Note that the use of cryptocurrencies by hackers for ransomware is not a new idea. For example, back in August 2020, COVID-19 researchers from the University of California fell victim to a hack. Their system, along with the results of their work, turned out to be encrypted due to malware.

Encrypted system due to hackers

Although the staff initially wanted to avoid payment and tried to underestimate the amount, they did eventually make concessions and paid out 116 bitcoins. Read more about the story, along with a detailed chronology of events, in a separate piece.

How much do cryptocurrency hackers get

Here’s how Chainalysis experts explain the results of the study in a report.

It does not mean that the number of attacks has decreased, at least not as much as the sharp decline in the number of payments would suggest. On the contrary, we believe that the decrease in the volume of funds received is due to the fact that victims of attacks are increasingly refusing to pay ransoms to attackers.

Transaction volumes to extortionists by year

Cybercriminals demanding crypto in hacking attacks have long been a stain on the crypto industry and an argument that regulators use to call for stricter controls or even outright bans on digital assets. According to Decrypt’s sources, in June 2021, US President Joe Biden’s administration officials said they were stepping up the fight against crypto fraud with an emphasis on transaction tracking.

Hacker extortion attacks use malware that blocks or steals important files on the victim’s computer. In exchange for payment in cryptocurrency, hackers promise to give a key that will unencrypt files. The victims in such incidents are quite often companies that can pay the attackers a relatively large ransom. In fact, hackers are primarily targeting them.

😈 YOU CAN FIND MORE INTERESTING INFORMATION ON US AT YANDEX.ZEN!

Chainalysis analysts claim that stolen funds from ransomware attacks last year were laundered through centralised exchanges, gambling sites or cryptomixers. They continue.

The proportion of ransomware attack funds going to centralised exchanges rose from 39.3 per cent in 2021 to 48.3 per cent in 2022.

Experts also reported an increase in the proportion of funds flowing into cryptomixers by fraudsters, rising from 11.6 per cent in 2021 to 15 per cent in 2022.

As a reminder, in August 2022, the US Treasury Department blacklisted the cryptomixer Tornado Cash, effectively banning it in the United States. According to the agency, the measures were taken because fraudsters were using Tornado Cash to launder large sums of money.

Outflows of funds from extortionists to launder

The conclusion of the Chainalysis report says that the real scale of extortion fraud may be much larger than it first appears. The reason for this is the nature of blockchains – anyone can have as many cryptocurrency wallets as they want. Here is how the experts comment on this.

As always, we should stipulate that the true scale of what is happening is much higher, as there are cryptocurrencies controlled by attackers that have not yet been identified within the blockchain and are not included in our reports. Nevertheless, the trend is clear: extortion payments have dropped significantly.

In another separate report, Kaspersky analysts listed the most popular cryptocurrencies among attackers. Bitcoin is traditionally quoted by most hackers, but they also actively use coins like Monero or Zcash. It’s all about their fundamental properties: these coins are designed to be private, meaning special shielded transactions with them cannot be traced.


We think this trend in the cryptocurrency industry is really positive. If victims of such hacks are less likely to agree to hackers' terms, it sends a clear signal to hackers and makes the activity less attractive for them at the same time. And that, in turn, can have a positive effect on the reputation of digital assets, which will cease to be perceived as a working tool of hackers.