Illicit crypto volume drops in 2024, but use in terrorist financing up: Report
SINGAPORE – Even as the volume of illicit transactions in cryptocurrency fell in 2024, its use in terrorist financing, while still limited, continued to grow, a report by blockchain intelligence firm TRM Labs found.
In its 2025 crypto crime report released on Feb 10, the firm said the volume of illicit transactions dropped 24 per cent year on year to US$44.7 billion (S$60 billion) in 2024.
The fall comes although total transaction volume on the blockchain networks of Bitcoin, Ethereum, Tron, Binance Smart Chain and Polygon went up 56 per cent to US$10.6 trillion.
“This represents 0.4 per cent of overall crypto volume and marks a 51 per cent decrease from 2023. TRM now determines that illicit volume accounted for approximately 0.9 per cent of total crypto volume in 2023,” the report said.
In 2024, the largest percentage of illicit crypto activity occurred on the Tron blockchain (58 per cent), followed by Ethereum (24 per cent), Bitcoin (12 per cent), Binance Smart Chain (3 per cent) and Polygon (3 per cent).
The report said the trend reflects a continued preference for blockchains that have low transaction fees, smart contracts and popular stablecoins or a digital asset that is pegged to the US dollar.
But it warned that the final estimate for 2024 illicit volume will most likely be well above its estimated US$44.7 billion “and may even be above US$75 billion if we carry forward our upward revision for the 2023 figure (US$34.8 billion) so far”. The estimates rise as more information comes in with time.
TRM Labs’ analysis found that while the use of cash, traditional financial institutions, money service businesses and hawalas – an informal unregulated system of moving money – still make up the bulk of avenues in terrorism financing, the use of cryptocurrency by terrorist groups expanded in 2024.
It said of particular concern is cryptocurrency’s growing role for ISIS’ affiliate in Afghanistan, the Islamic State Khorasan Province (ISKP).
The report named four instances in 2024 where ISKP’s use of cryptocurrencies was highlighted, including a March 2024 deadly attack in Moscow.
In Gaza, where the conflict between Israel and Hamas has entered its second year, the report said cryptocurrency donations continued to flow into addresses associated with Hamas, Hamas-aligned online entity GazaNow, and the Mujahideen Brigades, a militant group.
Stablecoins continue to be the primary choice for entities that finance terrorists, the report said, adding that there has been a growing use of self-custody or non-custodial wallets and mixers to obfuscate the crypto trail. These are wallets where the private keys are fully controlled by the wallet owners rather than managed by a third-party service provider, while mixers are services that blend the cryptocurrencies of many users together.
The use of fake credentials to bypass know-your-customer controls imposed by exchanges meant to identify and verify identities, as well as interest in privacy coins such as Monero, which are difficult to trace, also grew in 2024.
Ms Angela Ang, TRM Labs’ head of policy and strategic partnerships for the Asia-Pacific region, said crypto’s role in terrorist financing is small but growing.
“In its October 2024 Terrorism Financing National Risk Assessment, Singapore raised the risk rating of digital payment token service providers (DPTSPs) to match that of banks, though still below money remittance firms,” she said.
She said terrorists are getting smarter with crypto, using more sophisticated techniques to evade detection so DPTSPs have to enhance their surveillance and detection measures to stay ahead.
TRM Labs said the top categories of illicit activity on the blockchain currently remain largely the same as in 2023, with sanctions imposed on entities or individuals by the US and its global partners making up 33 per cent of illicit volume, blocklisted addresses at 29 per cent, and scams and fraud contributing 24 per cent. Blocklisted addresses are those that appear on public blocklists of stablecoin issuers and law enforcement agencies.
Sanctioned entities drove the largest share of illicit crypto volume in 2024, although their inflows fell 33 per cent year on year to US$14.8 billion in 2024, said TRM Labs.
Of the different types of crimes, publicly reported ransomware attacks went up to 5,635 in 2024 from 5,223 in 2023.
TRM Labs said the financial demands of ransomware actors reached unprecedented levels, as seen in the record US$75 million payment made by an unnamed organisation to the Dark Angels ransomware group in March 2024.
“These escalating ransom demands highlight the increasing boldness and sophistication of threat actors, who are leveraging advanced tools and techniques to maximise their extortion efforts,” it said.
In 2024, US$2.2 billion was stolen in hacks and exploits, up 17 per cent from 2023, the report noted, adding that funds sent because of fraud fell 40 per cent year on year to around US$10.7 billion.
In its outlook, the firm said a key theme in 2024 was the resilience and adaptability of illicit networks.
Sanctioned entities, terrorist organisations and ransomware groups have switched tactics in response to global crackdowns, embracing new technologies and methods to obscure their activities, the firm said.
It added that this adaptability underscores the need for constant evolution in enforcement strategies and international cooperation.
Join ST’s Telegram channel and get the latest breaking news delivered to you.