Eastern Europe Received Over $1B of Illicit Crypto in a Year: Chainalysis

The region is second highest for cryptocurrency scams, behind only Western Europe, a report says.

AccessTimeIconSep 1, 2021 at 11:00 a.m. UTC
Updated May 11, 2023 at 5:48 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

A report published by Chainalysis on Wednesday details crypto-related criminal activity in Eastern Europe, which is broadly believed to be the home base for many infamous hacker groups and the drug marketplace Hydra, which Chainalysis has said is the world’s biggest.

“In terms of raw value, Eastern Europe has sent the second most cryptocurrency of any region to illicit addresses, behind only Western Europe,” the report reads.

  • New Solidus Labs Report Breaks Down Smart Contract Scams
    New Solidus Labs Report Breaks Down Smart Contract Scams
  • 'This Is a One-Time Thing,' FTX to Reimburse Victims of API Phishing
    'This Is a One-Time Thing,' FTX to Reimburse Victims of API Phishing
  • US Sanctions Russian Darknet Marketplace Hydra
    US Sanctions Russian Darknet Marketplace Hydra
  • US Sanctions Russian Darknet Market; Indian MP’s Crypto Warning
    US Sanctions Russian Darknet Market; Indian MP’s Crypto Warning
  • In total, addresses associated with Eastern Europe received about $1.15 billion of illicit funds from July 2020 to June 2021, according to Chainalysis.

    Hydra, in particular, is one of the reasons Eastern Europe sends more cryptocurrency to darknet markets than any other region in the world, the report said. The Russian-speaking darknet marketplace for drugs and illegal goods is believed to be a big driver of criminal crypto liquidity into Russia, earning up to 75% of the global darknet revenue, as Chainalysis said in an earlier report.

    However, the biggest share of funds Eastern Europeans are sending to illicit addresses goes to scams, Chainalysis said.

    “Between June 2020 and July 2021, Eastern Europe-based addresses sent $815 million to scams, second only to Western Europe,” the report reads. Most of the web traffic to known scam websites also comes from Eastern Europe, especially Ukraine, Chainalysis said.

    The region also received “roughly $950 million worth of cryptocurrency from scam addresses,” which makes Eastern Europe the second-largest recipient of scam funds in the world, after Western Europe, Chainalysis said. This monthly number has been rising since March 2021, the firm added.

    The most prolific case in the region turns out to be Finiko, an alleged Ponzi scheme whose founders are under criminal investigation in Russia. As CoinDesk reported, Russian police received reports from Finiko users, who claimed to have lost about $1 million in total. However, an anonymous source at Russia’s central bank told business publication The Bell the losses might have amounted to almost $95 million.

    Chainalysis’ estimate is even more striking: The crypto sleuthing firm identified over $1.5 billion worth of bitcoin received by Finiko’s addresses in over 800,000 separate deposits, the report said.

    “While it’s unclear how many individual victims were responsible for those deposits or how much of that $1.5 billion was paid out to investors to keep the Ponzi scheme going, it’s clear Finiko represents a massive fraud perpetrated against Eastern European cryptocurrency users, predominantly in Russia and Ukraine,” Chainalysis wrote.

    Ransomware geography

    Ransomware addresses believed to belong to Eastern European hackers received $46 million over the past year, “behind only Western Europe at $51 million.” Here, researcher’s task gets trickier because it’s hard to precisely locate any crypto address on the globe.

    As Chainalysis said, the main assumption is the most notorious hacker groups are presumably associated with Russia, such as the Evil Corp, “whose leadership reportedly has ties to the Russian government,” the report said. Also, most ransomware strains affiliated with Russia and the neighboring countries have parts of code that prevents them from attacking the computers located in those countries.

    “Our geographic attribution is based on web traffic to cryptocurrency services, so in cases where two regions use many of the same services, it’s more difficult to attribute transaction volume to the correct service,” Chainalysis wrote.

    “Western Europe has high service overlap with more regions than any other, displaying particularly strong relationships with Eastern Europe, North America and Central and Southern Asia,” said Kim Grauer, Chainalysis’ head of research.

    “We believe that for some regions like North America, this dynamic reflects a convergence of institutional investors and professional traders on a handful of platforms. On the other hand, for regions like Eastern Europe and Central and Southern Asia, we believe the service overlap in those cases is also driven by remittance payments being sent from Western Europe, as this would mirror remittance activity we see in the fiat world,” Grauer added.


    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Anna Baydakova

    Anna Baydakova was CoinDesk's investigative reporter with a special focus on Eastern Europe and Russia. Anna owns BTC and an NFT.

    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.