Crime

Crypto Money Laundering in Japan: Global Problem, Local Perspectives

Read this article in Japanese.

2024 has seen a number of positive developments for the cryptocurrency ecosystem. In many ways, crypto has continued to gain mainstream acceptance, following the approval of spot Bitcoin and Ethereum exchange-traded products (ETPs) in the United States and revisions to the U.S. Financial Accounting Standards Board (FASB)’s fair accounting rules. Furthermore, inflows to legitimate services year-to-date (YTD) are the highest they’ve been since 2021, the previous bull market peak. In fact, aggregate illicit activity YTD fell by 19.6%, dropping from $20.9B to $16.7B, demonstrating that legitimate activity is growing more quickly than illicit activity on-chain. This encouraging sign points to the continued adoption of crypto globally.

These global trends are reflected in Japan’s crypto ecosystem, as well. In general, the exposure of Japanese services to global illicit entities such as sanctioned entities, darknet markets (DNMs), and ransomware services is generally low, as most Japanese services cater primarily to Japanese users. However, this doesn’t imply that Japan is totally immune from crypto-related crime. Public reports, including those from JAFIC, Japan’s financial intelligence unit (FIU), emphasize that crypto poses a significant money laundering risk. Although Japanese exposure to international illicit entities may be limited, the country is not devoid of its own local challenges. Off-chain criminal entities that leverage crypto are prevalent, yet often fly under the radar.

In this article, we will explore two critical crypto crime issues in Japan that warrant closer scrutiny: money laundering and scams.

Money laundering and cryptocurrency

First, let’s explore the nexus between money laundering and crypto. Money laundering in the crypto context is often associated with concealing proceeds from on-chain crimes, such as DNMs and ransomware. But as the world continues to embrace crypto, so, too, do illicit actors eager to exploit powerful new technologies. With the right tools and knowledge, investigators can leverage the transparency of blockchain to uncover and dismantle illicit activity on-chain and beyond.

Crypto-native money laundering

The process of laundering funds acquired on-chain is often sophisticated, as cybercriminals use various services to obscure fund origins and movements. Crypto-native money laundering presents a persistent challenge for crypto services and law enforcement agencies alike.

The first stage of crypto-native money laundering — placement — always involves crypto. Despite the transparency of the blockchain, criminals often choose crypto for money laundering, given it is typically easier to create private wallets that do not require know your customer (KYC) information than to launder funds through conventional placement tactics, such as preparing bank accounts for money mules. The intermediate stages of money laundering (layering) can take many forms. In traditional fiat laundering, this might involve sending funds through multiple bank accounts and/or shell companies. In crypto, this might involve:

  • Intermediary wallets or hops: Multiple personal wallets are used to complicate tracing, often accounting for over 80% of the total value flowing through these laundering channels. For investigators and compliance professionals using Chainalysis, detecting illicit activity and tracing through intermediary wallets can be relatively simple.
  • Crypto obfuscation services: Obfuscation services can take several different forms, such as mixers, cross-chain bridges, and privacy coins. While these services are used extensively by launderers, they also have legitimate privacy use-cases that are not inherently illicit.
    • Mixers: These are services that blend crypto from various users to obfuscate the origin and ownership of funds. Consistent with a general uptick in market activity, mixers have begun to see a resurgence in 2024.
    • Cross-chain bridges: These services and protocols facilitate the transfer of assets between different blockchain networks, creating complex webs of transactions.
    • Privacy coins: Tokens like Monero and Zcash use advanced cryptographic techniques to hide transaction details, making them attractive to illicit actors.
  • Stablecoins: Increasingly a preferred vector for the transfer of illicit funds, reflecting the overall increase in global stablecoin adoption over the last few years. But using stablecoins also adds an element of risk for launderers as many stablecoin issuers are responsive to the authorities and have the ability to freeze funds.
  • Over-the-Counter (OTC) brokers: Found all over the world, OTCs can facilitate large trades with minimal scrutiny, often bypassing public order books and KYC requirements.

