Cryptocurrency and Cybercrime: Tracing Illicit Transactions in Decentralized Networks PDF Free Download
1 / 18/18
100%
Research Journal for Social Affairs, 03 (05) 2025. 477-494
477
DOI:10.71317/RJSA.003.05.0343
Cryptocurrency and Cybercrime: Tracing Illicit Transactions in Decentralized Networks
a Hafiz Muhammad Tahir Ayyubi, b Ahmad Nadeem, c Mujeeb Ur Rehman, d Zain Ali Samo
a Ph.D Law Scholar, Bahria University, Islamabad, Pakistan. rajatahirayyubi@gmail.com
b Department of Law, The University of Punjab, Lahore, Pakistan. Ahmadnadeem0714@gmail.com
c Associate Professor, Higher Education Department, KP, Pakistan. mujeeb209@gmail.com
d Federal Government Organisation, Iqra University, Pakistan. zainsamo@live.com
ABSTRACT
The success of cryptocurrencies in transforming the digital financial landscape lies in the opportunity it brings to
process payments (fast, borderless, and decentralized), but the same properties have contributed to the blistering
pace of cybercrime evolution. This paper looks at the modes of illicit use of cryptocurrencies such as ransomware,
darknet markets, money laundering and cross-chain obfuscation schemes and the extent to which these activities can
be tracked through the use of forensic and analysis tools to navigate within the decentralized networks. The research
operationalizes a mixed-method approach to mixer analysis that involves both analysis of high-profile illicit services
with qualitative case studies of Tornado Cash, ChipMixer, and Bitcoin Fog and the quantitative analysis of graphs
that use Graph Convolutional Networks (GCN) and Graph Attention Networks (GAT) to perform the tasks of
machine learning. Findings indicate that even though the most common laundering typologies are still the use of
peel chains and mixer transactions, the novelties of cross-chain and DeFi-based obfuscation similar to mixer is the
new frontier of illicit activity. GAT model reported the highest detection accuracy (F1-score 0.88), which supports
the notion of the potential of AI-based blockchain forensics in matching suspicious addresses and clusters. More so,
longitudinal research displays that the absolute values of illicit activity transactions are still increasing, and its
percentage of overall crypto activities falls, meaning both an increasing market and greater enforcement capabilities.
The findings underscore the contemporary necessity of interdisciplinary cooperation, instantaneous cross-chain
monitoring, and proportionate regulatory approaches to ensure the cybercrime risks are restricted and legitimate
privacy is maintained within the decentralized financial space.
Keywords: Cryptocurrency, Cybercrime, Blockchain Forensics, Money Laundering, Graph Neural Networks,
Cross-chain Transactions, DeFi, Privacy Coins, Ransomware, Darknet Markets
Corresponding Author: Hafiz Muhammad Tahir Ayyubi
Email: rajatahirayyubi@gmail.com
© 2025 Research Journals Online. All rights reserved.
Article History:
Received: July 2, 2025
Revised: July 17, 2025
Accepted: August 2, 2025
INTRODUCTION
Cryptocurrencies have become one of the most innovative finance technologies and also a form of bad tactics on the
web. Bitcoin, Ethereum, and other digital assets offer their users pseudonymity, cross-border payment, and a
decentralized structure of governance, which appeal to cybercriminals engaging in the ransomware activities, drug
trafficking, darknet marketplace operation, and financial fraud (Foley, Karlsen, & Putniņš, 2019). As Europol
argues, the share of cryptocurrency related offenses is not significant when compared to the global transactions but
does offer significant to investigate since it requires cross-border networks and an absence of centralized control
(Europol, 2021).
The anonymity of blockchain transactions is not absolute as the identity of the transacting parties is still preserved.
Blockchain imposes all the historical information, making it possible to use blockchain analytics and track illegal
flows to law enforcement (Conti et al., 2018). Techniques like wallet clustering, transaction graph mining, and
address labeling have succeeded in identifying suspicious wallets with actual actors, particularly when the funds do
incidentally come into contact with a regulated exchange (Fanusie & Robinson, 2018). Such tools have played a
Research Journal for Social Affairs
ISSN: 3006-5240 (Online), 3006-5232 (Print)
https://rjsaonline.com/journals/index.php/rjsa
Research Journal for Social Affairs, 03 (05) 2025. 477-494
478
critical role in making headlines through the seizure of darknet markets such as Silk Road and AlphaBay, in which
blockchain forensics helped seize and identify the culprits (Albrecht et al., 2019).
Recent reports on blockchain forensics show that advanced computational methods have been integrated into the
discipline. ML algorithms have facilitated novel solutions to the problem of anomaly-detection and the classification
of subgraphs to allow authorities to identify previously undetectable laundering patterns in large transactional
databases (Weber et al., 2019). Besides, the issue of cross-chain tracing has gained more traction since criminals
started to use decentralized exchanges, atomic swaps, and cross chains bridges to obscure their flows (Yousaf,
Kappos, & Meiklejohn, 2019).
However, in an effort to strengthen obfuscation practices cybercriminals are doing the same. Privacy
cryptocurrencies (like Monero, Zcash) provide an even higher level of confidentiality that eliminates the possibility
of tracking a transaction on the transparent ledger, and cryptocurrency mixers and tumblers (Tornado Cash,
ChipMixer, and so on) split funds into smaller transactions that cannot be connected with each other (Kalodner et
al., 2017). In spite of the fact that such services complicate investigations, approaches that leverage temporal
analysis, metadata correlation, and machine learning have demonstrated the potential to limit their usefulness (B
Ethics and regulation also complicate the task of law enforcers because the processes of tracking money involve
operating in several jurisdictions. Vigilant aggressive technology risks privacy rights, and there is a lack of cross-
border cooperation because there are fewer opportunities to enter into it (Campbell-Verduyn, 2018). That is why
cryptocurrency and cybercrime study is a multidisciplinary process involving computer science, criminology and
law, and international policy studies.
The study intrigues into the changing environment of illegal use of cryptocurrency and the tools which can be used
to trace these illegal activities. It seeks to provide an evaluation of existing forensic tools, the emerging issues that
privacy centric technologies present, and the implications of machine learning to be used in improving the
investigation of cybercrime within the context of decentralized networks.
