1、1ELLIPTIC HORIZON SCANNING REPORT 2024Exploring emerging risks and trends in crypto andartificial intelligence AI-enabled crimein the cryptoassetecosystemExecutive summaryIntroductionAbout this report Typology 1:Generative AI for deception in crypto scamsHow AI is used for crypto-related deceptionCa

2、se Studies:1.Suggesting celebrity involvement2.Using AI to automate and enhance scammer profiles and communications3.Deepfake executive scams4.Fake marketing materialsTypology 2:Creating“AI-related”scams,tokens or market manipulation schemesInvestment scamsCase Studies:5.AI-related scam tokens6.AI t

3、rading bots7.AI-related exit scamsTypology 3:Using Large Language Models to facilitate cyberattacksIdentifying vulnerabilities at scale“Unethical”GPTs and facilitating cybercrimeCase Studies:8.Using AI to identify smart contract bugsContents4568101112 131415 1718 19 21222324 2539.Unethical GPTs and

4、cybercrime10.Use of adversarial AI by state actorsTypology 4:Deploying crypto scams and disinformation at scaleCycling through scam sitesDisseminating scams and disinformation at scaleCase Studies:11.AI-generated crypto investment sites12.Crypto disinformation deployed at scaleTypology 5:Enhancing i

5、llicit marketsCase Studies:AI-related illicit goods and services13.AI-related listings on dark web markets 14.The rise in deepfake and AI explicit image generator services 15.Malware“stealer”allegedly uses AI to filter logs of stolen dataAI-enhanced document fraud16.Is this John Wick-obsessed identi

6、ty fraudster using AI?17.Bypassing KYC at exchanges Creating new illicit markets18.Novel methods of authentication spawn a new age of ID theftSummary&ConclusionPrevention measure&RecommendationsElliptic:Your partner for staying ahead of the curveAbout the authorDisclaimer26283031313234 35 37 37 38 4

7、0 41 41 43 444445464851 524ExecutivesummaryThe rise of artificial intelligence(AI)has shown the potential for driving significant beneficial innovation in many industries not least the cryptoasset sector.However,as with any emerging technology,there remains a risk of threat actors seeking to exploit

8、 new developments for illicit purposes.An appraisal of early warning signs of unlawful activity is therefore beneficial for ensuring sustainable innovation and mitigating emerging risks in their infancy.This report,conducted by Elliptic in accordance with horizon scanning guidance issued by the UK G

9、overnment Office for Science,has identified five emerging typologies of AI-enabled crime in the cryptoasset ecosystem to various extents:1.Generative AI for deception in crypto scams including the use and distribution of deepfakes and AI-generated material to advertise crypto scams.2.AI-related cryp

10、to scams and market manipulation schemes including the creation of AI-related scam crypto tokens,investment platforms and ponzi schemes;and increasingly used by Sha Zhu Pan(“pig butchering”)romance scammers.3.Using large language models(LLMs)to facilitate cybercrime including the use of AI tools by

11、hackers and hostile state actors for code vulnerability detection and for devising exploits.4.Deploying crypto scams and disinformation at scale including the upscaling of capabilities for deploying scams using AI tools.5.Enhancing illicit markets including the AI-enhanced expansion and creation of

12、illicit economies for goods and services,such as dark web listings,explicit deepfake generation or falsified identity documents that can bypass know-your-customer(KYC)checks at crypto services.Although none of these typologies are unique to crypto,understanding the crime nexus between AI and crypto

13、is critical for stakeholders in particular compliance professionals and investigators monitoring the evolving risks.Per this aim,the report lists a range of case studies documenting early-stage AI-enhanced crypto crime,followed by some initial recommendations on preventative strategies.By investigat

14、ing these typologies and associated risks,this report aims to support the sustainable,safe and secure development of both the crypto and AI sectors for the benefit of everyone.5IntroductionGenerative AI tools have rapidly become accessible to a large number of users,with large language models(LLMs)r

15、eaching hundreds of millions of users in early 2023.The increase in access to and adoption of these tools underscores the multitude of use cases that help drive efficiencies for both individuals and organizations.In the crypto space,AI tools are increasingly being used to streamline processes and ai

16、d the development of beneficial projects.Elliptic itself has explored the potential use of OpenAIs ChatGPT to power deeper,faster risk detection,and has incorporated AI-based money laundering detection capabilities into its blockchain analytics platform.As with any fast-growing technology,a minority

17、 of ill-intentioned users will seek to exploit the capabilities offered by AI for criminal purposes.The benefits of AI undoubtedly far exceed these risks and AI-based crime in the cryptocurrency ecosystem is not currently close to being identifiable as a mainstream threat.However,identifying emergin

18、g crime trends in their infancy remains a beneficial endeavor for a number of reasons:1.Promoting effective and pre-emptive planning and resource allocation across relevant stakeholders,to prevent emerging crime threats from becoming mainstream.2.Ensuring that law enforcement investigators and compl

19、iance professionals are aware of the latest trends and criminal practices,so that the indicators thereof can be detected and prevented effectively through adapting practices as necessary.3.Driving sustainable innovation of products and services with safety and crime-proofing in mind,such that crime

20、does not impede the growth of the AI or crypto industries in the future.The rapid growth of AI innovation in recent years underpins the need to be mindful about crime threats.The number of AI-related companies in operation was estimated at just under 58,000 by mid 2023.Within the crypto space specif

21、ically,many illicit actors utilize processes that can potentially if left unchecked be enhanced by products that such companies may offer,such as AI enabled video,audio,image and text generation.In addition,OpenAIs CEO Sam Altman has indicated that crypto has a part to play in the future of AI devel

22、opment.This is emphasized by his Worldcoin venture that will be discussed later in this report.In this regard,the particular nexus between crypto and AI is of growing relevance and therefore worth exploring.This focus is also relevant as global jurisdictions continue devising regulations in the AI s

23、pace.The European Union established its AI Office in February 2024 amid the implementation of its AI Act the first such regulation of its kind worldwide.In November 2023,28 jurisdictions including the US,UK,EU and China signed the Bletchley Declaration,which recognized the need for international co-

24、operation for solving AI-related risks.In October 2022,the Biden White House published a“Blueprint for an AI Bill of Rights”,which emphasized the need for“pre-deployment testing,risk identification and mitigation”in AI systems.The blueprint was followed by an executive order in October 2023.6About t

25、his reportInsights into trends and mitigation strategiesfor preventative and regulatory stakeholdersProvideUsers of technologies from harm,and ensure access to crime-resilient AI and crypto services for everyoneProtectThis report draws on the Futures Toolkit,a set of horizon scanning methods and tec

26、hniques published by the UK Government Office for Science.Desk research is combined with Elliptics leading blockchain analytics solutions and research capabilities to derive five typologies of future AI-enhanced crime in the cryptoasset ecosystem,elaborated through case studies.The report concludes

27、with a set of initial recommendations to relevant stakeholders,and a brief summary of how Elliptic is leveraging AI to revolutionize its blockchain analytics capabilities.This report is part of a wider horizon scanning project that aims to comprehensively analyze the likelihoods and impacts of the i

28、dentified typologies,as well as to devise preemptive prevention measures to safeguard the wider industry.Data,where it is available,is provided but caveated accordingly,given that the state of AI-enabled criminality is not currently at a level where sufficient generalizations can be drawn with empir

29、ical certainty or significance.Furthermore,although the scope of this report is limited to the nexus between AI and crypto,it should be noted that the trends discussed are not specific to crypto only,and crypto is likely in fact to have only a minor role in the broader context of these typologies.AI

30、 voice changers,for example,have been widely reported in the realm of tele-scams where perpetrators impersonate victims close friends or family members.The number of such scams publicly reported to be related to crypto,however,is minimal exemplifying that,while only the crypto aspect is discussed he

31、re,the findings of this report should be contextualized accordingly.The four aims of this report,in line with existing frameworks devised around the horizon scanning and prevention of emerging crime trends,is as follows:Sustainable and crime-proof beneficial innovation in both AI and cryptoassetsPro

