Chainalysis flags error in counting terrorism-linked cryptocurrencies

Recent assessments of the volume of cryptocurrency used by Hamas have erroneously included funds not directly linked to financing terrorism. Analysts at Chainalysis said so.

They say that for a correct tally, one must not only quantify the assets directly held by the terrorist organisation, but also identify the service providers that facilitate the movement of funds linked to terrorism financing.

As an example, Chainalysis cited the recently sanctioned company Buy Cash, based in the Gaza Strip. It processes money transfers and the exchange of virtual currency.

«These service providers handle more funds than an ordinary person, but less than a typical exchange. Some of them may resemble over-the-counter brokers, while others — like hawala, the informal financial settlement system among brokers used predominantly in the Middle East, Africa and Asia,» the analysts explained.

Examining the counterparties to a wallet linked to terrorism financing, experts identified at least 20 suspected service providers. Each of them received in total between $8.4 million and $1.1 billion in cryptocurrencies.

A detailed analysis of one address showed that over seven and a half months it processed more than 1,300 deposits and 1,200 withdrawals.

Of the $82 million in cryptocurrency received at this address, around $450,000 had been transferred from a well-known wallet linked to terrorists. The activity of the address suggested that the operator behind it is most likely a service provider, consciously or unconsciously aiding the financing of terrorism.

«It may seem that in the above example the $82 million in cryptocurrency was gathered to finance terrorism. But it is more likely that only a small portion of these funds was intended for terrorist activity, and the larger portion processed through the suspected service provider had nothing to do with the case», the Chainalysis said.

They added that when cryptocurrency enters the service, it is blended with funds from other users, complicating tracing. Moreover, only the service provider knows the linkage between deposits and withdrawals for specific clients — this information stored in order books that are not visible on the blockchain or to blockchain-analytics tools.

«Therefore, it is often unproductive to continue tracing funds after they have been credited to the service, because the owner of the funds is usually not the one moving them after that moment», the Chainalysis noted.

In the above example, eight of the twenty suspected service providers that are counterparties to the terrorism-linked wallet also conducted transactions with sanctioned Russian exchange Garantex.

«If external services are not taken into account in this scheme, this could lead to further erroneous conclusions that terrorist funds were laundered or obtained from Garantex. In reality, these are merely cases where the service provider processed transactions for both Garantex and the wallet linked to terrorists», the analysts explained.

At the same time, Chainalysis experts say that, even as intermediaries, financial service providers thus support terrorism, so cutting off criminal groups’ access to them through sanctions is an important component of AML/FT.

Earlier, Elliptic, after studying the flow of funds across wallets linked to Palestinian Islamic Jihad (PIJ), found that some of them were processed, in part, through Garantex.

Representatives of the exchange suggested that these assets were likely sent to a client for small services, or as part of an exchange transaction. Outgoing transactions to the address, which also received transfers from PIJ, were linked to transfers to “a large exchange in the Persian Gulf”.