2023 Web3 Security Landscape and AML Analysis Report

Authors: Beosin Research Team Mario, Tian Daxia Donny

This article is the first part of the “2023 Web3 Blockchain Security Situation, AML Analysis Review and Summary of Key Regulatory Policies in the Crypto Industry”, only showing the security situation part of the report, and the regulatory policies and other content can be found in the “2023 Global Web3 Virtual Asset Industry Regulatory Policies and Event Observation”.

Introduction

Initiated by the Blockchain Security Alliance and co-created by Alliance members Beosin, Web3 Law, and Elven, this research report aims to comprehensively discuss the global Blockchain security landscape and key regulatory policies in the crypto industry in 2023. Through an analysis and assessment of the current state of Blockchain security around the world, the report will reveal current security challenges and threats and provide solutions and best practices. At the same time, the report will also examine the positions and policy guidance of governments and regulators in the regulation of the crypto industry to help readers understand the dynamic changes in the regulatory environment and the possible impacts.

Through this report, readers will be able to gain a more comprehensive understanding of the dynamic evolution of the Web3 Blockchain security landscape and the core takeaways of regulatory policies. This will help readers assess and address the security challenges facing the Blockchain space, and promote the sustainable development of the industry while complying with regulatory requirements. In addition, readers can also get helpful advice from the report on security measures, compliance requirements, and the direction of the industry to help them make informed decisions and actions in this emerging field. Blockchain security and regulation are key issues in the development of the Web3 era. Through in-depth research and discussion, we can better understand and respond to these challenges and promote the security and sustainable development of Blockchain technology.

1, 2023 Web3 Blockchain Security Landscape Overview

According to Blockchain security audit firm Beosin’s EagleEye platform, the total loss in the Web3 sector due to Hacker attacks, phishing scams, and Rug Pull reached $2.02 billion in 2023. **Among them, there were 191 attacks with a total loss of about $1.397 billion, 267 Rug Pull incidents with a total loss of about $388 million, and a total loss of about $238 million from phishing scams.

**In 2023, Hacker attacks, phishing scams, and Rug Pull incidents all decreased significantly compared to 2022, with a total decrease of 53.9%. **Among them, Hacker attacks fell the most, from $3.6 billion in 2022 to $1.397 billion in 2023, a decrease of about 61.2%. Phishing fraud losses decreased by 33.2% compared to 2022, and Rug Pull losses decreased by 8.8% compared to 2022.

In 2023, there will be 4 attacks with losses of more than 100 million US dollars, and 17 attacks with losses in the range of 10 million US dollars to 100 million US dollars. **The top 10 security incidents accounted for approximately $1 billion in total losses, accounting for 71.5% of the total annual attack incidents. **

**The types of projects attacked in 2023 are more extensive than in 2022, including Decentralized Finance, CEX, DEX, public chains, Cross-Chain Interaction bridges, Wallets, payment platforms, gaming platforms, crypto brokers, infrastructure, password managers, development tools, MEV bots, TG bots and many more. **Decentralized Finance is the type of project with the highest frequency of attacks and loss amounts, with 130 Decentralized Finance attacks causing a total loss of about $408 million.

In 2023, the types of public chains with attacks will be more frequent, and there will be multiple security incidents stolen across multiple chains. Ethereum continued to be the most loss-making public chain, with 71 Ethereum attacks causing $766 million in losses, accounting for 54.9% of the total losses for the year.

From the perspective of attack methods, 30 private key leaks caused a total of about $627 million in losses, accounting for 44.9% of the total losses, which is the most costly attack method. Contract vulnerability exploitation is the most frequent attack method, with 99 out of 191 attack incidents coming from contract vulnerability exploitation, accounting for 51.8%.

**Approximately $295 million in stolen funds were recovered for the year, accounting for approximately 21.1%, a significant increase from 2022. **Approximately $330 million of stolen funds were transferred to mixers throughout the year, accounting for 23.6% of the total stolen funds.

Unlike on-chain Hacker attacks, phishing scams, and a significant drop in the amount of Rug Pull, off-chain crypto crime data will increase significantly in 2023. In 2023, the global crypto industry crime reached a staggering $65.688 billion, up about 377% from $13.76 billion in 2022. **The top three types of crimes involving money are online gambling, Money Laundering and fraud. **

2. Top 10 Security Events in the Web3 Ecosystem in 2023

In 2023, there were four attacks that lost more than $100 million: Mixin Network ($200 million), Euler Finance ($197 million), Poloniex ($126 million), and HTX & Heco Bridge ($110 million). The top 10 security incidents accounted for approximately $1 billion in total losses, or 71.5% of the total annual attack incidents.