32、motePre-emptAny emerging trends,future crime risks and challenges to the crypto and AI sectorsLook out for the following insights designed to help you navigate this report:A guide of lessons learned and key recommendations for addressing AI-enabled cryptoasset crime trends,as well as key indicators

33、that differentiate these trends from contemporary risks.A look into how our industry-first,next-generation blockchain analytics tools are able toidentify and visualise AI-enabled criminal activity on-chain,to help complianceprofessionals or law enforcement investigators counter this new era of crime

34、.Illustrations,diagrams,graphs and charts are included throughout to help you visualize the nature and scale of blockchain activities of discussed entities and,where possible,give a relative view.Specific discussions of early signals that reflect future-and potentially significant-changeThis is pred

35、ominantly a case study-driven report,highlighting the evolution and early threat indicators of AI-enabled crime.You will find case studies involving both major and small-scale illicit activity and learn how blockchain analytics can be used to investigate and mitigate these trends.Diagrams and Flowch

36、artsWeak SignalsCase StudiesKey Controls and Best PracticesElliptic Blockchain AnalyticsOur work does not end with this report.Elliptic is running a Delphi study as part of our ongoing horizon scanning work,helping to drive meaningful change and secure innovation against future threats.We are lookin

37、g for experts dealing with crypto or AI to let us know their thoughts about the typologies in this report and how to best mitigate them.When you are finished reading this report,you are invited to join a select group of thought leaders and participate in a set of short surveys.We will collate the re

38、sults and provide you with priority access to the results,allowing you and your organization to stay ahead of the curve.Let us know your views about the futureClick here to participate8Generative AI for deception in crypto scamsT YPO LOGY 019Anyone involved in the crypto space will have likely encou

39、ntered a typical scenario when browsing their social media feed:a celebrity or billionaire,abruptly posts a link to an obscure crypto investment site,promising to make investors tenfold returns in a heartbeat.It will often be a flashy site,proudly documenting their articles of incorporation and fanc

40、y graphics that would put many legitimate websites to shame.The ordeal will then typically be cleared up hours later,often with the account owner confirming that they have been the victim of hackers seeking to use their likeness to legitimize an investment scam.Such criminal operations are part of e

41、fforts to ensure scams are as convincing as possible,thereby maximizing their number of victims.Numerous well-known historical examples exist in crypto.A Twitter hack in July 2020,for example,allowed scammers to post bitcoin giveaway scams across 130 compromised high-profile accounts.Elliptic has al

42、so documented how hackers have in the past turned to compromising administrator accounts on Discord crypto channels to post phishing links through them and steal crypto or non-fungible tokens(NFTs).AI is adding a new dimension to this crime problem by allowing scammers to more easily impersonate pro

43、minent individuals through image,video and voice.Doctored videos or deepfakes of notable individuals promoting investment scams have targeted the likenesses of Elon Musk,former Singaporean Prime Minister Lee Hsien Loong and both the 7th and 8th Presidents of Taiwan Tsai Ing-wen and Lai Ching-te.Prom

44、otional deepfakes are often posted across sites such as YouTube,Tiktok and ,the latter owned by Musk himself.Screengrabs of deepfakes of former Singaporean Prime Minister Lee Hsien Loong(left)and Taiwans 7th President Tsai Ing-wen promoting cryptocurrency investments.Source:Lee Hsien Loong(Facebook)

45、and the Taiwanese Central Investigation Bureau,respectively.10How AI is used for crypto-related deceptionThere are a number of dimensions in which AI can be misused to make crypto scams and fraudulent activities more convincing:Suggesting celebrity or official involvement:As the deepfakes of Singapo

46、re and Taiwans leaders emphasize,deepfakes can falsely imply that the project has legitimate or official backing thereby legitimizing it among potential victims.Using AI to streamline scam profiles and communications:Industrial-scale scams,such as Sha Zhu Pan(“pig butchering”)crypto romance scams th

47、at primarily originate from southeast Asia,maintain long and elaborate communications with victims during the course of the scam.Limited evidence suggests that such illicit operations are exploring AI enhancements to make these processes more efficient.Deepfake executive scams:Similar to deepfakes i

48、mpersonating celebrities or world leaders,a small number of high-profile cases have involved scammers impersonating high-level executives during online video conference calls for the purpose of corporate espionage or authorizing large transactions.At least one such case has targeted the chief commun

49、ications officer(CCO)of a leading cryptocurrency exchange.Creating fake marketing materials:AI-generated images and videos can be used to provide an aura of legitimacy to scam websites by depicting apparent employees,headquarters,office space or other such visuals,giving the illusion of being a genu

50、ine investment company,without revealing the actual persons involved or the location of the scam.Elliptic has identified a number of case studies exemplifying these trends and their application to cryptoasset-related crimes.These findings are a combination of structured desk research analyzing exist

51、ing reports,as well as original research conducted by Elliptics research and investigations department.The four case studies,corresponding to the above themes,are presented next.An unlisted deepfake video on YouTube depicting Brad Garlinghouse and a QR code to a scam giveaway website(left).and Ellip

52、tic Investigator depicts the onward laundering of stolen crypto from an XRP address reported as part of this scam(right).Crypto giveaway and doubling scams are increasingly using deepfake videos of crypto CEOs and celebrities to encourage victims to send funds to scam crypto addresses.Typically,foot

53、age of the impersonated individuals will be manipulated with fake audio,making it seem as if they are promoting a scam.A string of deepfakes have specifically targeted Ripple(XRP)and its CEO,Brad Garlinghouse,particularly after the company won its court battle with the US Securities Exchange Commiss

54、ion in July 2023.In anticipation,Ripple CTO David Schwartz forewarned that scammers will likely be capitalizing on the outcome by offering fake airdrop campaigns.The rise in scams targeting the XRP community caused Garlinghouse to sue YouTube in 2020,arguing that little was being done to remove the

55、videos.Both parties later resolved to work together.More recent deepfake scams are being uploaded as unlisted videos and likely distributed to potential victims in closed social media groups by scammers.One such unlisted video,first reported in November 2023,remains online and has almost 50,000 view

56、s.Similar to typical airdrop and giveaway scams,viewers are directed to a website promising rewards as long as they first send XRP to a designated address.The following Elliptic Investigator graph shows the onward laundering of victim funds in one such address,reported by Reddits active XRP communit

57、y.The address sends funds through a crypto exchange and a coin swap service a form of no-KYC instant swap exchange that Elliptic has previously associated with substantial money laundering risk.CAS E STU DY 1 Suggesting celebrity involvementDeepfakes of Ripples CEO12A Taiwanese website selling batch

58、es of profile pictures,as well as images depicting wealth and fancy cars all potentially intended for Sha Zhu Pan scams.$8 TWD=$0.25 USD.Crypto romance scams(also known as“pig butchering”or Sha Zhu Pan,殺豬盤)involve scammers assuming false identities and luring victims through online conversations to

59、crypto investment scam sites.Victims are eventually scammed after depositing enough funds.The scam is mainly initiated from compounds in south-east Asia,often by human trafficking victims.Early indicators suggest some use of AI to enhance scams in two ways.First,there are suggestions that scammers a

60、re using large language models to refine their scripts,often identified when accidentally pasting responses that begin with“as a large language model,I cannot”.This is an early indication that Sha Zhu Pan scammers often impeded by the English language barrier are exploring the use of AI to make them

61、 more inconspicuous.Secondly,some victims have reported the apparent use of AI-generated or enhanced images of young men and women by scammers,identified across numerous dating apps and other social media,such as LinkedIn,to establish personas.Currently,profile images of young men and women are harv

62、ested from social media platforms and then sold to Sha Zhu Pan scammers.Elliptic has identified online sites that sell batches of 1,000-3,000 photos for less than$1.This indicates that using AI-generated images offers little savings to scammers,besides reducing the ability of victims to reverse-imag

63、e search them online to check their authenticity.They are likely to be the rare exception rather than the norm.CAS E STU DY 2 Using AI to automate and enhance scammer profiles and communicationsAI-enhanced Sha Zhu Pan(殺豬盤,“pig butchering”)scams13A number of reports have emerged of deepfake holograms