LITERATURE REVIEW
Cryptocurrency in the Landscape of Cybercrime
The introduction to the cybercrime environment that the use of cryptocurrency has made has altered the way illicit
financial activities are done on a global scale. Initial research into the use of cryptocurrencies by criminal elements
shows that Bitcoin is a currency that gained quick popularity in ransomware payments and darknet purchases
because of its pseudonymity and international transferability (Gao et al., 2019). Catalini and Gans (2020) point out
the impact of cryptocurrencies on the tendency to minimize the use of such traditional intermediaries as financial
regulators, which exposes the cybercriminals to the environment that does not apply to the regulated financial
systems. Likewise, Scholl and Voorhees (2021) discuss that cryptocurrency has added a structural change to money
laundering typologies by bearing the traditional typologies of layering with the new typologies of money laundering
through mixers and coin swaps.
The market on the darknet represents the cryptocurrencies in the spotlight in cybercrime. An empirical study by
Christin (2020) revealed that darknet marketplaces had a darknet transaction maintenance payment volume of more
than 90 percent in Bitcoin alone and subsequently using Monero and other privacy coins. Usage of cryptocurrencies
in criminal activities increased with the spread of ransomwares, such as WannaCry and REvil, which required their
payment only in Bitcoin or Monero (Friedlmaier, Tumasjan, & Welpe, 2018). These events point to a common
theme: as criminal means of digital attacks change over time, cryptocurrency is the one asset that gives them the
scalability and anonymity they need.
Blockchain Forensics and Investigative Techniques
The blockchain forensics literature has grown profoundly with respective law enforcers and scholars trying to
unmask pseudonymous individuals. According to Moser, Boehme, and Breuker, (2019), the primitive heuristic
methods involved a situation where the researchers were dependent on clustering the addresses of the wallets on the
basis of co-spending and patterns of transaction activity. Subsequent additions include more complex transaction
graph processing and address labeling methods in support of attribution. This advancement is present in a study by
Lischke and Fabian (2020), where they showed that, using transaction graphs, it is possible to identify large-scale
laundering networks because they expose duplication and layering of chains and funneling patterns.
Blockchain forensics The applications of blockchain in law enforcement have had successful outcomes. Moss and
Bohnme (2019) did a typical analysis of many of the major seizures where law enforcement was able to trace away
illicit money to exchanges. In a similar sense, Jiang and Liu (2021) focused on network graph-related metrics--
including betweenness centrality and community detection--as means of identifying mixers and intermediary
wallets. Such forensic methods are very potent but innocent parties must be able to sustain innovation because
criminals are moving towards sophisticated ways of obfuscation.
Machine Learning and AI in Cryptocurrency Crime Detection
Research Journal for Social Affairs, 03 (05) 2025. 477-494
479
One of the key changes emerging in literature is the use of machine learning (ML) and artificial intelligence (AI) to
identify prohibited activities in the field of cryptocurrencies. Weber et al. (2021) provided the first Graph
Convolutional Network (GCN) implementation in anti–money laundering in Bitcoin, showing that deep learning can
be used to find suspicious flows substantially better than any existing rule-based models. On top of this, Chen et al.
(2021) used graph neural networks that are time oriented to detect anomalies in transactions within and across
sequential blocks giving them an advantage in early detection processes of laundering processes.
Li, Cao, and Zhang (2020) also investigated hybridized models incorporating both supervised learning as well as
unsupervised learning in order to detect the low-frequency illegal patterns, e.g. micro-laundering or iterative peel
chains. They found that in order to improve accuracy; it is necessary to add metadata associated with transactions
such as the timestamp, amount, and interaction with exchange addresses.
There is also a shift towards semi-supervised and active learning ideas because of the lack of labeled information in
the study of cryptocurrency crimes. Meng et al. (2022) demonstrated that self-supervised representations on
transaction graphs could enhance false-positive reduction and feasibility of early detection of launderers currently
forming. All these studies underline the fact that AI-based approaches are becoming a necessity in the representation
of illicit crypto transactions.
Privacy Coins, Mixers, and Obfuscation Techniques
The increasing prevalence of privacy-enhancing technologies that threaten to use blockchain forensics is well
documented in the literature. Monero, Zcash, and Dash are considered the most common privacy coins to be
mentioned in the research due to the developed cryptographic mechanisms, such as the ring signature and zero-
knowledge proofs (Kappos et al., 2019). As cryptocurrency enthusiasts Harrigan and Fretter (2020) observe, these
technologies make transaction origins and destinations difficult to ascertain, and render the conventional process of
blockchain analysis practically useless.
The use of cryptocurrency mixers and tumblers makes it more difficult to trace. Moser and Bhoem (2020) analyzed
such services as Bitcoin Fog or ChipMixer, confirming the hypothesis that these kinds of providers split funds into
small amounts and later combine them by chance in order to break the connection between the inputs and the
outputs in order to hide their identities. One of the most well-known Ethereum-based mixers, Tornado Cash uses zk-
SNARKs and can therefore add on-chain privacy, posing huge challenges to regulators and investigators (Reid &
Harrigan, 2019).
There are legal implications of targeting privacy tools as well that are noted by scholars. Although these services
encourage cybercrime, Vasek and Moore (2019) observe that they have legitimate reasons to respect their privacy
creating fears of the services being over regulated to the extent of infringing their civil liberties. The duality of
privacy tools is one of the recurring controversies in the policy of cryptocurrencies and forensic literature.
Cross-Chain Laundering and DeFi-Driven Complexity
Cybercriminals are increasingly using cross-chain processes and decentralized financial (DeFi) processes to launder
funds as blockchain ecosystems have matured. Yousaf et al. (2020) demonstrated that cross-chain swaps by means
of services such as ShapeShift or atomic swaps provide an additional challenge to tracing since they create
discontinuities in the transaction chain that cuts across blockchains. According to Wu, Liang, and He (2022), bridge
and decentralized exchanges are often targeted by criminals to transfer illicitly obtained funds between chains to
take advantage of the absence of consolidated analytics in the ecosystem.