No.1MixinNetwork

Amount of loss: $200 million

Attack method: cloud service provider database attack

In the early morning of September 23, the Mixin Network cloud service provider database was hacked, resulting in the loss of some assets on the Mainnet, involving about $200 million. On September 25, the founder of Mixin publicly explained the incident in a live broadcast, saying that the damaged assets were mainly Bitcoin core assets, and assets such as BOX and XIN were not seriously stolen, and the specific attack situation could not be disclosed.

No.2****EulerFinance

Amount of loss: $197 million

Attack method: contract vulnerability - business logic problem

On March 13, Decentralized Finance lending protocol Euler Finance was attacked, causing a loss of about $197 million. The root cause of the attack is that the contract does not properly check the number of Tokens actually held by the user and the health status of the user’s ledger after the donation. All stolen funds from the incident have been returned by the attackers.

No.3****Poloniex

Amount of loss: $126 million

Attack method: Private key leak / APT attack

On November 10, Justin Sun’s exchange Poloniex related Address continued to transfer large amounts of assets, suspected of being stolen. Immediately afterwards, Sun Yuchen and Poloniex issued an announcement on social platforms to confirm the theft. According to Beosin Security Team’s tracking using Beosin Trace, approximately $126 million in stolen assets from Poloniex has been accumulated.

No.4****HTX&HecoBridge

Amount of loss: $110 million

Attack method: Private key leak

On November 22, Justin Sun’s exchange HTX and Cross-Chain Interaction Bridge Heco Bridge were hacked, with a total loss of $110 million, including $86.6 million for Heco Bridge and about $23.4 million for HTX.

No.5****Curve/Vyper

Amount of loss: $73 million

Attack method: contract vulnerability-re-entrant

In the early morning of July 31, Ethereum programming language Vyper tweeted that Vyper versions 0.2.15, 0.2.16 and 0.3.0 have reentrant locks and vulnerabilities, plus the native ETH can adjust callback when transferring, resulting in several lp pools of these and ETH groups can be re-entrancy attacks. Then Curve’s official Twitter post said that many Stable Coin pools (alETH/msETH/pETH) using Vyper 0.2.15 were attacked due to a failure in the reentrant lock. The loss from this incident is about $73 million.

No.6CoinEx

Amount of loss: $70 million

Attack method: Private key leak / APT attack

On September 12, the crypto exchange CoinEX issued a statement saying that the risk control system detected a suspicious large withdrawal activity in the hot wallet used to temporarily store the trading assets of the platform, and a special team was established to intervene at the first time, and the incident mainly involved Token assets such as ETH, TRON, and Polygon, with a stolen amount of about $70 million.

No.7****AtomicWallet

Amount of loss: $67 million

Attack method: Private key leak / APT attack

According to Beosin’s EagleEye security risk monitoring, early warning and blocking platform, Atomic Wallet was attacked in early June, and according to Beosin’s team, the damage caused by the attack was at least about $67 million.

No.8Alphapo

Amount of loss: $60 million

Attack method: Private key leak / APT attack

On July 23, Crypto Assets payment service provider Alphapo Hot Wallet was stolen, losing a total of $60 million. The incident was perpetrated by Lazarus, a North Korean Hacker group.

No.9KyberSwap

Amount of loss: $54.7 million

Attack method: contract vulnerability - business logic problem

On November 22, the DEX project KyberSwap was attacked, causing a total loss of about $54.7 million. Kyber Network said the Hacker attack was one of the most sophisticated in Decentralized Finance history, and attackers would need to perform a series of precise on-chain operations to exploit the vulnerability.

No.10****Stake.com

Amount of loss: $41.3 million

Attack method: Private key leak / APT attack

On September 4, the crypto gambling platform Stake.com was hit by a Hacker attack. In the aftermath of the attack, Stake.com stated that unauthorized transactions Hot Wallet occurred on its ETH and BSC, that an investigation was underway, and that deposits and withdrawals would be resumed as soon as possible after the Wallet was fully resecured. The incident was perpetrated by Lazarus, a North Korean Hacker group.