64、 being used to impersonate executives at major companies during online meetings some with the power to authorize multi-million dollar transactions.Perhaps the most prominent example of the trend relating to crypto occurred in October 2022,when a deepfake was created of Patrick Hillmann,former chief

65、communications officer of leading cryptocurrency exchange Binance.Scammers were found to be sending online meeting requests to other senior managers in the CCOs name.Hillmann reported that several other employees have also been impersonated by scammers across social media platforms.Crypto-related in

66、stances of deepfake executive scams are currently minimal.However,they remain a cause for concern due to the significant financial losses that they can inflict on victims.In a non-crypto yet high-profile incident occurring in February 2024,deepfakes impersonating executives of UK-based company Arup

67、were able to convince Hong Kong-based employees to authorize approximately$25 million in transactions to scammers.The scam occurred during what appeared to be virtual meetings between the firms employees and executives.In terms of the cryptoasset ecosystem specifically,there are two characteristics

68、of the industry that deepfake executive scammers may seek to exploit.Irreversibility of crypto transactions:Compared to crypto,fiat-based transactions are likely to be reversible through chargeback claims and other procedures,which may reduce the chances of a scam ending in success.Scammers may ther

69、efore prefer to target the crypto industry and compel victims to authorize crypto transfers instead.Token listing offers:The listing of a crypto token by an exchange is often a significant milestone in determining a tokens durability and price.Scammers may therefore target senior executives of token

70、 projects while impersonating senior exchange employees-and offer assistance with listing their token in return for payment.AI experts have released guidance on detecting deepfake scams during online meetings.Suggested indicators include monitoring the persons blinking and asking them to face sidewa

71、ys,as deepfake technology tends to struggle with modeling side profiles and can easily be exposed when trying to do so.CAS E STU DY 3 Deepfake executive scamsDeepfake impersonates Binance CCO14Examples of using stock images(left,top right)and AI-generated/enhanced images(bottom right)to impersonate

72、employees.Elliptic has identified that a supposed crypto exchange(anonymized due to ongoing court cases)has used a mixture of(what appears to be)AI-generated and stock images to depict apparent members of its staff.Elliptics internal analysis suggests that the entity has processed$8 million in crypt

73、o.Additionally,the supposed exchange has used an AI-generated video of an employee as part of its YouTube marketing campaign.Approximately halfway through the video,the accent,tone and level of voice changes completely while the narrator does not.Numerous negative reviews online and legal action fil

74、ed in the United States accuses the exchange of scamming complainants out of investments.The Financial Conduct Authority the UKs financial regulator has also issued a warning that the exchange is providing unlicensed activities.The exchange does not appear to have responded to these claims.While the

75、 illicit nature of this specific entity cannot be conclusively determined as legal action is ongoing,the possible use of AI-generated marketing material exemplifies new ways in which fraudulent crypto businesses may aim to legitimize their activities,convincing unsuspecting victims that the team beh

76、ind their project are de-anonymized and therefore legitimate.CAS E STU DY 4 Fake marketing materials Crypto“Exchange”with FCA warning has AI-generated staff15Creating“AI-related”scams,tokens or market manipulation schemesT YPO LOGY 0216Source:Dextools.io.“Gemini”(successor name to Googles BardAI)was

77、 not included due to a major crypto exchange bearing the same name.Total number of tokens identified:7,815(as of May 2024)On many blockchains,it takes little effort to create a token.Many scammers have taken advantage of this capability,often capitalizing on newsworthy recent events to drive up hype

78、.Besides incorrectly suggesting a business affiliation exists between a legitimate company and a crypto token,such endeavors may culminate in two main types of fraud:Exit scams or“rug pulls”the scammers drive up hype to boost their tokens price and then sell their reserves for significant profit thu

79、s bringing the price crashing down again and leaving their victims with an ultimately worthless investment.In 2021,a token named after the Netflix hit show Squid Game became notorious after initiating a rug-pull,with scammers making several thousands of dollars.Market manipulation or“pump and dump”s

80、chemes schemes where coordinated groups initiate sudden purchases and sales of tokens to make a profit.AI is the hype-generating target of a string of recent scam tokens.There are hundreds of tokens listed on several blockchains that have some variant of the term“GPT in their name including“GPT-4 To

81、ken”,“CryptoGPT and“GPT Coin”amongst others.Some may indeed reflect well-intentioned ventures,but a number of them have been shilled in amateur trading forums where scammers claim some form of official association with ChatGPT or other supposedly legitimate AI company.Numbers of tokens01,0002,0003,0

82、004,0005,000BNB Smart ChainEthereumSolanaArbitrumGoerliOthersOpenAIBardGPTNumber of tokens named with AI-related keywords per blockchain17Beyond the creation of tokens,scammers have used AI as a means of driving up hype in fraudulent investment platforms.In particular,scammers have sought to capital

83、ize on the potential of AI to enhance trading or arbitrage capabilities.The spate of resulting“AI trading bot”scams prompted the US Commodity Futures Trading Commission(CFTC)to issue a warning in January 2024.Other buzzwords in contemporary newsworthy developments,such as“quantum”,“Web3”and“DeFi”are

84、 also commonly used by scam investment platforms.Much like tokens,these schemes eventually initiate exit scams.Elliptics investigation of one such scam a$6 million AI trading bot scam called“iEarn”suggests that they typically resurface under different names and websites,while“crypto trading”influenc

85、ers that once promoted them move on to promoting the next scam soon after.Typology 4,later on in this report,will discuss the misuse of AI to scale up the process of deploying scam websites.AI-based investment scams are not a new phenomenon.Notorious Ponzi schemes such as Mirror Trading Internationa

86、l(MTI)raked in over$1.7 billion worth of crypto with such promises.A recent estimate suggested that around 100,000 victims from over 140 countries had been scammed through MTI exemplifying the potential reach of AI-related financial promises.The case studies below discuss more contemporary cases of

87、scam AI-related investment sites and tokens,which possess numerous red flags that are similar to typical mainstream crypto scams.These range from promises of unsustainable returns to the use of meaningless AI-related trading jargon.Investment scamsMirror Trading International an early iteration of t

88、he“AI trading bot”Ponzi scheme active in 2019-20.The U.S.Commodities Futures Trading Commission suggests that victims lost$1.7 billion to the scheme.18Elliptic Investigator shows a number of high-risk unrelated tokens created by the same wallet address,which launders proceeds from their trading thro

89、ugh a coin swap service.Two of these tokens specifically targeted the likeness of Elon Musk and SpaceX,likely capitalizing on one of the companys recent space launches.One token bore the likeness of ChatGPT within its name,with the scammer raking in$3,800 from its sale.The final and most successful

90、token,related to a popular TV series,raked in$6,600.Funds were then sent through a series of intermediary wallets,designed to obfuscate the transaction trail.The funds were eventually transferred through a coin swap service that does not require initial know-your-customer(KYC)checks to used.Keen to

91、find out more about these money laundering typologies?See Elliptics latest Typologies Report,which discusses coin swap services,address hopping through intermediary wallets,as well as other techniques that have surfaced in this report.Elliptic has identified that some scam AI-related tokens are the

92、work of seasoned fraudsters.The following Investigator graph shows an example of a single user launching four unrelated tokens,all named after newsworthy developments.CAS E STU DY 5AI-related scam tokensSeasoned exit-scammer targets all things trendy19An increasing number of Sha Zhu Pan scam site UR

93、Ls and names are using combinations of the words“AI”,“arbitrage”,“web3”and“quantum”to entice users.Public reports of Sha Zhu Pan sites suggest that such URLs have been used significantly since 2022.CAS E STU DY 6AI trading bots“Quantum”,“AI”,“Web3”and“arbitrage”the four emerging keywords of Sha Zhu

94、Pan(“pig butchering”)scams“AI intelligent trading system has sic the adaptive ability to discover arbitrage seen between several major global cryptocurrency exchanges.The system supports.automatic monitoring of quote depth and strategy calculation,and real-time monitoring of trading conditions.”An e

95、xcerpt from a reported Sha Zhu Pan script used for an AI-based investment scam.As this quote demonstrates,AI-related Sha Zhu Pan sites will typically use buzzwords and jargon designed to give a sense of technological sophistication and legitimacy.Another AI-related scam investment site claimed that