While some cybercriminals may hold their ill-gotten gains in personal wallets for years — presumably in hopes that authorities will turn their attention elsewhere — most bad actors look to off-ramp funds from crypto to cash. Over 50% of illicit funds wind up at centralized exchanges, either directly or indirectly after the use of obfuscation techniques. Illicit actors might turn to centralized exchanges for laundering due to their high liquidity, ease of crypto-to-fiat conversions, and integrations with traditional financial services that help blend illicit funds with legitimate activities. There are currently hundreds of centralized services in any given year that receive over $1 million in illicit funds.

Non-crypto-native money laundering

Conventional money launderers are onboarding to crypto using methods similar to their fiat-based strategies. Unlike crypto-native money laundering, non-crypto-native money laundering begins with the placement stage involving fiat. Typically, criminals will first use bank accounts for their fiat funds, which they then convert into crypto. Then, criminals can layer their funds, as in crypto-native money laundering.

Non-crypto-native money laundering involves off-chain criminal activities, such as narcotics trafficking and fraud. Identifying novel on-chain laundering patterns often mirrors the detection of anomalous fiat-based transactions and patterns. In non-crypto-native money laundering, on-chain analysis typically begins at centralized exchanges, therefore, making it difficult to identify illicit transactions in the absence of other background information. Though tracing these funds’ flows can be challenging due to evidentiary scarcity, data science techniques can flag indicators of potential non-crypto-native money laundering.

One method to identify non-crypto-native money laundering is through repeated transfers just under reporting thresholds, which we discussed in greater detail in our 2024 Crypto Money Laundering Report. While these thresholds vary by country, the Financial Action Task Force (FATF) — the international body that sets standards for AML/CFT — recommends that crypto transactions exceeding $1,000 USD/EUR be subject to the Travel Rule, while U.S. authorities set this threshold at $3,000. Additionally, the U.S. Bank Secrecy Act (BSA) requires reporting on cash transactions exceeding $10,000.

Transactions in excess of these values trigger additional scrutiny, while transactions under these thresholds, even by just a dollar, do not face the same level of inspection.

The chart below displays the value of funds moving to centralized exchanges by transfer size for 2024 YTD. It reveals a noticeable surge in transfers just below the $1,000, $3,000, and $10,000 reporting thresholds, as well as just above it. The transfers slightly above these thresholds could potentially be attributed to rounding differences in exchange rates. The surges are typical of bad actors who structure their payments to avoid triggering reporting requirements. Transactions just below reporting requirements is one of the red flag indicators the FATF has highlighted in guidance for Virtual Asset Service Providers (VASPs) to help identify suspicious behavior.

Consolidation points

Exchanges might also benefit from monitoring consolidation wallets that interact with their service. When launderers layer funds through many intermediary wallets, the transaction flows are often not simple and linear. Rather, the launderer might split funds off into many disparate wallets and then reconsolidate the funds later, after multiple transactions.

A consolidation wallet receives and combines funds from several wallets or sources. If funds move through multiple separate intermediary wallets and then consolidate at a single address, this could suggest an attempt to avoid detection.

The Chainalysis Crypto Investigations graph below demonstrates this type of behavior in a known scam group targeting the elderly. In this scenario, the scammer likely instructed their victims to use a specific service, Exchange 1, to purchase crypto assets. Each victim was then directed to send funds to a different wallet controlled by the scammer. The scammer subsequently consolidated these funds into a single wallet before cashing out at Exchange 2.

Compliance teams at Exchange 1 would have difficulty directly linking the victims to the scammer, especially if the intermediary addresses are single-use with no prior illicit ties — unless they traced the transactions to the consolidation wallet. The use of many intermediaries prior to consolidation is a known strategy to prevent Exchange 1’s compliance team from understanding the connections between all the victims that were sending funds.

