Public Ledger Cryptocurrencies

• Criminals send or route funds in widely used public cryptocurrencies (e.g., Bitcoin, Ethereum) to mixers that merge multiple user inputs into pooled transactions, obscuring connections between incoming and outgoing addresses.
• Once redistributed by the mixing service, the path from the original (tainted) addresses to the final (clean) outputs is effectively broken, hindering straightforward blockchain analytics.
• This layering process allows criminals to reintroduce illicit proceeds into exchanges or other platforms without clear links to the original unlawful activity.

• Criminals deposit publicly traceable cryptocurrencies (e.g., Bitcoin, Ethereum) into decentralized mixers, which combine multiple user inputs into aggregated transactions, obscuring the trail of funds on the blockchain.
• Because there is no single controlling entity, no KYC measures exist to verify users, facilitating the anonymous placement and withdrawal of illicit funds.
• This mixing process severs the on-chain link between sending and receiving addresses, enabling layering by splitting or merging illicit proceeds among numerous outputs, thwarting investigators’ efforts to link the funds to their origin.

• Criminals perform repeated cross-chain swaps or bridges of well-known public ledger cryptocurrencies (e.g., bridging BTC to ETH and then onward), with each hop appearing as a fresh deposit to different blockchain addresses.
• By leveraging the wide availability of bridging platforms for public ledgers, they effectively break transaction history links, hindering investigators’ ability to correlate the final destination with the initial source of illicit funds.
• Frequent chain transitions complicate monitoring efforts, as investigators must analyze multiple blockchains and bridging transactions to follow the money trail.

• Criminals send tokens (e.g., on Ethereum) to a burn address with no private keys, permanently removing them from circulation.
• They then mint an equivalent amount of tokens on another public blockchain, breaking any direct on-chain linkage to the original funds.
• By leveraging minimal-KYC cross-chain bridging services or decentralized platforms, the newly minted tokens appear disconnected from the initial source, complicating investigators’ efforts to trace asset provenance.

• Criminals exploit cross-chain bridge protocols to lock publicly ledgered assets (e.g., BTC, ETH) on one blockchain and mint equivalent tokens on another chain, breaking a direct, traceable link between the original and subsequent transactions.
• By scattering transaction histories across multiple public ledgers, investigations become more complex, as conventional blockchain analytics typically focus on a single chain.
• Minimal or no KYC requirements on many decentralized bridging platforms further obfuscate beneficial ownership and complicate law enforcement efforts.

Mule accounts funded with illicit capital purchase Bitcoin, Ethereum, or other public ledger cryptocurrencies. By rapidly trading or transferring these assets among multiple mule accounts at the regulated exchange, criminals obfuscate ownership and create a complex transaction history. This layering reduces transparency, as the exchange’s internal account records mask the ultimate beneficiary behind falsified KYC data.

• Once deposited as cash into the ATM, funds are converted into publicly traded cryptocurrencies like Bitcoin.
• Criminals exploit the pseudonymous nature of these blockchains, where addresses are visible but the real owners remain obscured, enabling cross-jurisdictional layering.

• Criminals route access to exchanges or blockchain interfaces through privacy-focused networks, obscuring IP logs that could reveal user identities.
• Investigators find it more challenging to map transaction flows when network-level cues are stripped away.
• International fund transfers via public blockchains become even more difficult to trace when layered behind anonymizing connections.

• Criminals route transactions through public blockchain networks while connected via VPNs, masking their true IP addresses to make user locations and access patterns appear legitimate or geographically scattered.
• This obfuscation hinders financial institutions and investigators attempting to correlate blockchain transaction data with known IP addresses, complicating the identification of underlying illicit users during the layering stage.

• Criminals route transactions over Onion over VPN to hide their originating IP addresses when sending or receiving public ledger cryptocurrencies (e.g., Bitcoin or Ethereum). This technique frustrates investigators who rely on IP geolocation or node-level data to connect specific wallet addresses to real individuals.
• By masking the true source of transactions, criminals can execute payments or move funds without revealing identifiable network attributes, complicating attribution and traceability efforts.

• Illicit funds are divided into multiple small crypto transfers, each below the exchange or platform thresholds for heightened due diligence.
• Criminals then distribute these fragmented amounts across numerous newly generated (ephemeral) wallet addresses, complicating oversight of aggregate inflows on public blockchains such as Bitcoin or Ethereum.

• Criminals present counterfeit or stolen IDs to satisfy exchange or brokerage KYC requirements, obtaining accounts to trade cryptocurrencies like Bitcoin.
• By impersonating legitimate individuals, they avoid suspicion and convert illicit proceeds into digital assets, further distancing funds from their criminal origins.
• The false identity behind the account hinders effective transaction monitoring and beneficial owner identification.