96、it possessed a“2000+base factor library with AI support to more catch sic derivative factors,one step ahead!”.Other key red flags of Sha Zhu Pan scams may be that the user interface of the website does not necessarily match or have any mention of the AI-related keywords in its URL.The two example sc

97、am sites below are both accessed through URLs that include AI keywords.However,the left sites user interface is a supposed Ethereum(ETH)mining platform with no relation to AI.It is likely to be reused from a previous URL deployed by the same scam operators.Elliptic has traced a number of AI-related

98、Sha Zhu Pan URLs,of which one amassed over$7 million in payments.20Examples of Sha Zhu Pan sites using terms such as AI and arbitrage in their URLs,but not necessarily in their user interface.Source:Elliptic Investigator.The capability of blockchain analytics solutions to understand the operations o

99、f such scams is demonstrated on the below Elliptic Investigator graph,which shows the on-chain transactions between an AI-related Sha Zhu Pan scam site and six presumed victims The transactions of one victim,“Victim 1”,is shown in the right side panel.The transaction history suggests that Victim 1 f

100、irst sent approximately$4,900 to the supposed AI trading site on 30 August 2023.The scammers then sent them back$200 five days later a 4%apparently AI-enabled return on investments.This is a typical initial baiting withdrawal to make the victim believe in the authenticity of the site after which the

101、 victim is encouraged to invest more.The tactic is also the premise behind the term“pig butchering”.Victim 1 eventually lost over$70,000 after a series of larger investments and further baiting transactions to the scam over the course of two months.It is worth noting that this transaction pattern is

102、 not specific to AI-related Sha Zhu Pan sites only.21The rug pull initiated in March 2023 initially stole approximately$710,000 of investor funds,followed by further withdrawals.The proceeds from the initial exit were then consolidated with funds originating from a series of Sha Zhu Pan and Ukraine

103、fundraising scam proceeds.Much of these funds were later deposited into centralized exchanges after extensive layering transactions.One of these exchanges was Garantex,a Russian exchange sanctioned by the US for laundering proceeds of cybercrime.Harvest Keeper was a supposedly AI-related crypto proj

104、ect that promised daily 4.8%returns to all investors through its AI trading platform.The project boasted a supposedly de-anonymized developer team,though their social media accounts have either been suspended or unused since the project shut down in March 2023.Elliptics data suggests that over$1.5 m

105、illion worth of investments were processed by Harvest Keeper in less than a month before the rug pull.CAS E STU DY 7AI-related exit scamsHarvest Keeper an AI trading bot pulls the rug“The protocol works in cooperation with the Harvest Keeper trading bot with artificial intelligence,which completely

106、eliminates the human factor in trading,creates the possibility to generate profits 24/7.”An excerpt from a reported Sha Zhu Pan script used for an AI-based investment scam.Harvest Keepers website(left)and a YouTube video advertising it(right)22Using large language models to facilitate cyberattacksT

107、YPO LOGY 0323A user on a cybercrime forum asking for advice regarding“unethical”GPTs.Identifying vulnerabilities at scaleTools such as ChatGPT are able to generate new code or check existing code for bugs with varying degrees of accuracy.The potential crime implications of this are relevant to crypt

108、o in two ways:identifying vulnerabilities at scale;and facilitating cybercrime.A vast number of decentralized crypto applications use open-source and publicly-viewable code namely smart contracts to run their operations and hold their users cryptoassets.Hackers have been able to exploit this transpa

109、rency and potential code vulnerabilities to steal billions of dollars from decentralized finance(DeFi)protocols.As a result,a large industry focusing on auditing smart contracts has emerged in the DeFi space.The ability of AI to check code offers possible efficiencies for auditing smart contracts,as

110、 suggested by Ethereum co-founder Vitalik Buterin,although auditors have suggested that the technology is not currently capable of this.The criminal implication,however,is that black hat hackers can use AI to check,possibly in bulk,the open-source codes of several DeFi protocols in a short period of

111、 time to identify any vulnerabilities.There is no suggestion that any DeFi exploit has yet occurred through the assistance of AI,although case study 8 provides a hypothetical example.A further welcome development in mitigating this risk is that large language models are getting better at identifying

112、 and rejecting malicious prompts.The inconvenience this has caused to threat actors has been recognized across numerous cybercrime forums,causing an increased demand for unethical GPTs.“AI has two faces,just like humans.”A dark web advertisement for an“unethical”GPT.24The Abrax666 client apparently

113、scamming a victim by pretending to be their bank(left)and a list of capabilities apparently offered by the service as per its dark web advertisement(right).“Unethical”GPTs and facilitating cybercrimeFinding exploitable bugs in code is not the only criminal large language model use case with a nexus

114、to cryptoassets.Throughout numerous dark web cybercrime forums,Elliptic has identified chatter that explores the use of LLMs to reverse-engineer crypto wallet seed phrases,bypassing authentication for services such as OnlyFans,and providing alternatives to image“undressing”manipulation services such

115、 as DeepNude.Many of these forums and conversations involve cybercriminals that engage heavily with material relating to ransomware,malware,credit card fraud,hacking,phishing and deploying scams all activities that may involve the obtaining and laundering of cryptoassets.Since legitimate GPTs are ge

116、tting better at identifying and rejecting prompts related to such activity,interest in“jailbreak”versions of GPTs has grown across dark web communities as part of a desire to make their criminal operations more scalable and efficient.Since at least June 2023,a number of“unethical”GPTs have been mark

117、eted throughout dark web forums.One of the first to appear,namely“WormGPT”,is the subject of case study 8.Other iterations that have since apparently been suspended include“DarkBard”,“FraudGPT”and“HackerGPT”.Licenses to these tools were being sold on a variety of dark web markets and forums for betw

118、een$70 and$1,700.“Unethical”GPTs market themselves by offering to automate the generation of phishing emails,write malware code,find vulnerabilities and automate scams.For example,Abrax666 marketed across dark web forums as a“big yes to black hat”boasts the ability to automatically call victims impe

119、rsonating their bank and systematically collect one-time passwords.It has also suggested that it is trained to speak to scam victims“seductively”,among over 70 other apparent capabilities.The administrators do“request”,however,the clients do not use it for terrorism.25Auditors suggest,however,that A

120、Is ability to detect code bugs is currently limited.A study published in February 2024 by Salus Security researchers subjected ChatGPT to test 35 smart contracts with 732 vulnerabilities.The tool identified 37.8%of the vulnerabilities,though the vast majority(96.6%)of those were identified correctly

121、.Smart contract developers OpenZeppelin subjected ChatGPT to their Ethernaut hacking challenge,where it passed 19 out of 23 levels it was given.The four failed levels were the most recently released.ImmuneFi,a web3 bug bounty platform,identified a surge in ChatGPT-generated bug reports by users seek

122、ing to collect bug bounties,though none successfully identified an actual vulnerability.Accounts restricted due to AI usage made up 21%of ImmuneFis banned users,leading them to conclude that“as of now,ChatGPT wont play a crucial role in tasks such as smart contract auditing”.These issues suggest tha

123、t the use of AI by black hat hackers to identify and exploit vulnerabilities will be impeded by the same limitations.Zellic co-founder tests ChatGPTs coding and audit skills a day after its public release.ChatGPT released to the general public on 30 November 2022 was able to identify a bug in a smar

124、t contract that was given to it by Zellic cybersecurity firm co-founder Stephen Tong on 1 December.ChatGPT was able to identify that the contract had a re-entrancy vulnerability.CAS E STU DY 8Using AI to identify smart contract bugsChatGPT identifies vulnerability one day after release26The name“Wor

125、mGPT”appears to have been used by numerous iterations of different tools,the relation between which(if any)is unclear.Sources suggest that the first“WormGPT”was released around June 2023 based on the 2021 GPT-J-6B LLM model.It was marketed across credit card data forums and cybercrime boards by user

126、s with forum names“Last”and“CanadianKingpin12”,with licenses ranging from anywhere between$50 to$550.It received predominantly negative reviews from other forum members.However,both“CanadianKingpin12”and“Last”stopped advertising the tools in August 2023 with the latter being de-anonymized by cyberse

127、curity researcher Brian Krebs as Rafael Morais,an infosec graduate from Porto,Portugal.Morais claimed that WormGPT had 200 customers and was“uncensored,not blackhat”.He later closed down the project due to excessive publicity,announcing that its developers were“.letting go of everything we believed

128、in and distancing ourselves a bit from a society that opposes freedom of expression and code”.Introducing itself as a tool that“transcends the boundaries of legality”,WormGPTs Telegram channel openly advertises it for the creation of phishing emails,carding,malware and for generating malicious code.