While the example above is relatively simple, more complex money laundering networks feature consolidation wallets that aggregate funds from dozens or even hundreds of intermediary wallets. Querying Chainalysis data can point investigators to major consolidation wallets, which often serve as useful leads. For example, the top one hundred bitcoin consolidation wallets in 2024 YTD — all of which have transacted two hops away from an exchange — received almost one billion dollars ($968M) worth of bitcoin from over 14,970 distinct addresses.

Further expanding the aperture, we identified over 1,500 consolidation wallets that have received a total of $2.6B worth of bitcoin in 2024; each of those have received funds from at least ten different wallets. Again, we cannot say for certain that this represents money laundering — in fact, much of it likely represents legitimate inflows. But this activity may warrant additional scrutiny.

Illicit activity in Japan: Money laundering and scams

In Japan, we have been observing that the most common illicit uses of crypto are the laundering of funds from non-crypto-native crimes and scams, based on our conversations with key industry players as well as statistics and documents published by the local authorities. We will discuss how these issues are recognized in Japan, and explore how we could estimate the amount of the damage from such crimes.

Money laundering for non-crypto-native crimes

As mentioned earlier, it’s difficult to track non-crypto-native crime cases at scale without context — often only known by law enforcement, financial institutions, crypto services and/or victims. Nonetheless, some of our customers have provided us with information for address attributions, allowing us to better understand the state of non-crypto-native money laundering in Japan. According to the information we have received so far, many illicit accounts at centralized exchanges are created to receive funds in fiat from traditional forms of fraudulent activities and phishing campaigns that steal funds from online bank accounts. We published a blog last year addressing our on-chain analysis on a Japan-based money laundering case that started with non-crypto native crimes.

According to 2023 statistics published by the Japanese National Police Agency (JNPA), in 2023, Japan had 19,038 reported fraud cases, the total damage of which was ¥45.26B (approximately $300M USD). These numbers exceed those from 2022, suggesting that such fraudulent activities are still growing and remain a significant problem. Although these statistics do not address the amount of fiat that was converted to crypto, as we explore later, we assess a considerable portion of it was crypto-based money laundering.

In this vein, according to a report published by the JNPA’s Cyber Affairs Bureau, nearly half of the reported stolen funds from online bank accounts, totaling ¥8.73B ($57.89M), were sent to the bank accounts of crypto exchanges. These funds flows suggest that crypto is now being used as a common tool for fraudsters to launder their stolen funds.

Scam trends affecting Japan

As our Crypto Crime Reports describe, scams are among the top illicit categories in crypto. We have previously identified prominent crypto scam clusters with touchpoints in Japan, but today, Japanese law enforcement agencies are also keeping an eye on a new trend of scams — social media-based investment scams and romance scams.

Recent investment scams often place advertisements soliciting investments on major social media platforms to catch attention from potential victims. The scammers impersonate famous economists or celebrities to attract more followers and lead them via the URL on the advertisement to a group channel on popular messaging apps where many fake members actively post comments and applaud the channel host. Victims are drawn into conversations with the scammers — who often call themselves the channel owner or assistant — and are eventually instructed to make transactions at a fake investment website.

Romance scams, also known as “pig butchering scams” for the way bad actors say they “fatten up” their victims to extract the most possible value, are a large and growing problem with a significant crypto nexus. Romance scammers start by building a relationship over time with the victim (usually of a romantic nature, as the name implies), often initiating contact by pretending to have text messaged a wrong number or via dating apps. As the relationship deepens, the scammer will eventually push the victim to invest money (sometimes cryptocurrency, sometimes fiat) in a fake investment opportunity, and continue to do so until they eventually sever contact.

JNPA’s latest statistical data on these types of scams shows the following figures between January and August this year, which are significantly greater than those in the previous year:

  • Investment scams: 6,868 cases reported, totalling ¥64.14 billion ($424.97M) – 9.9% were crypto
  • Romance scams: 4,639 cases reported, totalling ¥23.65 billion ($156.7 M) – 17.7% were crypto

Once the Japanese Government recognized this as a prominent threat to Japanese citizens, the cabinet held a meeting to discuss countermeasures and policies, including enhancing investigative capabilities on crypto, preventing illicit bank withdrawals and establishing a legal framework to fully support asset seizure and recovery.