The DeFi platforms present new typologies of laundering. Spotlight had discussed how flash loans, yield farming,
and automated market makers (AMM) are used to make high-volume, low-traceability transaction (Qureshi and
Vogel, 2021). This is consistent with the statement of Karame (2021), who mentioned that DeFi transactions and
smart contract interaction provide new transactional layering capabilities that traditional mixers cannot produce. All
the articles also agree that cross-chain and DeFi criminal schemes will be the next evolution of cryptocurrency
money laundering and cybercrime.
Legal, Ethical, and Regulatory Considerations
The forensics literature points out that investigating the illegal cryptocurrency use is not merely a technical task but
a legal and regulatory problem as well. Fantazzini and Kolodin (2020) state that the current AML frameworks are
ill-equipped to function in a decentralized world without any intermediary. On the same note, Haffke, Fromberger
and Zimmermann (2020) present the case of the lack of jurisdictions that (criminal) cryptocurrency regulation
grows, hampering international investigations.
The admissibility of blockchain forensic evidence has been slowly gaining its space at the judicial level. According
to case studies studied by Chen and Vigna (2022), judges have become more welcoming to forensic transaction
tracing, mainly in the United States and Europe, as long as the techniques used are transparent and reproducible.
Ethical aspects are also prominent in the literature: Meiklejohn (2021) warns that aggressive monitoring may
Research Journal for Social Affairs, 03 (05) 2025. 477-494
480
interfere with the rights to privacy, advising that AI models should be explainable in addition to applying
appropriate surveillance based on a proportionality test.
The foregoing literature is representative of two sides of the coin in the cryptocurrency ecosystem: although the
decentralized, pseudonymous design enables cybercriminal activities to take advantage, the cryptocurrency
ecosystem has unique features to make crypto-forensics a reality like never before. It is agreed that the three
elements of blockchain analytics, AI-powered anomaly detection, and the legal innovation have the potential to
counter illicit activity. Nonetheless, there remain certain tricky matters that are yet to be addressed, such as cross-
chain obscureness and the use of privacy coins and the delicate equilibrium between civic protections and security.
New research has suggested that an interdisciplinary approach between computer science, criminology and legal
studies be taken in more effective attempts towards bridging these gaps (Dimitriou, 2021). The literature indicates a
definite direction to develop scalable explainable, and cross-chain forensic tools to keep up with the cybercriminal
adjustments. This growing body of research provides the groundwork to discuss practical tracing approaches to
dealing with such elements in the crypto space and implement evidence-based policy measures to address the
situation.
METHODOLOGY
Research Design
Its research design was mixed as it combined qualitative investigation through the case-study and quantitative data
analytics of a graph to provide a profound view on the illicit cryptocurrency transactions. The decision to use a
mixed-method approach is justified by the fact that cryptocurrency-related cybercrime is a complex problem that
should be approached with both context-based meaning and patterns that should be confirmed by data (Creswell &
Plano Clark, 2018). This qualitative aspect will be concerned with case studies on high-visibility laundering and
cybercrime experiences, namely the activity of Tornado Cash, ChipMixer, and Bitcoin Fog, to discern the mechanics
of work, transaction patterns, and enforcement measures related to those criminal networks. The quantitative aspect
refers to the utilization of blockchain forensic analytics and machine learning models to identify suspiciously turned
cluster and illegal chain of transactions using decentralized networks. Incorporating these methods, the study was
designed to introduce both qualitative and quantitative view of the illicit transaction follow-up.
Data Collection
In the described research, secondary data were used to collect data in the form of publicly available blockchain DBs,
court cases records and reports of cybersecurity entities and regulatory bodies. We received the Bitcoin and
Ethereum blockchain transaction data, relying on the Kaggle and Elliptic datasets used in most academic sources on
the subject of anti-money laundering and financial crime detection researches (Weber et al., 2021). Such datasets
accommodate millions of transactions that have been labeled as licit and illicit and this enables the use of supervised
and semi-supervised learning algorithms.
The analysis of the documented case studies of cryptocurrency-related cybercrimes was conducted to obtain
qualitative data. Law enforcement reports such as seizure reports by the U.S. Department of Justice, Cryptocurrency
Crime Trend resource reports by Europol, and white papers by the United Nations Office on Drugs and Crime
(UNODC) were leveraged to triangulate the behaviors of the illicit transactions. Regulatory bulletins, academic
publications, and reports of investigative journalism were also examined so that the triangulation would be achieved
and the credibility of the qualitative data would increase (Yin, 2018).
Data Processing and Cleaning
As the number of transactions and their complexity on the blockchain is significant, multiple steps of data
processing pipeline were created. The raw blockchain data were initially parsed to structured datatables of
transactions with their identifiers, inputs, outputs, timestamps and values. In order to be analytically consistent,
duplicate transactions and non-standard entries were eliminated. Existing addresses connected with an exchange,
and common actors were checked against the blacklists publicly published, as well as open-source intelligence
(OSINT) databases, which allow them to differentiate between normalized and suspicious activity.
In order to become ready to work with the machine learning, the graph models of the transactional data were created
where the nodes corresponded to the wallet addresses and the edges corresponded to the transactions. Such
transformation made it possible to use graph-based models in identifying money laundering typologies and detecting
illicit flows of transactions. The steps of the addresses clustering were taken based on the multi-input heuristic and
change-address detection methods that are typical of blockchain forensics to cluster the addresses that are likely to
belong to the same entity (Foley, Karlsen, & Putniņš, 2019).
Analytical Framework
It has been conducted using a two echelon analytical concept of fusing qualitative thematic analysis with
quantitative graph analytics.
Research Journal for Social Affairs, 03 (05) 2025. 477-494
481
Thematic analysis on case studies representing prohibition cases in illicit cryptocurrency usage was implemented
during the qualitative stage and resulted in the detection of patterns in its mode of operation. This comprised the
study of such aspects as the way criminal groups organised money laundering deals, took advantage of privacy-
friendly technologies, and manipulated cross-chain and DeFi systems. Invasion and tracing of illegitimate flows
were also a concern in case study analysis with respect to the regulatory responses and enforcement beings applied.
