Digital Wallets

• Mules set up or maintain digital wallets that rapidly receive and transfer illicit funds.
• Pseudonymous or limited-KYC features can make transaction tracing more difficult.

• By routing connections through a VPN, illicit actors obscure their genuine geographic location, complicating KYC and verification processes.
• Investigators face additional hurdles in tracing or linking suspicious activities to a real user, as typical IP-based controls are circumvented.
• This heightened anonymity can facilitate layering and movement of illicit proceeds via digital wallet balances.

• Criminals access or top up digital wallets on open WiFi, defeating IP-based suspicious activity checks by using shared or transient addresses.
• They can move funds rapidly across multiple wallets while avoiding consistent device fingerprints, hindering AML efforts.

• Repeated small-value top-ups allow criminals to circumvent threshold-based alerts.
• Creation of multiple or ephemeral wallets distributes funds, complicating investigators’ ability to link the overall total.

• Multiple wallet accounts can receive and transfer small increments, evading typical risk-based transaction limits.
• Frequent low-value loads and withdrawals from digital wallets conceal the true extent of illicit fund flows.

• Newly minted coins are transferred to digital wallets controlled by criminals, often across borders, breaking any on-chain link to the illicit origin.
• Digital wallets can be used with minimal or no KYC requirements, making it difficult for investigators to trace the true ownership or source of funds.
• This obfuscation layer effectively laundered the illicit proceeds into fresh cryptocurrency with no transaction history.

• Newly minted cryptocurrency from remote mining is funneled into digital wallets in separate jurisdictions, obscuring transaction trails.
• Criminals often use multiple or transient wallets to further hinder investigators’ ability to connect proceeds back to original illicit sources.

Launderers link dozens of custodial / non-custodial wallets to auto-forward balances every few minutes, creating a lattice of pass-through nodes invisible to single-FI monitoring.

• Allow users to fully control private keys themselves, bypassing centralized oversight or mandatory KYC checks.
• Facilitate cross-border transfers between pseudonymous addresses with minimal external monitoring, impeding freezing or blocking of illicit assets.
• When privacy-enhancing features such as coinjoin or stealth addresses are built in, beneficial ownership and transaction trails become significantly obscured, hampering AML/CFT investigations.

• Criminals leverage privacy-enhanced, non-custodial digital wallets (e.g., coinjoin or stealth addresses) to obscure ownership, making it difficult for investigators to trace illicit funds.
• Mixing or commingling features within these wallets break the link between sender and recipient, complicating AML checks and concealing the original source of assets.

• Criminals create sham donation drives via crowdfunding platforms, channeling illicit funds under the appearance of genuine contributions.
• The volume of micro-donations and multiple donor accounts obscures the origin and facilitates layering.
• Inconsistent or weak KYC measures allow perpetrators to mask true identities behind seemingly legitimate campaigns.

• Ransomware operators create multiple newly generated wallet addresses for each extortion incident, avoiding address reuse.
• This rapid wallet creation fragments the transactional trail, making it difficult to trace illicit assets back to the initial ransom event.

• Criminals open offshore e-wallet accounts with forged or low-verification documentation, bypassing stronger onshore due diligence.
• Ongoing micro-deposits disguise the origin of funds, leveraging partial anonymity to obscure the money trail.
• These wallets facilitate rapid cross-border transfers and withdrawals, creating multiple transaction layers that frustrate detection.

• Criminals leverage e-wallets for rapid deposits or withdrawals of gambling proceeds, often circumventing traditional KYC measures.
• Pseudonymous or minimal verification requirements impede efforts to link transactions to actual beneficial owners.

• Facilitate storage and rapid movement of payment tokens across multiple addresses, hampering traceability.
• Criminals can frequently generate or reassign wallet addresses to hide beneficial ownership and origins of illicit proceeds.

• Allow self-custody and pseudonymity by enabling users to hold private keys and transact without traditional KYC processes.
• Criminals can create multiple wallets in quick succession, severing traceable links and diminishing regulated oversight.

• Facilitate rapid creation of multiple addresses or wallets to quickly store and transfer funds, speeding up layering.
• Splitting funds into micro-deposits and withdrawals obscures the overall trail, especially when used alongside other cross-chain or off-chain services.

• Remote registration processes allow users to provide falsified identity information with minimal oversight.
• Criminals leverage software-based wallets from high-risk or concealed locations, often using proxies or remote desktops.
• Once approved, they move illicit funds rapidly among multiple wallet accounts under different synthetic identities.

• Stolen credentials grant unauthorized access to custodial wallet balances, letting criminals conceal or move illegal proceeds outside traditional banking.
• The speed and relative anonymity of digital wallet transfers make it easier to dissipate funds before detection.

• Store and manage proceeds from darknet transactions in numerous anonymous or pseudonymous wallet addresses, complicating traceability.
• Facilitate rapid movement of illicit funds across multiple wallets, hampering effective investigative oversight.

• Launderers maintain multiple e-wallets to deposit and withdraw funds into gambling platforms where chip dumping occurs.
• Rapid movement of funds between different wallets and accounts makes tracing and freezing fraudulent transactions more difficult.
• Minimal KYC requirements on certain digital wallet providers can further conceal true identities.

• Multiple wallet addresses can be used to further fragment and shuffle privacy coin holdings, obscuring transactional history.
• Non-custodial wallets often lack verification checks, letting criminals circulate funds without disclosing their identities.

• Illicit funds are routed among multiple personal or external wallets, creating complex transaction chains that hinder law enforcement’s ability to identify the end owner.
• Privacy-focused wallet features and mixing protocols further obfuscate transactional flows, masking links between senders and recipients.
• Frequent wallet-to-wallet movements with no economic rationale enable extended layering and conceal beneficial ownership.

• Criminals set up numerous pseudonymous or unhosted wallets to receive, hold, and redirect illicit proceeds.
• Rapid transfers among these wallets create additional layering steps, hindering investigators’ ability to track beneficiaries.

• Illicit proceeds are funneled through multiple digital wallets, fragmenting transaction trails and complicating oversight.
• Weak or inconsistent customer verification in some wallet services allows criminals to obscure the true origin and ownership of funds.

• Romance scammers instruct victims to create digital wallets, collecting and dispersing illicit funds under pretexts of ‘urgent needs’ or ‘private transactions.’
• The pseudonymous nature of digital wallet transactions adds an extra layer of concealment, complicating efforts to trace final beneficiaries.

• Enable criminals to receive and store proceeds from counterfeit medicine sales under pseudonymous or weakly verified accounts.
• Facilitate quick transfers to other wallets or services, complicating tracing and allowing layering of illicit funds.

• Criminals instruct victims to send funds to specific crypto wallet addresses under their control, concealing beneficial ownership.
• They then layer the stolen proceeds across multiple digital wallets to further obfuscate the source and hinder AML detection efforts.

Self-hosted or lightly regulated wallets serve as first-hop repositories for mining payouts; attackers create many addresses to fragment inflows and mask ownership.