Our on-chain analysis on fraud and scam cases in Japan

While it is difficult to trace off-chain money laundering at scale, we can trace the flow of funds when our customers alert us to this activity and provide the addresses and transactions involved, as we did last year. As we continue to work closely with our customers and partners in Japan to strengthen our data, especially on off-chain money laundering activities, we can also analyze the state of fraud and scams involving cryptocurrencies in Japan.

Below is the total receiving value of the clusters reported as fraudulent accounts and scams for 2023 and 2024 (until June).

 

Reported as fraud (non-crypto-native) (total receiving value from Japanese exchanges) – USD

BTC ETH
2023 36,500,131.70 3,070,942.20
2024 (Jan – June) 18,850,727.33 1171.32

 

Reported as scams (total receiving value from Japanese exchanges) – USD

BTC ETH
2023 11,015,099.48 44,641,910.52
2024 (Jan – June) 5,677,761.22 13,700,140.32

 

As always, we must caution that these figures are lower-bound estimates, especially so for off-chain crimes, as many scams and fraud go unreported.

Nonetheless, these activities have a common pattern: the use of consolidation wallets. Even though initial addresses that directly receive funds from exchanges are distributed and short-lived, funds from these addresses are eventually sent onward to a much smaller number of private wallets and/or deposit addresses at exchanges.

When we narrowed down to cases involving ETH, we found that consolidation wallets regularly used decentralized exchanges (DEXs) or bridges to swap ETH to USDT.

How to read this graph
– Blue: Funds from Japanese exchanges to suspected scam addresses
– Red: funds from the initial addresses to the first consolidation points
– Green: funds from the first consolidation points to the second consolidation point
– Purple: funds from the second consolidation point to a DEX (ETH<->USDT)

 

Considering the rapid pace at which money launderers use new wallet addresses, it’s not easy to track them all individually in real-time, but we can still identify common consolidation points from clusters we’ve identified to estimate the magnitude of these illicit activities. In this case, we followed the process below to estimate the amount of potential illicit funds associated with cases in Japan:

  • Trace funds from clusters already attributed as Japan-based illicit clusters to find consolidation points
  • On the consolidation points, aggregate the receiving exposure amounts from the clusters flagged in Japan and the clusters of Japanese exchanges

Here’s what we found:

 

Estimated value of non-crypto-native money laundering – USD

BTC ETH
2023 410,660,875.52 9,478,208.96
2024 (Jan – June) 30,738,415.72 851,372.94

 

 Estimated value of scams in Japan – USD

BTC ETH
2023 80,001,762.23 173,179,428.38
2024 (Jan – June) 43,436,507.05 68,779,128.04

 

These estimates are consistent with those published by the Japanese authorities, as discussed earlier.

Sophisticated bad actors adapt frequently

The changes in money laundering strategies we’ve seen from a broad array of threat actors serve as an important reminder that the most sophisticated illicit actors are always adapting their money laundering strategies and exploiting new kinds of crypto services. Law enforcement and compliance teams can be more effective by studying these new on-chain laundering methods and patterns, and learning how to disrupt them.

How Chainalysis can help

As both crypto-native and non-crypto-native money laundering techniques evolve, staying ahead requires a comprehensive approach. With trusted blockchain intelligence, advanced technology, training and expert insights, government agencies and cryptocurrency exchanges alike can efficiently respond to money laundering and other cybercrimes.

Get in touch today to see how we can help you detect, deter, and disrupt illicit operations while ensuring compliance with global AML regulations.

This material is not intended to provide legal, tax, financial, investment, regulatory or other professional advice, nor is it to be relied upon as a professional opinion. Recipients should consult their own advisors before making these types of decisions. Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information herein, and assumes no obligation to update any forward-looking statements to reflect any circumstances that may arise after the date such statements are made. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.