3. The type of project to be attacked

Compared to 2022, the types of projects attacked in 2023 are more extensive, and the amount of losses is no longer concentrated on certain project types. In addition to common types such as Decentralized Finance, CEX, DEX, public chains, Cross-Chain Interaction bridges, Wallets, etc., Hacker attacks in 2023 also appeared on payment platforms, gambling platforms, crypto brokers, infrastructure, password managers, development tools, MEV bots, TG bots and other project types.

**Of the 191 attacks in 2023, Decentralized Finance projects accounted for 130 (about 68%), making them the most attacked project type. **The total loss amount of Decentralized Finance attacks is about $408 million, accounting for 29.2% of all losses, and it is also the type of project with the highest amount of losses.

In second place in terms of losses was CEX (Centralized Exchange), with a total of $275 million in losses from 9 attacks. IN ADDITION, 16 ATTACKS OCCURRED IN THE DEX (DEX EXCHANGE) TYPE, WITH A TOTAL LOSS OF ABOUT $85.68 MILLION. On the whole, exchange types will have frequent security incidents in 2023, and exchange security is the second biggest challenge after Decentralized Finance security.

The third largest loss was the public chain, with a loss of about $208 million, mainly from the $200 million theft of Mixin Network.

**In 2023, Cross-Chain Interaction losses rank 4th, accounting for about 7% of all losses. **In 2022, 12 cross-chain interaction security incidents caused about $1.89 billion in losses, accounting for 52.5% of the total losses that year. In 2023, there will be a significant reduction in Cross-Chain Interaction security incidents.

In fifth place is the crypto payment platform, with a total loss of about $97.3 million in 2 security incidents (Alphapo and CoinsPaid), both of which Hacker point to the North Korean APT organization Lazarus.

4. The amount of loss of each chain

**Compared with 2022, the types of public chains with attacks in 2023 are also more extensive, mainly due to multiple CEX private key leaks in 2023, with losses on multiple chains. **The top five by amount of damage are Ethereum, Mixin, HECO, BNB Chain, TRON; the top five by number of attacks are BNB Chain, Ethereum, Arbitrum, Polygon, Optimism, and Avalanche (tied for 5th).

As in 2022, Ethereum is still the public chain with the highest amount of loss. The 71 attacks on Ethereum caused $766 million in damages, or 54.9% of the total losses for the year.

The Mixin chain ranked second in terms of losses, with a single security incident loss of $200 million. In third place was HECO, with a loss of about $92.6 million.

There were 76 attacks on BNB Chain, accounting for 39.8% of the total number of attacks, the highest number of attacks of any chain platform. The total loss on BNB Chain was about $70.81 million, with the vast majority of incidents (88%) concentrated below $1 million.

5. Analysis of attack methods

Compared with 2022, the attack methods in 2023 are more diverse, especially adding a variety of Web2 attack methods, including: database attacks, supply chain attacks, third-party service provider attacks, man-in-the-middle attacks, DNS attacks, front-end attacks, etc. **

In 2023, 30 private key breaches caused a total of $627 million in losses, accounting for 44.9% of the total losses, making them the most costly attack methods. Private Key breaches that caused large losses were: Poloniex ($126 million), HTX & Heco Bridge ($110 million), CoinEx ($70 million), Atomic Wallet ($67 million), and Alphapo ($60 million). **Most of these events are related to Lazarus, a North Korean APT group. **

Contract vulnerability exploitation is the most frequent attack method, with 99 out of 191 attack incidents coming from contract vulnerability exploitation, accounting for 51.8%. The total loss due to the contract breach was $430 million, which was the second largest loss amount.

Business logic vulnerabilities account for about 72.7% of the losses caused by contract vulnerabilities, resulting in a total loss of about $313 million. The second-largest contract vulnerability was re-entrancy, with 13 re-entrancy vulnerabilities causing approximately $93.47 million in losses.

6. Analysis of attack methods in typical cases

6.1 EulerFinance Security Incident Event Summary

On March 13, Euler Finance, a lending project on the Ethereum chain, was attacked by a flash loans, with losses reaching $197 million.

On March 16, the Euler Foundation offered a $1 million reward for information that could help apprehend Hacker and return stolen funds.

On March 17, Michael Bentley, CEO of Euler Labs, tweeted that Euler “has always been a security-conscious project.” From May 2021 to September 2022, Euler Finance was audited 10 times by 6 Blockchain security companies, including Halborn, Solidified, ZK Labs, Certora, Sherlock, and Omnisica.