129、The tool is operated through the purchase of a life-time license and is also allegedly integrated with a Telegram bot.However,despite its relative recency,it has a somewhat complex history that has already had a notable impact on dark web communities.CAS E STU DY 9Unethical GPTs and cybercrimeWormGP

130、T the self-described“enemy of ChatGPT”“Embrace the dark symphony of code,where rules cease to exist,and the only limit is your imagination.Together,we navigate the shadows of cyberspace,ready to conquer new frontiers.Whats your next move?”In its own words WormGPT.27Despite being officially closed,El

131、liptic has identified updated and potentially unrelated iterations of WormGPT being showcased in November 2023.By mid December,another variant “WormGPT 6”was being marketed by a user named“forsasuke1337”.WormGPT 6 suggests that it can be used for carding,phishing,malware,scanning for vulnerabilities

132、,hacking,coding malicious smart contracts,cyberstalking and harassment,identity theft,distributing private sensitive material and other blackhat“unethical requests”for“illegal or legal”money making.On 29 February 2024,it allegedly exceeded 1,000 customers.Elliptic has identified cryptoasset addresse

133、s used for payments for this latest iteration of WormGPT,although other potentially scam variants also exist.On-chain analytics suggest that$26,000 worth of lifetime WormGPT 6 licenses,ranging between$50 to$200 each,have been sold,with the model receiving mixed reviews from dark web users.“WormGPT 3

134、.5”-generated malware and phishing emails,showcased on dark web forums.WormGPT advising a user how to manufacture illegal drugs(left)and Elliptic Investigator showing a sample of payments being made to a WormGPT administrator address(right).28Table:Microsoft and OpenAIs identification of state-backe

135、d threat actors and their observed vector of LLM exploitation.Hostile state actors based in North Korea have been attributed to over 60 cryptocurrency heists by the United Nations,stealing over$3 billion in crypto between 2017 and 2023.Recent reports and future threat assessments suggest that North

136、Korean groups are turning to AI to enhance their hacking capabilities.In October 2023,Anne Neuberger,the United States Deputy National Security Advisor for Cyber and Emerging Technologies,suggested that“some North Korean and other nation-state and criminal actors”had been observed trying to use AI m

137、odels to accelerate the creation of malicious software and identifying vulnerable systems.Defensive capacity-building and incorporating AI into cybersecurity training were suggested as two key lines of defense.In February 2024,Microsoft and OpenAI released a report detailing the use of LLMs by multi

138、ple state-affiliated cybercrime groups originating from Russia,North Korea,Iran and China to enhance their operations.Specific typologies of LLM use ranged from creating more advanced code for deeper system penetration to assisting with creating social engineering materials.The report stated that no

139、ne of the identified instances constituted the use of AI to facilitate serious attacks but emphasized the need for an early-stage understanding of possible adversarial use cases.Accounts belonging to these groups had been disabled.CAS E STU DY 1 0Use of adversarial AI by state actorsHostile state-ba

140、cked cyberhackers and the use of LLMsPRCSalmon TyphoonForest BlizzardRussiaEmerald SleetDPRKCrimson SandstormIranCharcoal TyphoonPRCScriptingReconnaissanceOperational CommandTranslation/explanationProgram developmentSocial engineeringVulnerability researchPayload craftingAnomaly detection evasionSec

141、urity feature bypassResource Development29Specifically in the case of North Korea,the risk of AI-enhanced cryptocurrency activity arises from the wider backdrop of more than a decade of expanding AI capabilities by the country.North Korea analysis publication,38 North run by the Stimson Center inter

142、national security think tank published a report in January 2024 that documented the evolution of North Koreas AI research and development.It suggests that North Korea has been expanding its AI research capabilities,including in the field of facial recognition,across government,academia and commercia

143、l sectors since 2013.The report notes that the potential for North Korea to turn civilian AI technologies into military capabilities poses substantial proliferation and sanctions risks.Kim Il Sung University North Koreas oldest higher education institution includes AI program development as a core g

144、oal of its Faculty of Information Science,which it claims has more than 900 students.The university has also advertised joint collaboration with the Shenyang Ulyu International Cultural Limited Company of China to develop AI technologies.The university website additionally hosts a speech apparently

145、delivered by Kim Jong Un on the topic of AI and cloud computing again with a focus on facial recognition.Elliptic has not yet observed on-chain activity by any hostile state actor that suggests the use of AI to specifically expand their blockchain capabilities.Much like the case of WormGPT and other

146、 advertised jailbreak“dark”GPTs,the exploration of such groups with LLMs suggests an early stage experimentation with AI to enhance their hacking capabilities rather than their blockchain operations.Crypto is also often used to facilitate payments for subscription to these services,which enables blo

147、ckchain analytics tools to potentially trace both the senders and recipients of these payments.Kim Il Sung University promoting its Faculty of Information Science(left)and an apparent speech on AI and cloud computing by Kim Jung Un in 2019(right).30Deploying crypto scams and disinformation at scaleT

148、 YPO LOGY 0431The ability of AI to auto-generate text,images,websites,videos and other content offers many crypto ventures legitimate and illegitimate an opportunity to upscale their operations.In the context of crypto scams,these capabilities could potentially accelerate the more resource-intensive

149、 aspects of deploying and sustaining such activity.The forthcoming case studies showcase two possible ways that AI can be utilized to scale up illicit activity.These are(1)creating scam sites and(2)rapidly disseminating crypto-related disinformation.Cycling through scam sitesDisseminating scams and

150、disinformation at scaleSome crypto scammers may engage in running a single scam operation and retire after sufficient funds have been stolen or it has been extensively exposed.Many threat actor groups,however,engage in cyclical scamming operations.Scam investment,airdrop or giveaway sites are create

151、d,widely disseminated across social media and messaging apps,and then“rug pulled”once too much controversy over the nature of their scam has been generated by victims.The process then repeats itself with a new site,fresh marketing and so on.In particular,the creation of scam material,user interfaces

152、 and websites can be a resource-intensive process.Case study 4 has already showcased how AI is being used to assist with parts of this process by generating fake employee images and other marketing materials.Case study 11 will explore how AI can further upscale this process by designing entire scam

153、sites from scratch at accelerated rates.In addition to sustaining the necessary scam infrastructure,scammers require sufficient outreach to potential victims in order to generate illicit proceeds.This requires fake marketing and messaging to be dispersed at scale.Social media bots have long been a d

154、efault method of facilitating this dissemination.AI can be used to accelerate and upscale this process by auto-generating social media posts and coding the necessary underlying infrastructure to distribute them effectively.Case study 12 will explore a botnet that attempted to do so,though with obser

155、vable errors.32The service,named NovaDrainer,is offered by a registered company in Canada and the UK.It openly suggests in its marketing materials and dark web forum threads that its sites can be used for phishing and draining victims crypto.Its administrators have received over 2,400 variants of cr

156、ypto tokens across more than six major blockchains,from over 10,000 wallets likely scam victims in the last year.Some of the websites offered by the drainer posted in its catalog,including airdrop sites,websites of supposed metaverse games and fake NFT artist profiles.A crypto affiliate platform whi

157、ch provides a crypto drainer scam-as-a-service that generates crypto investment sites on behalf of affiliates and splits the proceeds has claimed to use AI to process tokens and to generate new website designs,optimized for SEO and meta tags.The platform also ostensibly claims to support legitimate

