Ethereum upgrade aids in detecting criminals

With its historic Merge event in September, Ethereum has become a proof-of-stake blockchain. The mechanism now used to confirm transactions relies on validators staking their Ether (ETH). Ethereum’s March upgrade, codenamed Shanghai, finally enabled stakers to withdraw their locked Ether.

The Ethereum ecosystem has various “investment themes,” including a) decentralized finance (DeFi); b) stablecoins; c) Bitcoin (via wrapped versions of BTC); and d) non-fungible tokens (NFTs). Following the Shanghai upgrade, the network began to offer fixed-income assets.

Currently, there are several ways people can make money on or using Ethereum. Broadly, they can be grouped into “investment themes,” including a) decentralized finance (DeFi); b) stablecoins; c) Bitcoin (BTC) (via wrapped versions of BTC); and d) non-fungible tokens (NFTs). Following Shanghai, the network began to offer fixed-income assets.

Risk-free rate

Yield is one of the core pillars of traditional finance (TradFi). A rise or fall in yield leads to an increase or decrease in the perceived risk of other financial assets. Thus, movements in the benchmark rate set by the United States Federal Reserve provide the rationale behind investment decisions, in general.

Related: Ethereum is going to transform investing

Compliance professionals use trends in the risk-free rate to detect irrational movement of funds in capital markets, as such fund flows might be attempts to launder money. The reasoning here is that launderers of illicit funds do not actively chase financial gains like regular investors, as the sole purpose of money laundering is to obfuscate the trail of dirty money.

With Ethereum’s staking yield denoting the “risk-free rate” of the crypto ecosystem, the Shanghai upgrade may have enhanced the state of crypto forensics.

TradFi forensics focuses on activity — crypto forensics focuses on entities

Financial crime risk in TradFi is managed using automatic systems that alert institutions to probable illicit use of financial assets. While data scientists design and deploy models to raise red flags over suspicious transactions, investigation teams still must assess resultant leads and evaluate if Suspicious Activity Reports (SARs) need to be filed.

An interesting point of contrast between forensics for TradFi and crypto is that the latter focuses more on the criminal entity than the activity itself. In other words, investigators analyze networks of crypto wallets to identify transfers of criminal assets.

Money laundering occurs in three stages: a) Placement: proceeds of crime enter the financial system; b) Layering: complex movement of funds to obscure the audit trail and sever the link with the original crime; and c) Integration: criminal proceeds are now fully absorbed into the legal economy and can be used for any purpose.

For crypto assets, it is convenient to design solutions to detect the placement of illicit assets. This is because most laundered money originates from crypto-native crimes such as ransomware attacks, DeFi bridge hacks, smart contract exploits, and phishing schemes. In all such offenses, a perpetrator’s wallet addresses are readily available. Consequently, once a crime has been committed, relevant wallets are monitored to analyze asset flows.

In contrast, forensic experts working for, say, a bank do not have any visibility into the offense — such as human or drug trafficking, cybercrime, or terrorism — when criminal proceeds are being injected into a bank’s ecosystem. This makes detection extremely difficult. Hence, most Anti-Money Laundering (AML) solutions are designed to identify layering.

Ethereum’s staking rewards make it easier to detect unusual activity

To design solutions to detect layering, it is imperative to think like criminals, who craft complex flows of funds to obfuscate the money trail. The time-tested approach to exposing such activity is to spot the irrational movement of assets. This is because money laundering does not have the goal of generating profit.

With Ether’s post-Shanghai staking yields providing benchmark interest rates for crypto, we can formulate baseline risk-reward structures. Armed with this, investigators can systematically spot financial behavior running counter-intuitive to trends in the benchmark rate.

Related: Thanks to Ethereum, ‘altcoin’ is no longer a slur

To give an example, there may be a trend where an address or a group of addresses consistently takes on high risk while earning below the risk-free rate. If this happens, a bank would almost certainly investigate it.

For instance, this type of transaction surveillance system can be utilized to identify the wash trading of NFTs. This is when multiple market participants work together to conduct numerous NFT transactions with the goal of layering criminal assets or manipulating prices. Since the vast majority of these transactions are not intended to generate profits, this activity will raise a red flag.

Similarly, if the proceeds of terrorism are being layered via DeFi protocols, the detection of irrational asset movements can provide substantial leads to investigators, even without knowledge of the actual crime.

Financial crime and DeFi

Traditional capital markets are often used to secretly move funds to circumvent sanctions and finance terrorist activity. Similarly, DeFi ecosystems present an attractive target for financial crime due to the ability to transfer large amounts of assets between jurisdictions using blockchain.

In addition, there has been a significant shift in activity from centralized exchanges to decentralized exchanges due to recent incidents like the collapse of FTX. This increase in DeFi volumes has made it easier for illegal flows to remain obscure.

What’s even more compelling is the introduction of better compliance controls by centralized crypto service providers – often mandated by regulators – which are likely driving criminals to seek out new channels for money laundering.

As a result, illicit flows to DeFi could originate from an expanded set of crimes. This shift in the crypto market necessitates that forensics teams increase their capabilities in investigating complex fund flows across diverse protocols without prior knowledge of the source of criminal assets.

Therefore, compliance efforts need to focus on the discovery of layering typologies. In fact, with the rapid progress in blockchain interoperability, systematic surveillance to detect criminal transfers has become even more crucial.

Our ability to detect suspicious activity in crypto is less than ideal, partly due to the extreme price volatility of crypto. This volatility makes static risk thresholds ineffective and can enable money laundering to go undetected. If and when Ethereum establishes a benchmark rate, it will provide a means of establishing baseline rationality for fund flows and thus identifying outliers.