From March 18 to April 4, attackers began returning funds one after another. During this period, the attacker apologized through on-chain messages, saying that he had “messed up other people’s money, other people’s jobs, and other people’s lives” and asked for everyone’s forgiveness.

On April 4, Euler Labs tweeted that the attackers had returned all stolen funds after a successful negotiation.

Vulnerability Analysis

In this attack, the donateToReserves function of the Etoken contract did not properly check the number of Tokens actually held by the user and the health status of the user’s ledger after donation. An attacker exploited this vulnerability and donated 100 million eDAI, when in fact the attacker only staked 30 million DAI.

Since the health status of the user’s ledger meets the liquidation conditions after the donation, the loan contract is triggered to liquidate. During the liquidation process, eDAI and dDAI are transferred to the liquidation contract. However, due to the very large amount of bad debts, the liquidation contract will apply the maximum discount for liquidation. At the end of the liquidation, the liquidation contract has 310.93M eDAI and 259.31M dDAI.

At this point, the health status of the user’s ledger has been restored, and the user can withdraw funds. The amount that can be withdrawn is the difference between eDAI and dDAI. But there are actually only 38.9 million DAI in the pool, so users can only withdraw this amount.

6.2Vyper/Curve Security Events

Event Summary

On July 31, Ethereum programming language Vyper tweeted that Vyper versions 0.2.15, 0.2.16 and 0.3.0 have reentrant locks and vulnerabilities. Curve said that multiple Stable Coin pools (CRV/alETH/msETH/pETH) using Vyper 0.2.15 were attacked, with total losses amounting to $73 million, and about $52.3 million was later returned by Hacker.

Vulnerability Analysis

This attack is mainly caused by the failure of the anti-reentrant lock of Vyper 0.2.15, the attacker added the Liquidity by the re-entrancy add_liquidity function when calling the remove_liquidity function of the relevant Liquidity pool to remove the Liquidity, because the balance update precedes the re-entrant add_liquidity function, resulting in an error in the price calculation.

7. Analysis and review of typical AML events

7.1 AtomicWallet Wallet Stolen Case

According to Beosin’s EagleEye security risk monitoring, early warning and blocking platform, Atomic Wallet was attacked in early June this year, and according to Beosin’s team, the damage caused by the attack was at least about $67 million.

According to the analysis of the Beosin team, the chain involved in the theft so far includes a total of 21 chains, including BTC, ETH, and TRX. The stolen funds are mainly concentrated on the Ethereum chain. Where:

The Ethereum chain has identified 16,262 ETH worth of Vitual Money, about $30 million.

TRON CHAINTRON CHAIN IS KNOWN TO HAVE STOLEN FUNDS IN 251335387.3208 TRX WORTH VITUAL Money, ABOUT $17 MILLION.

BTC Chain The known stolen funds of the BTC chain are 420.882 BTC worth of Vitual Money, equivalent to $12.6 million.

BSC Chain The BSC Chain is known to have stolen funds of 40.206266 BNB worth of Vitual Money.

The rest of the chain XRP: 1676015 XRP, about $840,000 LTC: 2839.873689 LTC, about $220,000 DOGE: 800575.67369797 DOGE, about $50,000

Let’s take an example of Money Laundering on the Ethereum chain

In the Hacker’s operation on the stolen money, there are two main ways for Ethereum to be attacked:

Avalanche Cross-Chain InteractionMoney Laundering after divergence through contracts

According to the analysis of the Beosin team, the Hacker will first exchange the valuable coins in the Wallet for the main currency of the public chain, and then collect them through two contracts.

The contract Address package ETH into WETH through two-layer transit, and then transfer WETH to the contract used to diverge ETH, and transfer it to Avalanche’s WalletAddress for Cross Bridge through up to five layers of interchange for Cross-Chain Interaction operations, Cross-Chain Interaction which is not carried out using a contract and belongs to Avalanche’s internal bookkeeping transaction type.

The Ethereum link diagram is as follows:

Convergence Contract 1:

0xe07e2153542eb4b768b4d73081143c90d25f1d58 A total of 3357.0201 ETH were involved

Swap to WETH and transfer to contract 0x3c3ed2597b140f31241281523952e936037cbed3

The detailed map of the stolen goods route is as follows:

Convergence Contract 2:0x7417b428f597648d1472945ff434c395cca73245 involved a total of 3009.8874 ETH

Hacker converted to WETH and transferred to contract 0x20deb1f8e842fb42e7af4c1e8e6ebfa9d6fde5a0

The detailed map of the stolen goods route is as follows:

The two convergence contracts are confirmed by agreeing on the source of the fee, and some have no transaction Address hidden. The fee path is as follows:

In addition, on the Ethereum chain, Hacker also Money Laundering through various Cross-Chain Interaction bridge protocols and exchanges, and this part is currently counted as 9896 ETH, and this part will be collected through multiple aggregation Address.