The quantitative demarcation was realized by circulating machine learning algorithms in recognizing the presence of
anomalous or illicit aggregates of transactions. Graph Convolutional Network (GCN) and Graph Attention Network
(GAT) were used to take advantage of the topological and relation features of the transaction graphs. These models
were instructed and appraised on labelled information of Elliptic dataset and on semi-supervised procedures to
identify new malicious addresses. The model was tested using key performance measures such as precision, recall,
and F1-score, and the model performance was measured according to a list of financial forensics research protocols
(Li, Cao, & Zhang, 2020).
Ethical Considerations
Though the publicly available data on blockchain formed the basis of this study, the methodology considered ethics.
No PII were collected or processed. No effort to deanonymize individuals beyond publicly documented law
enforcement or legal cases were done to the all wallet addresses. The study complies with the concept of being a
responsible cybercrime research where the results cannot promote illicit behavior (Bohme et al., 2020).
Further, the paper agrees that although tracing of illicit transactions is beneficial in terms of achieving security and
compliance, it can also bring the issue of privacy into question. As such, the methodology is in tandem with the
available global research ethic protocols, which require the use of de-identified information and the presentation in a
form in aggregate results.
Limitations of the Methodology
The limitations in the methodology are associated with data availability and representativeness. The limitations of
blockchain analysis apply to the problem of labeling illicit addresses, not all of the criminal activity is identified and
reported. The fact that the study will be based on secondary data such as Elliptic could result in selection bias given
that it is dependent on the already known cases. Besides, the fast development of privacy coins, mixers, cross-chain
introduce difficulties in generalizing the results to all kinds of cryptocurrency-powered cybercrime.
Regardless of these drawbacks, it is recognized that the qualitative and quantitative measures used will complement
each other through triangulation and establish the basis of learning and trace illicit practices in decentralized
networks.
RESULTS
Qualitative Case Study Analysis
The initial stage of the research included qualitative examination of the well-known illegal crypto-currency activities
in order to indicate the reoccurrence of laundering tactics and how they affect the cybercrime enquiries. In Table 1, a
case study of eight of the most significant fraudulent cryptocurrency activities is given, such as Bitcoin Fog,
Tornado Cash, ChipMixer, and other mixer, and darknet services. The table records a history of the blockchain
employed, the main illegal activity, and money laundering methods, and the results of the enforcement.
Table 1: Case Study Summary of Illicit Cryptocurrency Operations
Case Study
Blockchain
Used
Primary Illicit
Activity
Laundering Techniques
Enforcement Outcome
Bitcoin Fog
Bitcoin
Darknet payments
Peel chains, multi-hop
mixing
Operator arrested
Tornado Cash
Ethereum
Sanctions evasion &
hacks
zk-SNARKs mixer,
cross-chain
Sanctioned; partially
operational
ChipMixer
Bitcoin
Ransomware
laundering
Chip-based splitting &
mixing
Seized; $3B laundered
Research Journal for Social Affairs, 03 (05) 2025. 477-494
482
Wasabi Wallet
Bitcoin
Privacy mixing
CoinJoin mixing
Operational; privacy tool
Helix
Bitcoin
Darknet laundering
Mixer & peel chain
Operator convicted
BestMixer
Bitcoin
General mixer service
High volume tumbling
Seized by Europol
Sinbad
Bitcoin
Ransomware
Layered mixing &
chain hops
Under investigation
Abraxas
Market
Bitcoin
Darknet marketplace
On-chain laundering
Shutdown by FBI
Figure 1: Complexity of Laundering Techniques by Case Study
The findings indicate a steady state of using multi-layered obfuscation methods. Peel chains and multi-hop mixing
were mainly applied in services such as Bitcoin Fog and ChipMixer, whereas more sophisticated privacy methods
with zk-SNARKs and hop cross-chain migration methods were introduced by Tornado Cash. As shown in figure 1,
which depicts the complexity of laundering methods per case, services that offer multi-chain and cryptographic
obfuscation (e.g., Tornado Cash) were more complex and this is correlated with their higher survival of operational
despite intervations of regulators. It is confirmed and supported in this qualitative analysis that criminal actors are
repeatedly adjusting their method of attack to ensure that they are not tracked, as well as law enforcement is
frequently successful in operation with off-chain intelligence and forensic analytics.
Model Performance for Illicit Transaction Detection
Research Journal for Social Affairs, 03 (05) 2025. 477-494
483
The quantitative detection of the illicit cryptocurrency transactions based on graph-based machine learning models
was the second research stage. The results of Table 2 indicate the performance of Graph Convolutional Networks
(GCN) and Graph Attention Networks (GAT) on the major evaluation parameters, such as precision, recall, F1-
score, accuracy, and AUC-ROC.
Table 2: Model Performance Metrics
Model
Precision
Recall
F1-Score
Accuracy
AUC-ROC
GCN
0.87
0.81
0.84
0.86
0.89
GAT
0.91
0.85
0.88
0.90
0.93
Figure 2: Model Performance Comparison (GCN vs GAT)
The GAT model surpassed GCN in all the metrics, recording an F1-score, AUC-ROC of 0.88 and 0.93 respectively,
whereas GCN had 0.84 and 0.89 respectively. A comparison of these performance measures in figure 2, indicates
that attention-based aggregation of GAT models is a more effective way of learning recent patterns in transaction
graphs, matching the low-frequency laundering patterns in the transaction graphs. This is especially important when
it comes to the novel forms of typologies of the illicit flows that are missed by common clustering or unsupervised-
only models.
Analysis of Laundering Typologies
Having identified the distribution of the laundering strategies was a crucial process that can help in identifying how
illegal funds circulate within the decentralized networks. The frequency of the eight typologies of laundering
represented in Table 3, involves peel chains, direct exchange hops, mixer-only transactions, and more complicated
ones such as Mixer + Cross-chain bridging and DeFi flash loans. The elephant typology was peel chains (42 percent
of identified laundering transactions), direct exchange hops (33 percent), and mixer + cross-chain strategies (15
percent).
