Can ‘Dirty’ Crypto Escape AML Scrutiny? A Look at HAPI Labs

Currently, the volume of illicit funds in cryptocurrencies stands at over $15 billion, according to Chainalysis. This accounts for less than 1% of the total assets linked to illicit activity.

Tracking the movement of such coins is aided by AML AML-services. Thanks to them an address that has conducted multiple transactions from suspicious sources can be blocked to stop further movement of funds.

To obscure the trail and reduce the risk profile of cryptocurrency, criminals resort to a variety of methods.

ForkLog, together with the team of the decentralized security protocol HAPI Labs, examined how ‘dirty’ cryptocurrency becomes ‘white’ and how AML services should label it going forward.

Which cryptocurrency is considered ‘dirty’?

The term ‘dirty’ cryptocurrency is used to describe coins or tokens associated with various forms of illicit activity, including money laundering, financing of terrorism, drug trafficking, fraud, and others.

Blockchain analytics services identify such assets, track their movement paths and interconnections between different wallets. Notable examples include HAPI Explorer and HAPI LABS.

Based on the mix of coins from different sources at addresses, they also calculate the risk level of those addresses. The higher this score, the more likely the exchange’s administrators will freeze the funds, requiring proof of provenance.

Tools for tracking illicitly obtained assets

The first method used by AML services is blockchain analysis using specialized software. It enables researchers to establish links between different wallet addresses and identify illicit activity.

To process large volumes of information and identify unusual or suspicious transactions, companies employ machine-learning and data-analysis algorithms.

Known ‘dirty’ crypto wallets are included in dedicated databases. Researchers can consult this registry for verification.

In addition, blockchain experts exchange information about suspicious transactions with government and law-enforcement agencies and participate in investigations of crimes related to cryptocurrencies.

Methods of laundering cryptocurrencies

The most popular methods to complicate tracking of dirty coins:

• mixing — mixing cryptocurrencies with other users’ assets to sever the link between sender and receiver addresses;
• exchanging cryptocurrencies — converting into other digital assets or fiat;
• mining — transactions to miners’ wallets through private channels as rewards for mined blocks;
• transfers through multiple wallets, notably using cross-chain bridges.

Objects of laundering schemes potentially may include NFT, especially if they are linked to rare or historic items and possess high value. Nevertheless, experts have not yet recorded a rise in such precedents given the low liquidity of this market.

Additionally, there are two other ways to legitimise funds not directly related to their laundering. First, government auctions, through which authorities in various countries dispose of cryptocurrencies seized from criminals. For such assets, an amnesty mechanism is applied, after which the eventual owner will not face AML checks.

“For assets sold through such auctions, analytical companies monitor government agencies’ public disclosures. Some services make labeling errors, but this is usually due to a lack of competence,” said HAPI Labs.

The second method is full or partial return of assets to the rightful owner. Often the latter announces paying a reward to the hacker in case of voluntary restitution of assets.

Attacks using ‘dirty’ assets

In August 2022, the DeFi protocol Aave blocked the wallet of Tron Foundation founder Justin Sun after he received ETH from an anonymous user sanctioned Tornado Cash mixer.

Cyberattacks involving sending ‘dirty’ assets can indeed lead to multiple account freezes. To prevent such cases, platforms must conduct thorough analysis of the affected user’s actions and study the provenance history of assets on their balance.

Users themselves should also inform the administration about the issue and provide all information required for the investigation.

“All services have different mechanisms for verifying the legality of funds. However note that if more than 15% of your turnover consists of ‘dirty’ assets — that is a reason to block funds, and proving your innocence will be difficult”, explained by HAPI Labs.

Fighting money laundering in the DeFi segment

Otherwise, the AML framework for decentralized applications that do not custody user funds is constructed.

For example, the non-custodial exchange Uniswap blocks addresses at the level of the external interface. In this case, a user cannot access only the platform’s website, but not the service itself, since it has open-source code.

With certain technical knowledge, operations remain accessible through smart contracts. Interaction with the underlying Uniswap protocol is also possible via other interfaces, including on IPFS.

According to HAPI Labs, there are currently nearly no effective ways to combat money laundering in DeFi.

“The most popular services Uniswap and 1inch use TRM Labs. But these solutions do not operate on-chain at the level of the smart contract; they allow tracking illicit fund flows and blocking interaction with the application’s external interface,” they explain.