Scripts route funds through decentralized-exchange swaps and liquidity pools, scheduling micro-trades that bounce tokens across protocols without central-bank visibility, thereby multiplying hops and obscuring origin.

• Criminals exploit near-real-time swaps of widely used cryptocurrencies like Bitcoin or Ethereum to repeatedly move funds, creating multiple transaction hops.
• Each quick swap severs the direct link to prior addresses, complicating investigators' ability to trace the original source.
• Exchanges requiring minimal user verification allow offenders to layer illicit proceeds undetected across multiple chain segments.

• Even though transactions are publicly recorded, using self-hosted wallets for Bitcoin or other transparent cryptocurrencies avoids mandatory identity checks tied to centralized exchanges.
• Criminals can anonymously acquire and hold these coins in their own wallets, then transfer or 'chain-hop' to obscure origins or convert them into privacy-focused assets.
• The lack of custodial control also thwarts freezing or seizure attempts, allowing illicit funds to flow worldwide with minimal regulatory friction.

• Criminals funnel transparent cryptocurrencies (e.g., Bitcoin, Ethereum) into non-custodial privacy wallets that implement coinjoin or stealth addresses, commingling illicit funds with unrelated transactions. This process severs the on-chain link to the original source and frustrates AML monitoring.
• By leveraging chain-hopping to shift value into and out of these wallets across multiple networks, launderers break transaction continuity and further complicate investigative tracing efforts.

• In certain extortion scenarios (e.g., ransomware), criminals demand that victims pay in Bitcoin or similar public-ledger cryptocurrencies.
• They exploit the pseudonymous nature and global reach of these assets, receiving the coerced funds in digital wallets.
• Funds are then layered across multiple accounts or exchanges, making it harder to trace origins despite the public blockchain record.

• Ransomware perpetrators frequently demand ransom in widely recognized public blockchain assets (e.g., Bitcoin, Ethereum).
• These funds are then rapidly moved between multiple addresses, each newly generated for separate incidents.
• By fragmenting transactions on visible but pseudonymous ledgers, criminals make it harder to tie funds back to the initial ransomware event.

• Criminals engage in chain-hopping and bridging (e.g., moving from Ethereum to other blockchains) to further obscure the audit trail of NFT proceeds.
• Although public blockchains are transparent, the sheer volume of transactions and use of intermediary addresses hamper straightforward tracing.
• This multi-chain approach complicates investigations, as funds appear to crisscross different networks, diluting clarity on the original source.

• Criminals exchange in-game currency or NFT proceeds for mainstream cryptocurrencies (e.g., BTC, ETH), leveraging the pseudonymous nature of wallet addresses to detach funds from their original source.
• Off-chain transfers and fragmented oversight weaken the trail, enabling further layering once the tokens are moved away from gaming environments.
• On the surface, these transactions may appear to be routine crypto-trading activities, complicating efforts to identify the original illicit funds.

• Initially, stolen tokens are swapped on decentralized exchanges to avoid scrutiny and then used to acquire metaverse assets. Once resold, the resulting proceeds are converted back into well-known public ledger cryptocurrencies (e.g., Bitcoin, Ether).
• Since public ledgers record all transactions, criminals rely on a complex sequence of wallet addresses and trades to make the final tokens appear unconnected to the original illicit funds.
• This continuous switching of tokens complicates tracing, allowing laundered assets to blend into legitimate cryptocurrency usage on major blockchains.

• Criminals convert in-game items or currencies into widely used cryptocurrencies (e.g., Bitcoin, Ethereum) and then move them across multiple wallets or exchanges.
• This cross-platform exchange adds layers to the laundering process, especially when combined with bridging in-game assets to public blockchains.
• Inconsistent KYC/AML standards at certain exchanges allow criminals to swap value into or out of game ecosystems without straightforward oversight.

Criminals deposit their illicit Bitcoin or Ethereum into bridging protocols that lock the tokens on the original chain while minting wrapped equivalents on the target chain. This severs direct address continuity in the public ledger, hindering standard blockchain analytics. Minimal or nonexistent KYC requirements on bridging services further obscure ownership, enabling multi-hop layering across multiple networks.

• After receiving illicit proceeds in governance tokens, criminals convert them into mainstream public ledger cryptocurrencies (e.g., Bitcoin or Ethereum) on minimal-KYC exchanges.
• Repeated swaps and cross-chain transfers obscure the transactional path, hindering direct linkage to the original illicit funds.
• High liquidity and widespread acceptance of these major cryptocurrencies facilitate quick movement of value, complicating traceability for investigators.

