Darknet Market Crimes on the Rise Again with $1.7B Revenue in 2023

This trend continues in 2024 as Shido suffered an exploit where almost half of its circulating supply was stolen, and crypto romance scams continue affecting thousands of people.

In 2023, darknet marketplaces experienced a resurgence, generating over $1.7 billion in revenue, according to the "2024 Crypto Crime Report" by Chainalysis. Meanwhile, crypto-linked sanctions by the US OFAC increased by more than double. On the brighter side, the report revealed a decline in revenue from crypto scams, though new forms of scams, particularly romance scams, saw a dramatic increase. Just yesterday, the crypto sector faced a security breach when Shido, a layer-1 blockchain, lost nearly half of its tokens in circulation, valued at about $35 million, because of an exploit in its Ethereum-based staking contract.

Darknet Markets Bounce Back

According to the "2024 Crypto Crime Report" that was released by Chainalysis on Feb. 29, darknet marketplaces saw a resurgence in 2023, generating revenue of at least $1.7 billion. This marked a major recovery from the downturn seen in 2022 after the shutdown of Hydra, the then-largest darknet marketplace. Despite no single platform emerging as a clear successor to Hydra, a concerning number of smaller, niche-focused marketplaces have flourished, collectively driving the sector's revenue growth. Mega Darknet Market led this group, drawing over $500 billion in crypto inflows.

On the more optimistic side, the revenue from darknet markets has not surpassed the peak levels recorded during Hydra's operation just yet. Chainalysis anticipates ongoing efforts by law enforcement to investigate and dismantle these platforms, especially those who are involved in selling fentanyl products. This resurgence of niche marketplaces is not unprecedented, but mirrors patterns seen after the closures of other big darknet markets like Silk Road and AlphaBay.

The report also pointed out an increase in crypto-linked sanctions by the United States Office of Foreign Assets Control (OFAC) in 2023, with sanctions more than doubling to include 18 people or entities. These sanctions, often targeting groups or people rather than major markets or mixers, accounted for 61.5% of all illicit crypto transaction volumes, totaling $14.9 billion.

Despite these challenges, the report still offers some positive news, pointing out a decline in the revenue made from crypto-based scams from $5.9 billion in the previous year to $4.6 billion in 2023. Unfortunately, it also points to the emergence of new scams, like romance scams, which saw a very dramatic increase in revenue and are considered particularly damaging because of the large average payment size and the emotional exploitation involved.

Chainalysis placed a lot of emphasis on the collective effort that is required from both the public and private sectors to create a safer crypto environment. For people, this includes being more vigilant when it comes to online interactions and practicing good digital hygiene. For the broader ecosystem, it involves identifying scam networks' on-chain footprints and collaborating across jurisdictions to recover stolen funds.

Massive Security Breach Drains Half of Shido's Tokens

It seems like these trends are continuing into 2024. Just yesterday, the crypto space experienced another setback when Shido, a layer-1 blockchain, saw its token value plummet 90+% in just 30 minutes due to an exploit. The incident happened on its Ethereum-based staking contract, according to the blockchain security firm PeckShield. The exploit involved an attacker transferring the blockchain's Ethereum staking contract to another address, then upgrading the contract with a concealed function that allowed the withdrawal of staked tokens. Over 4.3 billion Shido tokens were withdrawn by the attacker, which is almost half of the circulating supply, which was valued at approximately $35 million before the price collapse.

PeckShield was the first to alert the public about this drastic drop on Feb. 29. Further investigations revealed that the exploiter's wallet was initially funded through transactions that originated from the Layerswap protocol and then moved through the Arbitrum blockchain. On-chain researcher ZachXBT managed to trace the real identity behind the wallet that funded the exploiter, suggesting that this wallet's owner might also have been compromised as their assets were transferred unexpectedly before the exploit.

In response to this security breach, the Shido team quickly issued an announcement, stating that they secured the network against any further threats and that they started an investigation into the incident. They also called upon the hacker to come forward to negotiate a bounty, promising to return the assets to users who had staked their tokens.

Shido, which operates on a proof-of-stake mechanism, has yet to launch its mainnet, with plans for its introduction announced for the week after Feb. 24. The SHIDO token, an ERC-20 token on Ethereum, could be staked on the project's decentralized exchange (DEX) to earn an annual yield of 8%, according to the project's website.

This exploit adds to the growing list of cybersecurity incidents in the cryptocurrency space. January of this year alone witnessed 30 attacks with losses amounting to around $182.5 million, and February's figures are now also expected to rise because of the Shido exploit.

Billion-Dollar Romance Scams

Chainalysis’ concerns about romance scams is also not unwarranted. Just recently, Shreya Datta, a tech professional based in Philadelphia, was defrauded out of $450,000 by a con artist posing as a French wine trader named "Ancel" on the dating app Hinge. The scam, known as "pig butchering," involves criminals using feigned love and affection to trick victims into making fake crypto investments. The fraudsters, believed to be part of crime syndicates in Southeast Asia, have already caused billions of dollars in losses in the United States.

Datta's interaction with "Ancel'' quickly moved from Hinge to WhatsApp, where they exchanged selfies, flirty emoticons, and brief video calls that were later revealed to be AI-generated deepfakes. "Ancel '' portrayed himself as a caring and wealthy person, convincing Datta to invest in a crypto scheme through a fake Coinbase trading app. Despite initial successes, when Datta attempted to withdraw her funds, she was met with demands for a personal tax, leading her to realize that she had been scammed.

This case is just one of many examples where romance and AI technology is used in financial frauds, with victims very often too ashamed to report their losses. The FBI estimates that more than 40,000 people reported losses totaling about $3.5 billion from cryptocurrency fraud last year.