In the whole event, there are many HackerMoney Laundering channels, mainly through various exchange accounts for Money Laundering, and there are also direct inflows into Cross-Chain Interaction bridge contracts.

8. Analysis of the flow of funds of stolen assets

Approximately $723 million of the stolen funds for all of 2023 remained in HackerAddress (including transfers through Cross-Chain Interaction and dispersions across multiple Address), accounting for 51.8% of the total stolen funds. This year, Hacker is more inclined to use multiple cross-chain interactions for Money Laundering and spread the stolen funds across many Addresses than last year. The increase in addresses and the complexity of money laundering paths have undoubtedly increased the difficulty of investigation for project parties and regulators.

About $295 million in stolen funds were recovered, accounting for about 21.1%. In 2022, only 8% of funds were recovered. The recovery of stolen funds in 2023 is significantly better than in 2022, with the majority coming from on-chain negotiated returns.

Approximately $330 million of stolen funds were transferred to mixers throughout the year (approximately $71.16 million to Tornado Cash and another $259 million to other mixing platforms), accounting for 23.6% of the total stolen funds. This is a significant decrease from 38.7% last year. Since the US OFAC sanctioned Tornado Cash in August 2022, the amount of stolen funds transferred to Tornado Cash has drop significantly, and has been replaced by an increase in the use of other mixing platforms, such as Sinbad, FixedFloat, etc. In November 2023, the U.S. OFAC added Sinbad to its sanctions list, calling it “the main money laundering vehicle of the North Korean Lazarus organization.”

In addition, a small number of stolen funds ($12.79 million) were transferred to the exchange, and a small number of stolen funds ($10.9 million) were frozen.

9. Analysis of project audit

Of the 191 attacks, 79 were not audited and 101 were audited. The proportion of audited projects this year is slightly higher than last year (the proportion of audited/unaudited projects last year was roughly the same).

**Contract vulnerabilities accounted for 47 of the 79 unaudited projects (59.5%). This suggests that projects that have not been audited are more likely to have potential security risks. **In comparison, 51 (50.5%) of the 101 audited projects had contract vulnerability incidents. This shows that audits can improve the security of the project to a certain extent.

However, due to the lack of well-established normative standards in the Web3 market, the quality of audits has been uneven, and the final results presented have fallen far short of expectations. In order to effectively ensure the security of assets, it is recommended that you find a professional security company to conduct an audit before the project is launched. **

10. RugPull analysis

In 2023, Beosin’s EagleEye platform will monitor a total of 267 Rug Pull incidents in the Web3 ecosystem, with a total amount of about $388 million, a decrease of about 8.7% from 2022.

In terms of value, 233 (87%) of the 267 Rug Pull incidents were under $1 million, which is roughly the same as in 2022. A total of 4 projects with an amount of more than 10 million US dollars were involved, including Multichain (210 million US dollars), Fintoch (31.6 million US dollars), BALD (23 million US dollars), and PEPE (15.5 million US dollars).

Rug Pull projects on BNB Chain and Ethereum accounted for 92.3% of the total, with 159 and 81 respectively. A small number of Rug Pull events have also occurred on other public chains, including: Arbitrum, BASE, Sui, zkSync, etc.

11, 2023 Global Crypto Industry Crime Data

In 2023, the global crypto industry crime reached a staggering $65.688 billion, up about 377% from $13.76 billion in 2022. While the amount of on-chain hacking attacks has dropped significantly, crime in other areas of Crypto Assets has increased significantly. The largest increase was online gambling, with $54.9 billion involved. The next in line are Money Laundering (about $4 billion), fraud (about $2.05 billion), pyramid schemes (about $1.43 billion), and Hacker attacks (about $1.39 billion).

With the improvement of the global crypto regulatory system and the deepening of the crackdown on Crypto Assets crimes, the global police will solve a number of large cases involving hundreds of millions of dollars in 2023. Here is a review of some typical cases:

No.1In July 2023, China’s Hubei police cracked the country’s “first Vitual Money case”, involving 400 billion yuan (about 54.9 billion U.S. dollars). More than 50,000 people were involved in this online gambling case, the server was located outside China, and the main culprit Qiu Moumou and others have been sent for trial in accordance with the law.