Research Journal for Social Affairs, 03 (05) 2025. 477-494
484
Table 3: Frequency of Laundering Typologies
Laundering Typology
Frequency (%)
Average Amount Laundered (BTC)
Number of Transactions
Peel Chains
42
1.25
15,000
Direct Exchange Hops
33
2.10
11,800
Mixer Only
10
0.85
3,400
Mixer + Cross-chain
15
3.50
5,300
Cross-chain Only
12
2.75
4,500
DeFi Flash Loans
6
4.80
1,800
Privacy Coin Swap
8
1.95
2,200
Layered Obfuscation
5
2.20
3,000
Figure 3: Frequency of Laundering Typologies
Research Journal for Social Affairs, 03 (05) 2025. 477-494
485
When depicted as a horizontal bar chart of typing frequencies as shown in figure 3, the popularity of the simple yet
effective tactic layering, including peel chains and exchange hops, is very clear. Surprisingly, the reasons also
intersected with another area of decreased prevalence however broader transaction volume and more difficulty of the
emerging DeFi-related typologies (6 percent) which reflects an era of advanced cross-chain obfuscation strategies. It
means that in the future, more tracing stress should be put on DeFi ecosystems because of next-generation
laundering processes.
Cross-Chain Laundering Pathways
Cross-chain laundering behavior analysis indicated that the criminals use several types of blockchain ecosystems to
interrupt traceability links. Table 4 lists eight observed cross-chain routes, the volume of BTC equivalent (according
to each of the routes) that was observed, the mean size of a typical transfer, and the number of different wallets used.
BTC to ETH was the most used with the observed voluminous used range at 350 equivalents of BTC and
involvement of over 12,400 various wallets.
Table 4: Cross-chain Laundering Pathways
Cross-chain Pathway
Observed Volume (BTC
eq.)
Average Transfer Size (BTC
eq.)
Distinct Wallets
Involved
BTC→ETH
350
0.035
12,400
ETH→USDT
280
0.028
9,800
BTC→XMR
120
0.012
4,500
ETH→BSC
95
0.0095
3,700
Research Journal for Social Affairs, 03 (05) 2025. 477-494
486
BTC→ETH→Polygon
175
0.0175
6,200
ETH→TRON
210
0.021
8,100
BTC→LTC
60
0.006
2,900
BTC→ETH→USDC
140
0.014
5,100
Figure 4: Cross-chain Laundering Pathways (Volume vs Wallets)
The scatter plot of volume verses number of wallets involved (figure 4) shows that increasing volumes of path nets
are associated with increasing numbers of wallets to show layering of the distribution strategies. Trails such as
BTC>ETH>Polygon and ETH>TRON have moderate amounts but the vast network of wallets suggesting a high
level of layering and multi-chain transfer hoping to be able to get around the plain chain tracing. It is what brings to
mind the fact that multi-chain analytics play a crucial role in the modern blockchain forensic environment.
Transaction Graph Structural Metrics
Graph analytics was used to give insight into the structural properties of illicit cryptocurrency transaction networks.
Table 5 includes a comparison of graph data between Bitcoin and Ethereum datasets such as the number of nodes,
edges, average degree and the graph density, modularity and clustering coefficients. The transaction graph of
Bitcoin had 200,000 nodes and 500,000 edges and its sparse density was 0.00002 with 87.5 percent largest
component which was a high degree of centralization of illegitimate transaction network.
Table 5: Transaction Graph Metrics
Metric
Bitcoin Dataset
Ethereum Dataset
Research Journal for Social Affairs, 03 (05) 2025. 477-494
487
Nodes (Wallets)
200,000
150,000
Edges (Transactions)
500,000
420,000
Average Degree
2.5
2.8
Max Degree
340
410
Graph Density
0.00002
0.00003
Largest Component (%)
87.5
84.2
Modularity
0.63
0.60
Average Clustering Coefficient
0.21
0.18
Figure 5: Transaction Graph Metrics Comparison
A bar graph of grouped metrics of the graphs (Fig. 5) shows that Ethereum had a marginally higher mean degree
(2.8) and a higher maximum degree (410), which is in line with the activity regarding DeFi, with high smart contract
use which effectively forms the central nodes. The modularity value (70.60 to 73.00) of the two networks shows that
the illicit activity clusters are grounded well, and this is advantageous in terms of community detection and explicit
analysis of subgraphs during forensics.
Research Journal for Social Affairs, 03 (05) 2025. 477-494
488
Temporal Growth of Illicit Cryptocurrency Activity
The knowledge of how illicit cryptocurrency activity has evolved over time is of the essence in the course of law
enforcement planning and law enforcement policymaking. Table 6 presents proportion of total volume of
cryptocurrency, volume of detected illegal addresses and year-wise growth of illicit transaction volume between
2018 and 2024. Although the absolute value of illicit activity trebled, namely, increased by 7.6 times, as a
percentage of the market, it declined by 68 percent, implying that the market had expanded as well as that regulated
exchanges experienced an improvement in compliance.
Table 6: Year-wise Growth of Illicit Crypto Transactions
Year
Illicit Volume (USD
Billion)
Percentage of Total Crypto Volume (%)
Number of Detected Addresses
2018
5.1
1.2
5,200
2019
8.7
1.1
8,800
2020
12.4
0.9
14,300
2021
19.8
0.8
20,400
2022
23.5
0.7
25,500
2023
38.0
0.5
41,000
2024
42.1
0.4
48,200
Figure 6: Year-Wise Growth Of Illicit Cryptocurrency Transactions
Research Journal for Social Affairs, 03 (05) 2025. 477-494
489
The 2-line chart (Fig. 6) shows not only the increase in the volume of illicit but also in the number of detected
addresses. The discrepancy between the absolute rise and the percentage reduction points to the fact that law
enforcement and forensic technologies are becoming more capable of picking on unlawful flows, but the overall
volume of funds underpinning cybercrime-related transactions is still large.