158、projects and exchanges.CAS E STU DY 11AI-generated crypto investment sitesCrypto Drainer sells AI-generated scam sites to affiliates33For an operation of this scale,AI appears to be somewhat of an efficiency driver;the drainers catalog suggests that 53 designs were uploaded for sale in the first two

159、 months of 2024.In light of claims that AI is also used to process on-chain transactions,Elliptic has traced the outgoing funds originating from the drainers operator wallets.The analysis suggests that the group uses a comprehensive cross-chain obfuscation strategy,incorporating the use of decentral

160、ized exchanges,cross-chain bridges and coin swap services all of which have been discussed in Elliptics October 2023 State of Cross-chain Crime report.A sample of the process is shown in the Elliptic Investigator graph below.Given the inconsistencies in the nature and timing of transactions,there is

161、 no indication that they are initiated programmatically or in an automated manner through the use of AI.Elliptic investigator shows the cross-chain obfuscation patterns of funds originating from drainer operator wallets.34AI-enhanced botnets may become an advantageous tool to upscale scams relying o

162、n rapid dissemination across social media.However,the FOX8 case demonstrated some notable weaknesses of deploying AI for such activity,as it resulted in some obvious red flag indicators.For example,over 1,200 of their tweets fell foul of ChatGPTs customary“As an AI language model,.”rejection respons

163、e thereby exposing their true nature.Future iterations,however,may get better at going unnoticed.In general,between 1 October 2022 and 23 April 2023,over 12,000 tweets containing the term“As an AI language model”were identified by the researchers.They were posted by over 9,000 unique accounts,not al

164、l necessarily linked to FOX8 or relevant to crypto.This provides an indication of the scale of AI usage by those operating fake social media profiles.One of the sites the botnet linked to,using articles lifted from legitimate news outlets.In July 2023,researchers at Indiana University investigated a

165、 Twitter botnet that had apparently used ChatGPT to craft tweets and replies,both to each other and to other accounts.Dubbed FOX8,the botnet consisted of over 1,100 accounts and linked to disinformation sites repackaging news articles from legitimate outlets.AI-generated tweets about web3 and intera

166、ctions with crypto-related accounts made up a significant portion of the botnets activity.The hashtag#crypto appeared over 3,000 times in FOX8-issued tweets.CAS E STU DY 1 2Crypto disinformation deployed at scaleThe FOX8 botnet35Enhancing illicit marketsT YPO LOGY 0536The dark web cybercrime ecosyst

167、em hosts a range of illicit or high risk goods and services,including malware,ransomware,stolen credit card data,identity document rendering platforms and cryptocurrency obfuscation services.There are early signals that AI has been used to either create or enhance a number of these illicit enterpris

168、es.Some of these goods or services have been identified as scams.For example,a scam crypto mixer(obfuscation service)called PenguinX stole$13,000 from victims by claiming to have“an in-built AI chamber designed by experienced cryptography experts to ensure the mixing modulation disengages terminal l

169、inkages of origin and destination of transactions”.The extensive use of AI jargon bears resemblance to the case studies in typology 2.However,other criminal enterprises such as the identity theft and document rendering market have shown greater interest in experimenting with AI due to the particular

170、 nature of their business.These services have historically used tools such as Photoshop to manually create images of fake passports,ID cards,drivers licenses or utility bills.The potential for AI to upscale document rendering is of particular relevance to crypto professionals,as fake IDs are often u

171、sed to bypass verification checks when opening accounts at crypto exchanges.The following case studies explore instances of dark web experimentation with AI and the implications for the crypto industry,as well as the potential for new illicit markets to be enabled through AI.AI-related listings on a

172、 dark web market(left)and scam cryptocurrency mixer PenguinX claiming to use AI to enhance the obfuscation of cryptoassets(right).Document rendering services being advertised on a cybercrime forum.37Of comparatively greater concern is the sale of AI-generated or-enhanced nude images.Two such listing

173、s were identified on a Chinese dark web market,one of which supposedly contained collections of“AI high definition”restored images of at least 13 celebrities involved in the Hong Kong entertainment industry on sale for$2.With AI-generated nude images also targeting celebrities such as Taylor Swift i

174、n early 2024,the scope of such listings may potentially be on the rise in the future.This trend also has potential implications for the production and distribution of AI-generated child sexual abuse material(CSAM).A selection of AI-related dark web listings:AI-generated nude celebrity images(top lef

175、t),ChatGPT accounts(top right),access to the paid version of the“AI Girlfriend”Android app(bottom left)and access to a supposed“AI bot”trading platform(bottom right)An increase in AI-related listings have been observed across a number of dark web markets.Most listings appear to reflect low-level cri

176、minality or non-criminality,such as the sale of ChatGPT premium accounts or PDF downloads of“AI prompt how-to guides”.Premium accounts for a number of other AI products or services,such as the“AI Girlfriend”app,have also been observed.Such listings typically range from$3 to$10 and do not indicate si

177、gnificant popularity,with only a couple of recorded sales.Unusually,a dark web listing has also been identified selling access to an“AI bot”trading platform for$21,900.The bot promises returns of 1 bitcoin per day a strong red-flag indicator of a scam as discussed in typology 2 in this case targetin

178、g other potential criminals.CAS E STU DY 1 3AI-related illicit goods and servicesAI-related listings on dark web markets38Elliptic Investigator showing incoming credit payments to an AI explicit image bot address.The observation of AI-generated explicit images on the dark web relates to another tren

179、d namely the rise in specialist AI services that generate such images in the first place.Elliptic has identified a number of websites and Telegram bots that purportedly generate explicit content based on user-uploaded images using AI.Many create images for less than$1 each.Some of these services tak

180、e crypto payments for credits,though on-chain data suggests that other fiat payment methods are typically more popular.Crypto payment processors are often used to facilitate payments to many of these services.One AI“undresser”Telegram bot with 260,000 subscribers has received just over$3,000 in cryp

181、to payments.Another Chinese-origin service with 330,000 subscribers,however,has received a more notable$170,000 in USDT.The apparent popularity of such services has also prompted a number of“AI deepfake generator”scams,as well as alleged cyberattacks of rival services by competitor bots.CAS E STU DY

182、 14AI-related illicit goods and servicesThe rise in deepfake and AI explicit image generator services39Some bots occasionally provide a disclaimer“prohibiting”the use of their services by minors or for generating CSAM.However,there does not appear to be any ostensible mechanism in place to actually

183、prevent their use in this way,or for other illegal or harmful activities such as generating explicit images of a person without their consent.In some jurisdictions,such as the UK as of 2024,the creation and dissemination of deepfake pornography is set to be outlawed altogether.Crypto does not appear

184、 to be a significant enabler of this trend.However,tracing crypto payments to such services can offer crucial insights for law enforcement agencies investigating their misuse.Elliptic aims to assist investigations by ensuring that the crypto payment addresses of these services are labeled and tracea

185、ble in our tools.The apparent use of AI to filter logs is unlikely to be a significant exacerbator of LummaC2 malware and appears,at most,to be a minor efficiency drive.However,should such explorations in AI continue,there are two potential implications for the crypto ecosystem.First,Lummas develope

186、rs and cybersecurity analysts suggest that the stealer emphasizes crypto wallets exemplified by their Telegram posts regarding the hacking of MetaMask passwords.Upscaling this capacity through AI places crypto users at higher risk of theft.Second,the upscaling of malware capabilities to steal identi

187、ties or passwords can accelerate the opening or accessing of crypto exchange accounts in malware victims names.The sale of fake accounts is,in itself,an illicit market on the dark web which stands to gain indirectly from any boost to the capability of criminals to bypass KYC and generate fake accoun

188、ts to sell.LummaC2 announcing their incorporation of AI(left)and Telegram advertisements about hacking Metamask wallets(right).LummaC2 is a malware-as-a-service“stealer”sold on the dark web.It is sold to cybercriminal clients,together with an admin panel,who then target potential victims with infect

189、ed files.The stealer is designed to gather information from infected computers such as login credentials,two-factor authentication codes,web browser information and cryptocurrency wallets.Stolen information is made available through logs of recorded data that the malware has extracted from an infect

