 10 billion US dollars. As a reference, China's total foreign direct investment in 2018 was US $ 143 billion [10].

Our research includes data from the following major head exchanges: Huobi, OKEx, Bitfinex, Binance, Bitflyer, Bitmex, Bitstamp, Bittrex, Coinbase, Coincheck, Gate.io, Kraken, Poloniex, and Upbit, etc. Digital asset exchange.

4.3 The amount of funds flowing from the dark web into major exchanges

Among the illegal transactions carried out on the dark web, Bitcoin is still the most important payment tool. Some of these Bitcoins will be transferred to the exchange for laundering, or replaced with fiat currencies and other digital assets. A PeckShield study found that in 2019, the total number of Bitcoins flowing directly from the dark web into major exchanges was 29,471.64 , with a total value of US $ 216 million at the current transaction price.

Figure 15 shows the amount of funds flowing into the exchange from the dark web every day in 2019. It should be noted that only a small portion of Bitcoin in the dark web will flow directly to the exchange, but the total amount of funds in excess of US $ 200 million in 2019 is also sufficient to indicate the need for anti-money laundering supervision.

Figure 15: The amount of funds flowing into the exchange from the dark web every day in 2019

5 Conclusion

Based on the research results of PeckShield, this report comprehensively sorts out the status of illegal and unregulated transactions on the blockchain. PeckShield has conducted a long-term accumulation of data and address labels on major public chains, and conducted a systematic study in this area with the help of CoinHolmes' visual asset path tool. Judging from the scale of the data in the report, illegal transactions are also common in blockchain transactions, and the total amount of unregulated digital asset transactions cannot be ignored.

This report analyzes data in the following three areas:

Major security incidents and losses: In 2017, there were 11 major security incidents with a total loss of USD 294 million; in 2018, there were 46 major security incidents with a total loss of USD 4.758 billion. There were 63 major security incidents in 2019, with a total loss of US $ 7.679 billion.

On the whole, the amount of losses caused by blockchain ecological security events has been rising year by year over the past three years. However, the hardest hit areas of security incidents are constantly changing. From the initial exchange and smart contract issues to DApp, DeFi and other areas close to money, various financial wallet frauds have become new hidden dangers in the industry since this year. In summary, hackers will always launch attacks in areas with weak security, and developers must strengthen security defenses in all aspects.

Darknet market transaction scale: In 2018, the total number of Bitcoins flowing into the darknet was 330,000, and in 2019 it was 540,000. Based on the current transaction price, the total amount is $ 2.1 billion and $ 3.9 billion, respectively.

Overall, the dark web Bitcoin circulation has been in a relatively stable amount, which is determined by its market demand. With the imminent supervision of the digital asset market, how to avoid capital pollution in the dark web market has become an urgent problem for the industry.

Unregulated international capital flows: The total amount of funds flowing from China to foreign countries through digital assets in 2017 was US $ 10.1 billion, 2018 was US $ 17.9 billion, and 2019 was US $ 11.4 billion. The total amount in three years exceeded China's 3 trillion 1% of US dollar foreign exchange reserves.

On the whole, it can be seen from the data that the current unregulated asset flow has occupied a considerable market share, and it is time for the regulators to conduct supervision with a clear attitude. For digital asset exchanges, accelerating compliance has become an urgent matter.


[1] Wikipedia: Silk Road, https://en.wikipedia.org/wiki/Silk_Road_(marketplace)

[2] ambcrypto.com: Bitcoin use for illicit activities, https://eng.ambcrypto.com/bitcoin-use-for-illicit-activities-is-only-2-while-21-transactions-are-lawful-and -77-are-unclassified /

[3] PeckShield: Graphically trace the movement of PlusToken assets (1) https://www.8btc.com/media/440193

[4] PeckShield: Tracking the movement of PlusToken assets with graphics (2) https://www.8btc.com/media/465386

[5] PeckShield: Tracking the movement of PlusToken assets with graphics (3) https://www.8btc.com/media/473062

[6] PeckShield: Graphic restoration of the entire process of transferring 7,074 BTC stolen from Binance https://www.8btc.com/media/407207

[7] PeckShield: Graphic analysis of hacking money laundering on Cryptopia Exchange https://www.8btc.com/media/415453

[8] Wikipedia: TOR network, https://en.wikipedia.org/wiki/Tor_(anonymity_network)

[9] China government website: China's foreign exchange reserve scale, http://www.gov.cn/shuju/2019-12/09/content_5459549.htm

[10] Xinhuanet: China has become the second largest foreign investment country, http://www.xinhuanet.com/money/2019-09/16/c_1124999299.htm