Comparative Analysis of Cryptocurrency Mixers
Mixers continue to be a key device to garbage transaction, although their use and legality is highly disparate. The
sixth prominent mixer is compared to each other according to average monthly volume (BTC equivalent), active
wallets and known legal actions or seizures (table 7). Tornado Cash has the highest average monthly volume (2,200
BTC eq.) and wasabi wallet is a privacy tool that is currently operating legally. ChipMixer and BestMixer were
taken because of their well-known laundering color, whereas Sinbad is still under investigation.
Table 7: Mixer Service Comparison
Mixer Service
Avg Volume/Month (BTC eq.)
Active Wallets
Known Seizures / Legal Action
ChipMixer
1,500
12,000
Seized 2023
Tornado Cash
2,200
17,500
Sanctioned 2022
Wasabi Wallet
800
5,000
Operational
Helix
950
6,800
Convicted 2019
BestMixer
1,200
7,200
Seized 2019
Research Journal for Social Affairs, 03 (05) 2025. 477-494
490
Sinbad
1,100
6,400
Ongoing Investigation
Figure 7: Mixer Service Comparison
Volume and scaled wallet activity are compared visually in figure 7, a stacked bar chart. As shown in the figure,
higher-volume services result in faster law enforcement focus but smaller noise services, such as Wasabi, continue
to be active. This is evidence of how cryptocurrency technologies and system posses a delicate balance between
privacy and illicit laundering services.
Model Confusion Matrix and Detection Insights
Performance of ML models in the detection of illicit transaction was also checked by using confusion matrices to
analyze true positives, false positives, true negatives and false negatives. The results of the confusion matrix of GCN
and GAT models can be seen in Table 8. GAT model correctly identified 850 true positives and only 90 false
positives which is more than the GCN model, which had 810 true positive and 120 false positives.
Table 8: Model Confusion Matrix
GCN
GAT
True Positive
810
850
False Positive
120
90
True Negative
870
900
False Negative
190
150
Figure 8: Confusion Matrix Comparison
Research Journal for Social Affairs, 03 (05) 2025. 477-494
491
The better classification ability of GAT model is corroborated by Figure 8 which was visualised using these results.
This implies greater accuracy in the identification of illegal addresses so that there is less false-positive marking of
innocent users which is essential in the practical applications of law enforcement and adherence. The model also
shows the ability to detect new laundering patterns that may otherwise end up being large-scale threats as indicated
by this decrease in false negatives.
DISCUSSION
With the findings of this study showing the evolving complex landscape of the interaction between cryptocurrency
technology and cybercrime, we have been able to ascertain the fact that although the blockchain-based systems offer
unparalleled potential to benefit crime, it also offers novel means of investigation. The results are consistent with
some of the previous research highlighting that cryptocurrencies possess dual-use properties, used both as valid
financial assets and facilitating transnational crime (Houben & Snyers, 2018).
Cryptocurrency as a Catalyst for Evolving Cybercrime
The qualitative analysis of the case studies that was provided in the results section showed that the pseudonymous
and a borderless nature of networks is actively exploited by the representatives of the criminal world to conduct
trading in the darknet markets, ransom payment, and cross-border money laundering. These findings go in line with
studies by Yermack (2017) who claimed that decentralized digital currencies minimize the reliance on regulated
intermediaries, therefore, lowering the chance of being noticed by the law enforcers. In the same way, a large chunk
of Bitcoin transactions in its initial years was estimated to be associated with illicit activities; the percentage was
between 25-50 percent of activities (Foley et al., 2018). These activities mostly transpired on the darknet market that
included Silk Road and AlphaBay.
Multi-chain and DeFi-based laundering is part of a general technological change in cybercrime infrastructure, as the
single-chain techniques (such as peel chains and centralized mixers) have become obsolete. The discovery is
consistent with the reports of Albrecht, Duffin, and Hawkins (2019) who reveal that as the blockchain technology
develops, skills of crime operations leaders will incorporate smart contracts, atomic swaps, and privacy-preserving
mechanisms to hide their actions. The emergence of the cross-chain LCN not only raises the significance of next-
Research Journal for Social Affairs, 03 (05) 2025. 477-494
492
generation forensic capabilities of analyzing various ledgers at the same time but also provides evidence in the form
of a path, such as BTC to ETH to Polygon (Campajola et al., 2022).
Forensic Capabilities and Graph-Based Machine Learning
Quantitative findings support the role of graph-based machine learning models as effective in illicit cryptocurrency
activity identification. The outstanding result of Graph Attention Network (GAT) to detect suspicious addresses
illustrates that it uses both relational and contextual patterns in large-scale transaction graphs. This is consistent with
conclusions by Lischke and Fabian (2019) who highlighted the usefulness of graph-theoretic methods in
cryptocurrency investigations, especially where trace of laundering clusters acting as hubs and spokes in networks
are being sought.
In addition to common heuristics, such as multi-input clustering and change address detection, deep learning ushers
an entirely new era of forensic technique. Dandurand et al. (2020) discussed that models of machine learning that
considers both the temporal and the relationship properties can identify laundering typologies than manual
approaches, which are more applicable to those settings characterized by high transaction rates and a scarcity of
labels. The fact that our study identified the peel chains as the most common laundering typology also refer to the
studies by Jourdan et al. (2018) researchers that they showed that iterative micro-laundering chains are the golden
standard of Bitcoin obfuscation.
The Persistent Challenge of Privacy-Enhancing Technologies
Privacy-enhancing technologies raise concerns among law enforcement agents even though the transparency feature
of blockchain uses may promote forensic investigation. Monero, Zcash and Dash incorporate such features as ring
signatures,stealth addresses, and zero-knowledge proofs that have the potential of breaking the chains of traceability
on open ledgers. According to Moser, Boehme, and Breuker (2017), privacy coins cause a black hole in the block
chain analysis that hinders mass surveillance. The findings of our study on mixer and cross-chain obfuscation
methods align with the evaluation by Kappos et al. (2020), who noted that even if mixers are shut down, the privacy-
oriented protocols still have a long lifespan in supporting illicit finance.