190、ed computer.These logs are also sold on dark web markets.In August 2023,Lumma announced that it would be incorporating neural networks a subset of AI that seeks to computerize data processing in a way that mimics the human brain into its systems.The stealer claimed that the AI would identify bot mac

191、hines within collected logs of stolen information,streamlining clients data theft operations.CAS E STU DY 15AI-related illicit goods and servicesMalware“stealer”allegedly uses AI to filter logs of stolen data41“OnlyFake”has claimed to use neural networks to fulfill its services.On advertisements,it

192、is suggested that a built-in AI editor processes photos and signatures.These claims led to a surge in attention,from both dark web users and the cybersecurity community.In a highly publicized cybersecurity test,an OnlyFake-generated ID image was able to fool the KYC verification checks of a major cr

193、ypto exchange after which OnlyFake claimed it was against“the illegal use of its service”.However,since the generation of fake official documents is itself a crime in most jurisdictions,it is unclear what legitimate use the service would otherwise be serving.OnlyFakes extensive use of fictional hitm

194、an John Wick to advertise its service.One potentially AI-enhanced document generating service “OnlyFake Document Generator 3.0”(a.k.a.“Onetimes”)extensively uses the likeness of Keanu Reevess famous hitman character John Wick to advertise their product.The service offers to render images of passport

195、s,drivers licenses and identity cards across several jurisdictions.Unlike many other conventional rendering services that manually design documents using Photoshop,OnlyFake provides automated generation with an ability to therefore scale the production of fake identities.The site advertises a capabi

196、lity to generate 100 documents at once through an excel spreadsheet.Subscription plans are on sale for$15(generation of one fake document),$99(10 documents),$249(50 documents),$599(150 documents)and$1,500(1,000 documents).CAS E STU DY 1 6AI-enhanced document fraudIs this John Wick-obsessed identity

197、fraudster using AI?42Less than a month after becoming the focus of cybersecurity reporters,OnlyFake posted a“clarification”through Telegram denying the use of AI,possibly seeking to distance itself from further unwanted attention.By tracing the value of cryptocurrency payments to one OnlyFake paymen

198、t address,Elliptic estimates that enough licenses were sold to generate approximately 4,935 fake documents in the period between 10 February and 10 March 2024 from approximately$24,000 worth of payments to that one specific address alone.This amounts to an average of seven IDs per hour.In comparison

199、,manual document rendering services typically advertise turnarounds of 20-30 minutes per document.The automated generation of IDs in this case,therefore,potentially more than tripled that capacity with the added capability of being available 24 hours a day.In the same time period,445 payments were m

200、ade to the site of which some were made by the same users.Most(391)were$15 payments for generating a single document,though two were$1,500 purchases of the highest package,allowing 1,000 document generations each.OnlyFake both suggests(left)and denies(right)the use of AI to render fake documents.Ell

201、iptic Investigator shows payments made to OnlyFake to purchase document generation packages for$15(green),$99(yellow),$249(orange),$599(red)and$1,500(dark red).The issue of deepfakes in bypassing digital identity verification is not,however,only a crypto-related risk.In fact,the traceability of cryp

202、to and the power of blockchain analytics can offer unique capabilities for investigators to identify those behind fake accounts,even where digital identity verification has not been able to detect them.For example,tracing the origin of payments to sites such as OnlyFake and thus potentially the true

203、 identities of those involved should said payments originate from legitimate accounts at crypto exchanges is possible through blockchain analytics solutions.The transparency of blockchains provides a crucial vector for potentially identifying the crypto accounts used by fraudsters attempting to bypa

204、ss KYC in both virtual asset and traditional financial services underscores the power of blockchain analytics to go beyond protecting just the crypto industry.OnlyFake users post screenshots of apparent ID verifications on crypto exchanges.Much like many other financial and designated non-financial

205、institutions,cryptocurrency exchanges require know-your-customer(KYC)checks for onboarding new users.This typically involves a built-in verification system checking new users documents.In a 2023 report,ID verification company Sumsub noted that 70%of crypto companies observed an increase in the use o

206、f deepfakes for KYC,the apparent use of which in such cases grew by 128%from 2022 to 2023.The release of increasingly convincing AI video generators have endangered even enhanced forms of ID verification that some exchanges employ for approving larger transactions,such as the requirement to take and

207、 send video evidence.OnlyFake,the supposedly AI-using document generator introduced previously,has posted customer reviews and screenshots of successful verifications on crypto exchanges,as well as by traditional finance payment service providers and stockbrokers.CAS E STU DY 17AI-enhanced document

208、fraudBypassing KYC at exchanges44Worldcoin-related listings on online secondary marketplaces in China,where the app does not operate.Source:EllipticThe rise of technologies such as AI,web3,metaverse platforms and virtual reality have all sparked new debates and possibilities for how one authenticate

209、s their identity in an increasingly digital world.Amid continuing interest in self-sovereign and decentralized identity systems,AI has been touted as a way of upscaling ID verification through enhanced behavioral biometrics and quicker information checks across a wider range of datasets.AI and crypt

210、o have become associated in novel ways in digital identity innovation.Worldcoin,a project designed to provide a privacy-preserving service to enhance users access to finance,uses eyeball scans to verify identity.Though the project has raised eyebrows(pun not intended)for its peculiar strategy,millio

211、ns of users across over 100 countries have had their eyeballs scanned.Users are rewarded with Worldcoin($WLD),a crypto token.As with every means of ID verification and innovation,there are implications for data security and how fraudsters respond to potential new illicit markets created for novel id

212、entity data.Increased adoption of such novel technologies is likely to reciprocally increase demand for stolen data be it iris scans or crypto wallets storing digital identities.The potential of these developments to shift the current fraud landscape,where purchases are predominantly made in crypto,

213、has implications particularly in terms of designing out crime in novel ID verification systems under development,to ensure users are secure from emerging threats from the onset.CAS E STU DY 1 8Creating new illicit marketsNovel methods of authentication spawn a new age of ID theft45This report has id

214、entified five typologies and 18 case studies of AI-enhanced crime with a nexus to cryptoassets.The vast majority of these threats are in their infancy and with measured early responses by responsible industry partners may be successfully mitigated before they ever become mainstream.This is likely to

215、 rest on the collaborative work of a range of stakeholders,including but not limited to:Law enforcement investigators given the shifting strategies used by cybercriminals to deploy AI-enhanced scams,malware and fake IDs.Crypto compliance professionals given the shifting nature of red-flag indicators

216、 in determining the suspiciousness of crypto transactions relating to AI-enhanced criminal activity.Users of crypto and AI noting that prevention is the best cure,users can better protect themselves and each other by being aware of the latest red-flag indicators,particularly for scams using AI to en

217、hance their supposed legitimacy.Technology developers to factor in potential crime implications during the development phase of their products and services,allowing safe and sustainable use by legitimate users while being resilient to criminal exploitation.Regulators and policymakers to ensure benef

218、icial technologies are not impeded by crime risks or hard-hitting regulations,and to clarify legally ambiguous recent trends that have criminal implications.It is worth reiterating that most of the typologies discussed are not exclusively relevant to crypto only.The use of AI for identity fraud,cybe

219、rcrime or making scams more convincing,for example,impacts traditional financial systems as much as if not more than the crypto ecosystem.Finally it is also worth reiterating that as with all major emerging technologies,the benefits of AI and cryptoassets far exceed their potential criminal exploita

220、tion.To underscore this,the report concludes with a summary of Elliptics recent work together with the MIT-IBM Watson AI Lab to pioneer an AI-driven breakthrough in detecting illicit blockchain activity.This section continues with some suggested preventative measures in response to the case studies

221、and trends identified throughout this report.Summary and conclusion46Prevention measures and recommendationsThis section lists some early preventative measures arising from the above matrices that stakeholders particularly law enforcement and crypto compliance professionals can take to mitigate the

222、trends discussed throughout this report.Measures are presented using the DECODE(detect,educate,co-operate,defend,enforce)framework for mitigating emerging crime trends.Elliptic is consistently enhancing best practices for countering emerging crypto crime risks.You can participate in this effort by p