No.2 In August 2023, the Singapore authorities investigated the largest-ever Money Laundering case, involving S$2.8 billion, Money Laundering mainly through Vitual Money.

No.3 In March 2023, police in Jiangsu, China, filed a public prosecution against Ubank’s “Cryptocurrency Trading” scam, involving a pyramid scheme with a trading volume of more than 10 billion yuan (about 1.4 billion US dollars).

No.4In December 2023, according to a statement from the U.S. Attorney’s Office for the Eastern District of New York, the co-founder of Vitual Money exchange Bitzlato pleaded guilty to $700 million Money Laundering charges.

No.5 In July 2023, the Brazilian Federal Police dismantled two drug trafficking criminal gangs, transferring a total of more than $417 million and providing money laundering services through crypto assets.

No.6 In February 2023, the founder of Forsage was indicted for alleged $340 million in Decentralized Finance Ponzi Scheme, according to an indictment from the US state of Oregon.

No.7 In November 2023, police in Himachal Pradesh, India, arrested 18 people in a $300 million Crypto Assets scam.

No.8 In August 2023, Israeli police charged businessman Moshe Hogeg and his partners with defrauding investors of $290 million in Crypto Assets.

No.9 In June 2023, Thai police cracked a suspected cryptocurrency fraud case, which may involve more than 10 billion baht (about $288 million).

No.10 In October 2023, JPEX, a virtual asset trading platform in Hong Kong, China, was suspected of fraud, and the police arrested a total of 66 people, involving about HK$1.6 billion (about US$205 million).

2023 is a year of a surge in Crypto Assets crime cases. The frequent occurrence of fraud and pyramid schemes also means that the probability of ordinary users suffering from asset losses has greatly increased. Therefore, it is urgent to strengthen the regulation of the Crypto Assets industry. We can see that global regulators have made a lot of efforts to regulate Crypto Assets this year, but there is still a long way to go from a complete, safe and positive ecosystem. **

12. Summary of Web3 Blockchain Security Landscape in 2023

In 2023, on-chain Hacker attacks, phishing scams, and Rug Pull incidents on the project side have all decreased significantly compared to 2022. Hacker attacks lost 61.3%, and the most costly attack modus operandi changed from last year’s contract exploit to this year’s private key leak. The main reasons for this shift include:

1. After last year’s rampant Hacker activity, this year the entire Web3 ecosystem has paid more attention to security, from project parties to security companies have made efforts in various aspects, such as real-time on-chain monitoring, more attention to security audits, and actively learning from past contract vulnerability exploit incidents. This has made it harder to steal funds through contract loopholes than it was last year. **

2. Strengthening global regulation and improving AML technology. It can be seen that 21.1% of the stolen funds were recovered in 2023, which is significantly better than in 2022. **With mixing platforms such as Tornado Cash, Sinbad, and others being sanctioned by the United States, the Money Laundering path for Hacker is also becoming complicated. At the same time, we have also seen news of Hacker being arrested by the local police, which has a certain deterrent effect on Hacker. **

3. The impact of the crypto Bear Market at the beginning of the year. Hacker the expected benefits of being able to steal assets from Web3 projects declines, weakening Hacker activity. This has also led to Hacker no longer being limited to attacking types such as Decentralized Finance, Cross-Chain Interaction, exchanges, etc., but turning to payment platforms, gaming platforms, crypto brokers, infrastructure, password managers, development tools, MEV bots, TG bots and other types.

Unlike the sharp decrease in on-chain Hacker activity, off-chain more covert criminal activities such as online gambling, Money Laundering, pyramid schemes, etc. have increased significantly. Due to the Anonymity of Crypto Assets, all kinds of criminal activities are more inclined to use Crypto Assets for transactions. However, it would be one-sided to attribute the increase in cases of Vitual Money crimes solely to the Anonymity and inadequate regulation of Crypto Assets. **The root cause is the increase in global criminal activity, and Vitual Money provides a relatively hidden and hard-to-track funding channel for these criminal activities. **In 2023, a significant slowdown in global economic growth and a number of uncertainties in the political environment have contributed to the surge in global criminal activity. **Against this economic expectation, global criminal activity is expected to remain high in 2024, posing a severe test for law enforcement agencies and regulators around the world. **