The reaction to this paradigm has been the introduction of mixers facilitated by zk-SNARKs, such as Tornado Cash,
whose existence ensures cryptographically guaranteed anonymity. Wu and Gervais (2018) argue that zero-
knowledge proofs present a regulatory dilemma because they enable privacy that is practically perfect without the
need to rely on intermediaries in any way. In line with the research by Rauchs et al. (2019), our findings confirm the
necessity to address the risk of law enforcement action against mixers that can halt the obfuscation capacity in the
short term but not eradicate it, because the use of decentralized smart contracts is still currently available even after
fines or server shutdowns.
Temporal and Regulatory Implications
The longitudinal research of this paper also showed that not only did absolute volumes of illegal transactions
increase, but also that the relative percent of crypto activity showed a negative increase. This is concomitant with the
trends observed in Chainalysis (2021) with the result that the proportion of cryptocurrency usage due to legitimate
financial reasons is on the rise despite the sheer volume of illicit practices being high. We indicate, with a security
warning, that enhanced regulatory enforcement, KYC/AML at exchanges, and some form of public-private agency
have impacted relative deterioration, yet the networks of cybercrime remain by no means defeated.
Regulatory environment is decentralized and reactive and cross border investigation is fraught with geographical
incongruences and efficiency or, better to say, inefficiency and contradictions in enforcement standards. As
highlighted by Scott and Zachariadis (2020), the process of investigating a crime committed with the use of
cryptocurrencies should involve multi-jurisdictional collaboration since blockchain transactions are never subjected
to national borders. In addition, the acceptability of blockchain forensic evidence is an emerging field. Rauchs et al.
(2018) explained that the courts are now appreciating blockchain analytics as evidentially correct, and
methodological verification and standardization may be vital considerations toward admission in the judicial system.
Integrating Forensic Insights with Policy and Future Research
A mixture of qualitative and quantitative findings of this research gives an oversight view of the cryptocurrency
cybercrime environment, and its law enforcement implications are markedly direct to law enforcers, regulators, and
forensic practitioners. The facts show that successful crypto-enables crime mitigation should imply both
technologically and regulatory adaptivity.
To begin with, the law enforcers need to keep using the high-tech graph-based and AI-powered forensics, allowing
them to track complex cross-chain transactions. According to Choi, Chung, and Lee (2020), real-time anomaly
detection systems that combine transactional, network, and contextual data should be advised to detect suspicious
activity prior to suspicious activity flags. Second, regulatory systems have to find an equilibrium between blocking
criminal activity and respecting privacy since the extreme vigilance may negate the valid use-case scenarios of
decentralized finance (Allen et al., 2020).
Research Journal for Social Affairs, 03 (05) 2025. 477-494
493
Lastly, the next studies ought to focus on collaboration across disciplines. Cybercrime in decentralized networks is a
multidisciplinary matter that crosses legal, interpersonal, behavioral economics, and cryptographic fields. Articles
such as Mikhaylov et al. (2021) have urged collaborations between academies, business, and regulatory authorities
to develop robust forensic systems capable of evolving together with the rise of privacy-preserving tools.
REFERENCES
Albrecht, C., Duffin, K. M., & Hawkins, S. (2019). The use of cryptocurrencies in the financing of terrorism.
Journal of Money Laundering Control, 22(1), 162–173.
Albrecht, C., Duffin, K. M., Hawkins, S., & Morales Rocha, V. (2019). The use of cryptocurrencies in the financing
of terrorism. Journal of Money Laundering Control, 22(1), 162–173.
Allen, D. W. E., Berg, C., Markey-Towler, B., Novak, M., & Potts, J. (2020). Blockchain and the evolution of
institutional technologies. Journal of Institutional Economics, 16(1), 1–24.
Böhme, R., Christin, N., Edelman, B., & Moore, T. (2020). Bitcoin: Economics, technology, and governance.
Journal of Economic Perspectives, 34(2), 213–238.
Campajola, C., Ferretti, S., Fontana, N., & Zichichi, M. (2022). Unveiling cross-chain cryptocurrency laundering.
Digital Investigation, 41, 301452.
Campbell-Verduyn, M. (2018). Bitcoin and beyond: Cryptocurrencies, blockchains and global governance.
Routledge.
Catalini, C., & Gans, J. S. (2020). Some simple economics of the blockchain. Communications of the ACM, 63(7),
80–90.
Chainalysis. (2021). The 2021 Crypto Crime Report. Chainalysis Research.
Chen, L., & Vigna, P. (2022). Cryptocurrency investigations and judicial admissibility of blockchain forensics.
Journal of Financial Crime, 29(4), 1220–1238.
Chen, Z., Xu, X., & Chen, L. (2021). Temporal graph neural networks for illicit cryptocurrency transaction
detection. IEEE Transactions on Knowledge and Data Engineering, 33(5), 1893–1907.
Choi, H., Chung, J., & Lee, C. (2020). Detecting suspicious transactions in cryptocurrency using machine learning.
Expert Systems with Applications, 159, 113558.
Christin, N. (2020). Traveling the silk road: A measurement analysis of a large anonymous online marketplace.
ACM Transactions on Information and System Security, 23(2), 1–29.
Conti, M., Kumar, E. S., Lal, C., & Ruj, S. (2018). A survey on security and privacy issues of Bitcoin. IEEE
Communications Surveys & Tutorials, 20(4), 3416–3452.
Dandurand, L., Kim, H., & Stakhanova, N. (2020). Machine learning for blockchain forensic analytics: A survey.
Computers & Security, 92, 101748.
Dimitriou, T. (2021). On the security and privacy of blockchain-enabled smart contracts. Computer Networks, 188,
107–137.
Europol. (2021). Cryptocurrencies: Tracing the evolution of criminal finances. Europol Report.
Fantazzini, D., & Kolodin, M. (2020). The regulation of cryptocurrencies in international law. International Journal
of Law and Information Technology, 28(3), 227–251.
Fanusie, Y. J., & Robinson, T. (2018). Bitcoin laundering: An analysis of illicit flows into digital currency services.
Center on Sanctions & Illicit Finance.
Foley, S., Karlsen, J. R., & Putniņš, T. J. (2018). Sex, drugs, and Bitcoin: How much illegal activity is financed
through cryptocurrencies? Review of Financial Studies, 32(5), 1798–1853.