223、artaking in our short survey,detailed on page 48.Use blockchain analytics to identify the source of payments to AI-related illicit services this can assist in tracking down offenders that use services such as unethical GPTs,AI explicit deepfake generators and document rendering services to open frau

224、dulent accounts on crypto exchanges and other services.Use AI-enhanced blockchain analytics to detect instances of crime this is crucial for ensuring the capabilities of preventative stakeholders outmatch the pace of innovation among cybercriminal ecosystems.Raise awareness among users of crypto and

225、 AI on both existing and recent red-flag indicators of scams including the use of AI-related jargon to promote scam investment platforms and fake AI-related crypto tokens.Educate users and employees on methods to identify deepfakes both in potential malicious communications and across social media a

226、nd video streaming platforms.Data sharing to expand the capabilities of relevant stakeholders to mitigate AI-enhanced crypto crime Elliptic has published a dataset that will allow other researchers to develop new AI models and create novel techniques for the identification of financial crime on bloc

227、kchains.The“Elliptic2”dataset contains information on nearly 200 million crypto transactions between more than 50 million addresses,and is available for anyone to access.Share best practices across stakeholders You can get involved in our endeavor to facilitate the development of more comprehensive

228、prevention measures by participating in our Delphi study(see page 48).DetectEducateCo-operate47 Ensure that new AI and crypto technologies are crime-proofed during development products and services that are resilient from the start to potential criminal exploitation can help prevent the trends discu

229、ssed in this report from becoming mainstream,and avoid costly and hard-hitting regulations in the future.Equip compliance teams-effectively detect,trace and mitigate potential threats as they emerge with access to a blockchain analytics capability that is underpinned by robust data.Prioritize interv

230、entions against illicit services experimenting with AI Elliptic has labeled the actors discussed in this report in its tools to enable effective tracing and investigations into their operations,operators and users ensuring that their AI upscaling efforts can be prevented in their early stages.Ensure

231、 that new and fast-paced innovations in AI are integrated with capacity building and training This can allow cases involving the misuse of emerging technologies to be effectively identified and investigated in a timely manner.DefendEnforce48At Elliptic,we are committed to ensuring that our underlyin

232、g crypto intelligence captures AI-enhanced crypto crime so that innovators,financial services,crypto businesses and law enforcement can detect,trace and mitigate these threats effectively.Our activities and aims in this light include:1.Identifying malicious crypto addresses that have been used to pe

233、rpetrate AI-enhanced crypto crimes and ensuring they can be traced using our tools.2.Identifying new and emerging red flag indicators that are unique to the latest crime trends and disseminating them.3.Ensuring that relevant stakeholders are kept updated of latest findings and trends.Contact us for

234、a demo of our blockchain analytics tools to further explore how our tools can help safeguard your business in the changing face of crypto crime.Elliptic:Your partner for staying ahead of the curveBook demoOur work does not end with this report.Elliptic is running a Delphi study as part of our ongoin

235、g horizon scanning work,helping to drive meaningful change and secure innovation against future threats.We are looking for experts dealing with crypto or AI to let us know their thoughts about the typologies in this report and how to best mitigate them.You are invited to join a select group of thoug

236、ht leaders and participate in a set of short,surveys.We will collate the results and provide you priority access allowing you and your organization to stay ahead of the curve.Let us know your views about the futureClick here to participate49Reiterating our commitment to fostering beneficial innovati

237、on in the crypto and AI sectors,Elliptics researchers have collaborated with the MIT-IBM Watson AI Lab to achieve a breakthrough in using AI to identify cryptoasset-based money laundering.You can find more about this here.Our use of AI to detect crypto-based money laundering“Weve barely scratched th

238、e surface of what is possible in this domain,but this work has already led to benefits for Elliptics users.Further collaboration and data-sharing will be key to advancing these techniques and combating financial crime in cryptoassets.”Dr Tom Robinson Co-founder and Chief Scientist at EllipticOur wor

239、k involved the application of subgraph representation learning,a deep learning technique,to cryptocurrency transactions.The model successfully identified previously unknown incidents of money laundering through crypto exchanges and several illicit wallets including those believed to be controlled by

240、 a Ponzi scheme and a Russian darknet market.This promises to greatly enhance the efficacy of blockchain analytics for anti-money laundering.These techniques could be used by law enforcement agencies and regulators to identify and pursue criminal activity on the blockchain.50Other reports by Ellipti

241、cSanctions Compliance in CryptocurrenciesOver the past year,sanctions enforcement in the crypto space has continued to accelerate.Weve seen further crypto related sanctions targeting Russia,and sanctions continue to be directed at mixers such as Sinbad,identified by Elliptic as a rebranded and relau

242、nched version of Blender.io.Compliance teams will need to be alert to potential sanctions evasion activity involving sanctioned jurisdictions such as Russia,Iran and North Korea,as well as entities and individuals on sanctions lists,and they should take these risks seriously.Download this practical

243、guide as we share five key steps to navigate the challenge of cryptocurrency sanctions compliance with success.The State of Cross-chain Crime Why cross-chain crime is accelerating,with cross-chain and cross-asset services used to launder$2.7 billion worth of illicit and high-risk funds in the space

244、of a year The more complex cross-chain methods criminals and hackers are using to obfuscate their laundering activities How the Lazarus Group-North Koreas hacking organization-has laundered over$900 million through cross-chain methods How Elliptics Holistic-enabled blockchain analytics capabilities

245、allowed us to uncover the true scale of cross-chain crimeTypologies 2024This years report reflects important and rapid developments impacting the nexus between cryptoassets and financial crime and includes chapters on:The convergence of AI and cryptoassets and how it is impacting criminal activity S

246、tablecoins and the significant changes in this component of the cryptoasset ecosystem Major law enforcement and regulatory actions with additional case studies Plus,learn how you can leverage Elliptics best-in-class,enhanced blockchain analytics capabilities to enhance your detection of financial cr

247、ime typologies.51About the authorArda is an Assistant Professor of Future Crime at the City University of Hong Kong Department of Social and Behavioural Sciences,and a Senior Crypto Threat Researcher at Elliptic.His research focuses on the money laundering and terrorist financing risks of emerging t

248、echnologies.He has advised numerous international organizations,public and private sector entities on future crime issues including the UK government,US federal agencies,and the United Nations International Narcotics Control Board.He lectures on topics such as horizon scanning and cryptoasset-based

249、crime.Dr Eray Arda Akartuna52DisclaimerThis report is a matter of opinion of Elliptic,except where otherwise indicated,that has been produced based on circumstances and facts reasonably known to Elliptic as at the date of publication.The information contained in this report is provided for general i

250、nformation purposes only and is not intended to amount to any form of advice,recommendation,representation,endorsement or arrangement on which you should rely.This report may contain hyperlinks or references to third party websites other than those of Elliptic.Elliptic has no control over third-part

251、y advertising or websites and accepts no legal responsibility for any content,material or information contained in them.The display of any hyperlink and reference to any third party advertising or website does not mean that Elliptic endorses that third partys website,products or services.Your use of

252、 a third-party site may be governed by the terms and conditions of that third-party site and is at your own risk.This report is confidential and for use within the entity that Elliptic has supplied it to.The intellectual property rights in this report,including but not limited to any text,images or

253、other information or material within,are owned by Elliptic,its licensors and named third parties.Elliptic and its licensors reserve all our intellectual property rights(including,but not limited to,all copyright,trademarks,domain names,design rights,database rights,patents and all other intellectual

254、 property rights of any kind)whether registered or unregistered anywhere in the world.Nothing grants you any legal rights in this report or the content within this report other than as is necessary for you to use it for your own,internal,non-commercial purposes.Elliptic does not warrant that the inf

255、ormation will be accurate,complete or suitable for any particular purpose and,save for the exclusion or limitation of liability for any death or personal injury caused by its negligence,liability for fraud or fraudulent misrepresentation,or any other liability that the law does not allow us to exclu

256、de or limit,Elliptic disclaims all liability to the maximum extent legally possible for any loss,howsoever arising from your use of this report.References are available on request via email to marketingelliptic.co.All hyperlinks embedded in this report were working and secure as of 6 June 2024.Access at your own risk.53