• Criminals exploit transparent blockchains (e.g., Bitcoin, Ethereum) for quick cross-border transfers, then implement numerous small, consecutive transactions (peel chains) to stay under monitoring thresholds.
• Rapid movements through multiple addresses and recipients make it difficult to piece together the entire trail, serving the layering goal of transaction chaining.
• The global accessibility of these cryptocurrencies facilitates transferring funds across jurisdictions in near real-time, complicating law enforcement efforts.

• Criminals initiate peel chains by sending repeated micro-transactions from a large initial balance to newly generated wallet addresses, incrementally 'peeling off' smaller amounts.
• The transparent yet pseudonymous nature of public blockchains enables the rapid creation of numerous addresses, forming a complex web of transfers that obscures the origin of illicit funds.
• By maintaining low-value transactions below AML alert thresholds, launderers significantly reduce the likelihood of detection, thereby complicating forensic tracing and prolonging investigators’ efforts.

• Criminals coordinate pump-and-dump schemes on small-cap or less-liquid cryptocurrencies, rapidly driving prices up by purchasing large volumes before selling off at inflated valuations.
• Wash trading is accomplished by trading the same coin between interconnected wallets to simulate legitimate market interest, luring outside participants into trading.
• These activities mask illicit funds as crypto “trading profits” when liquidated into fiat or other assets.

• Darknet marketplaces often accept prominent public-ledger cryptocurrencies (e.g., Bitcoin) for illicit transactions.
• Criminals exploit multiple wallet addresses and mixing or tumbling services to blur audit trails on otherwise transparent blockchains.
• High-speed, cross-border transfers allow funds to move rapidly between jurisdictions, reducing the effectiveness of AML scrutiny.

• Near-simultaneous buy and sell orders on centralized or decentralized exchanges enable criminals to inflate trading volumes while avoiding genuine market risk.
• By controlling multiple wallet addresses, offenders cycle illicit assets through repetitive wash trades, creating the illusion of legitimate transactions and complicating beneficial ownership tracking.

• OTC brokers exchange illicit cash for cryptocurrencies like Bitcoin off-exchange, preventing the public recording of trade volume or customer data.
• Repeated use of multiple OTC channels compounds layering, making blockchain analysis more challenging and further obscuring the origins and beneficiaries of funds.

• Criminals exploit transparent blockchains (e.g., Bitcoin) by conducting high volumes of transactions across multiple addresses to create layered transaction chains.
• Chain-peeling, using systematic partial transfers to new addresses, further obscures the final recipient of illicit proceeds.
• Repeated cross-exchange movements of these public ledger coins distance illicit funds from their original source.

• Criminals exploit minimal KYC on P2P platforms to buy or sell cryptocurrency directly with other users.
• They create numerous addresses on public blockchains, distributing illicit proceeds across multiple addresses to mask transaction origins.
• Repeated small transfers across user accounts hinder investigators’ efforts to link funds back to the source.

• Rug pull fraudsters require investor participation through common public cryptocurrencies like ETH, BNB, or similar coins.
• Once liquidity is removed, these public ledger assets are swiftly transferred across multiple addresses or blockchains, further obscuring the flow of illicit proceeds.

• Scam organizers direct victims' investments into well-known cryptocurrencies such as Bitcoin or Ethereum, making them appear as legitimate trading addresses.
• Once received, perpetrators quickly transfer these funds across multiple addresses or exchanges, exploiting the global accessibility and pseudo-anonymity of public blockchains, which complicates law enforcement's ability to identify the final beneficiaries.

• Criminals conducting tokenized fundraisings (ICOs/IDOs) often require participants to send widely recognized cryptocurrencies (e.g., Ethereum) in exchange for newly issued tokens.
• They can quickly route these incoming crypto funds through multiple addresses or swap them for other digital assets, obscuring the true flow of funds and hindering investigators.

• Fraudsters promise unrealistically high returns on well-known cryptocurrencies (e.g., Bitcoin, Ethereum), luring victims to invest.
• Once victims transfer their coins, scammers swiftly relocate them across multiple addresses, making the end recipients difficult to identify.
• While public ledgers offer transaction transparency, using numerous intermediary addresses and exchanges can camouflage the ultimate beneficiaries.

Cryptojacking malware targets public ledger cryptocurrencies (e.g., Ethereum, Bitcoin), generating new coins that are distributed to attacker-controlled addresses. The transparent blockchain enables splitting and merging funds across numerous addresses, complicating tracking and supporting rapid movement between services or jurisdictions.