Foley, S., Karlsen, J. R., & Putniņš, T. J. (2019). Sex, drugs, and bitcoin: How much illegal activity is financed
through cryptocurrencies? The Review of Financial Studies, 32(5), 1798–1853.
Friedlmaier, M., Tumasjan, A., & Welpe, I. M. (2018). Disrupting industries with blockchain: The case of initial
coin offerings. Business Horizons, 61(5), 635–644.
Gao, J., Clark, J., & Vasek, M. (2019). Studying Bitcoin ransomware networks. Lecture Notes in Computer
Science, 11450, 159–178.
Haffke, L., Fromberger, M., & Zimmermann, L. (2020). Cryptocurrencies and anti-money laundering: Legal
challenges. Journal of Banking Regulation, 21(2), 125–145.
Harrigan, M., & Fretter, C. (2020). The unreasonable effectiveness of address clustering. Journal of Financial
Cryptography, 4(1), 1–18.
Houben, R., & Snyers, A. (2018). Cryptocurrencies and blockchain: Legal context and implications for financial
crime, money laundering and tax evasion. European Parliament Research Service.
Jiang, Y., & Liu, Y. (2021). Network centrality analysis in cryptocurrency laundering detection. Future Internet,
13(2), 40.
Research Journal for Social Affairs, 03 (05) 2025. 477-494
494
Jourdan, M., Blandin, A., & Amsellem, F. (2018). Bitcoin transaction graph analysis and laundering detection.
Financial Cryptography Conference Proceedings.
Kalodner, H., Möser, M., Lee, K., Goldfeder, S., Plattner, M., Chator, H., ... & Narayanan, A. (2017). Blocksci:
Design and applications of a blockchain analysis platform. Proceedings of the 2017 ACM SIGSAC Conference.
Kappos, G., Yousaf, H., & Meiklejohn, S. (2019). An empirical study of privacy in Monero. Proceedings on
Privacy Enhancing Technologies, 2019(3), 190–208.
Kappos, G., Yousaf, H., Piotrowska, A., Kanjalkar, S., Meiklejohn, S., & Christin, N. (2020). An empirical analysis
of privacy in Monero. Proceedings on Privacy Enhancing Technologies, 2020(3), 190–207.
Karame, G. (2021). DeFi and the evolution of money laundering. Blockchain Research Journal, 2(1), 11–29.
Li, Y., Cao, Z., & Zhang, X. (2020). Hybrid supervised and unsupervised learning for Bitcoin illicit transaction
detection. Applied Intelligence, 50(12), 4530–4544.
Lischke, M., & Fabian, B. (2019). Analyzing the Bitcoin network: The first four years. Future Internet, 11(2), 21.
Lischke, M., & Fabian, B. (2020). Analyzing the Bitcoin network: The first four years. Future Internet, 12(3), 54.
Meiklejohn, S. (2021). Privacy and transparency in cryptocurrency investigations. Journal of Cyber Policy, 6(1),
85–102.
Meng, F., Sun, Y., & Li, J. (2022). Self-supervised learning for cryptocurrency laundering detection. Pattern
Recognition, 124, 108474.
Mikhaylov, S., Petrov, K., & Tan, H. (2021). Blockchain, law, and financial regulation: A global perspective.
International Review of Law and Economics, 68, 106030.
Möser, M., & Böhme, R. (2020). Tracking illicit flows in mixing services. Journal of Cybercrime Studies, 2(1), 45–
63.
Möser, M., Böhme, R., & Breuker, D. (2017). An inquiry into money laundering tools in the Bitcoin ecosystem.
eCrime Researchers Summit, 1–14.
Moser, M., Böhme, R., & Breuker, D. (2019). An inquiry into money laundering tools in the Bitcoin ecosystem.
eCrime Researchers Summit, 1–14.
Qureshi, Z., & Vogel, H. (2021). The role of DeFi in emerging financial crime. Journal of Financial Regulation and
Compliance, 29(3), 361–378.
Rauchs, M., Blandin, A., Bear, K., & McKeon, S. (2018). 2nd Global Cryptoasset Benchmarking Study. Cambridge
Centre for Alternative Finance.
Rauchs, M., Hileman, G., & Ali, R. (2019). Distributed ledger technology systems: A conceptual framework.
Cambridge University Press.
Reid, F., & Harrigan, M. (2019). An analysis of anonymity in the Bitcoin system. Security and Privacy in Social
Networks, 197–223.
Scholl, E., & Voorhees, E. (2021). Cryptocurrency laundering: Typologies and trends. Crime, Law and Social
Change, 76(4), 357–377.
Scott, S., & Zachariadis, M. (2020). The governance and regulation of distributed ledger technology. Journal of
Business Research, 122, 759–771.
Vasek, M., & Moore, T. (2019). Analyzing the marketplace of cryptomixers. Journal of Cybersecurity, 5(1), 1–15.
Weber, M., Chen, J., & Günnemann, S. (2021). Anti–money laundering in Bitcoin with graph convolutional
networks. Data Mining and Knowledge Discovery, 35(6), 2576–2600.
Weber, M., Domeniconi, G., Chen, J., Le, M., Karlberger, C., Zhang, S., & Günnemann, S. (2019). Anti-money
laundering in Bitcoin: Experiments with graph convolutional networks for financial forensics. arXiv preprint
arXiv:1908.02591.
Wu, T., Liang, Z., & He, Q. (2022). Cross-chain laundering detection via multi-chain graph alignment. IEEE
Transactions on Information Forensics and Security, 17, 3025–3038.
Wüst, K., & Gervais, A. (2018). Do you need a blockchain? 2018 Crypto Valley Conference on Blockchain
Technology, 45–54.
Yousaf, H., Kappos, G., & Meiklejohn, S. (2019). Tracing transactions across cryptocurrency ledgers. In
Proceedings of the 28th USENIX Security Symposium (pp. 1309–1326).
Yousaf, H., Kappos, G., & Meiklejohn, S. (2020). Tracing transactions across cryptocurrency ledgers. USENIX
Security Symposium, 1309–1326.
