Cryptocurrency Money Laundering Red Flags

Cryptocurrency use is not slowing down. As online transactions become more widespread, vendors have to watch out for increasing threats every day – especially money laundering red flags arising from the use of cryptocurrencies like Bitcoin and others!

To trade with cryptocurrencies or online assets, consumers need a virtual wallet to hold their virtual coins. These wallet providers are oftentimes offering services that are fast and efficient, allowing users to transfer funds quickly to other people or corporations (if they also have a wallet). This novel world of online assets is striking to money launderers, allowing them to sometimes (or at some unregulated offshore vendors) transact anonymously and avoid the usual AML legislation in places like in banks or other financial institutions. This money laundering opportunity is growing, and reports estimate that about $1 million was laundered online in 2018, which increased even further to $2.8 billion in 2019.

Table of Contents

Key Takeaways

  • Patterns of red flag behaviours can be used to identify the money laundering of cryptocurrency.
  • Many forms of transactions of cryptocurrency are tied to fraudulent behaviour.
  • The anonymity of virtual assets allows criminals to conceal their identity behind the screen.
  • Patterns of seller and buyer relationships highlight cryptocurrency money laundering red flags.
  • The origin of funds is important in identifying money laundering red flags.
  • The geography and movement of funds can be used to identify other fraudulent activities.

Cryptocurrency Money Laundering Red Flags

The Financial Action Task Force (FATF) research into cryptocurrency money laundering red flags of virtual assets and cryptocurrency offers common characteristics of money laundering activity online. Utilizing over 100 case studies to draw conclusions, this report investigated virtual crimes against AML legislations globally since 2017.

The Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing report of 2020 sets out guidelines intending to help financial establishments and cryptocurrency service providers further enhance AML Bitcoin guidelines.

Cryptocurrency Transaction Types

Even on the new front of cryptocurrency, the general principles of money laundering criminal activity remain. The strategies used by fraudulent users incorporate traditional methods altered to be anonymous and virtual. FATF finds that the type of cryptocurrency transaction is relevant and often can decipher when money laundering may be in effect. The following types are noted as often being fraudulent:

  • Many payments in small amounts to avoid attracting attention.
  • High-value cryptocurrency transactions in only a short time period.
  • Instantly transferring virtual funds out of highly controlled areas and into low-regulated dominions.
  • Immediately withdrawing virtual funds without any in-between transactions.
  • Depositing previously identified stolen funds into crypto wallets.

In one example, criminals were using a phishing scam to steal 400 million Koran won, later exchanging those funds for virtual cryptocurrencies. After carrying out many high-value transactions in a short time period, the funds were relocated into a foreign virtual wallet. These funds were relocated 48 times in an attempt to hide identity.

Money Laundering Red Flags 3

Virtual Money Laundering Patterns

Virtual money laundering is often tied to patterns of transactions.

Patterns identified include:

  • New accounts that are seemingly inconsistent with the opener’s determined wealth.
  • New accounts funded by a hefty preliminary payment that is shortly afterward traded.
  • Transactions with seemingly illogical sets of cryptocurrencies or accounts without ties.
  • Large amounts of cryptocurrencies exchanged recurrently within a period of time to one account from numerous others.
  • Small quantities from multiple virtual wallets that are instantly relocated or removed.
  • A series of crypto movements resulting in a loss of money due to account fees.
  • Recurrent exchanges of fiat money to cryptocurrency without apparent reason.

For example, a financial security corporation took notice of two transactions summing to $4.8 million between crypto accounts within only 6 minutes of one another. This wallet in the Cayman Islands was deemed suspicious and frozen, later found to be illegally obtained funds.

Concealment Of Identity

The technology that allows for anonymous exchanges between consumers of cryptocurrency also allows for the increasing threat of money laundering without ties to who is behind the wallet. This can often hinder how much information authorities have when looking into suspicious activity of virtual funds. Money laundering behaviour that abuses the anonymous factor of cryptocurrency may show the following characteristics:

  • Transactions using more than one cryptocurrency type, especially highly anonymous currencies with seemingly “unjustified” high feeds.
  • Movement of funds from a transparent blockchain account to a centralized cryptocurrency exchange platform and then to a private or anonymous coin or currency.
  • Customers operating as unlicensed providers for other users on peer-to-peer cryptocurrency sites who may frequently charge high fees to handle the virtual funds on behalf of their patrons than a licensed company.
  • A substantial volume of peer-to-peer transaction activity using mixing services without justification.
  • Funds from a suspicious source deposited to a cryptocurrency wallet, such as gambling sites.
  • Funds entering cryptocurrency wallets from suspicious IP addresses or managed with encryption software.
  • Funds transferred across international borders using decentralized hardware.
  • Users who use proxies or DNS allow users to hide domain names while registering for a cryptocurrency wallet.
  • Multiple virtual wallets all from a singular IP address.
  • Usage of undocumented cryptocurrencies linked to fraud.
  • Funds sent with clearly insufficient customer due diligence (CDD) or know-your-customer (KYC) procedures.
  • The use of virtual currency ATMs for numerous minor transactions in high-risk jurisdictions

For example, a darknet market known as AlphaBay was used to buy a sell illegal goods, including drugs, weapons, and forged credentials. More than 40,000 vendors used the marketplace to reach over 200,000 buyers, conducting $1 billion in transactions until the United States authorities took it down

Individuals Involved

Patterns of red flag behaviour from both senders and receivers of cryptocurrency have been identified as including the following:


  • Users with accounts under multiple names avoid any trade or withdrawal limitations placed by the site creator, or many accounts under a single IP address.
  • Accounts or transactions that begin from suspicious IP addresses.
  • Users with a domain registered in a high-risk jurisdiction or a jurisdiction other than their country of residence.

Customer Due Diligence

  • Users with insufficient personal information, have denied requests from the site to provide KYC information or have forged identification materials.
  • Senders and receivers lacking knowledge of the source of their transactions or correspondents.


  • Accounts with shared identification credentials or illegal activity associated with them.
  • Accounts showing dissimilarity between the IP address on account and the IP address of transactions.
  • Customers repeatedly adjusting their identification information or contact forms.
  • Customers attempting to access the platform from multiple IP addresses within a single day or short period of time.
  • Accounts showing significant gains or losses by performing trades with the same individuals.
  • Accounts communicating with each other in a way that indicates illicit activities.

Money Mules

  • Senders that are unaware of how to use crypto technology.
  • Vulnerable customers engaging in high-risk dealings.
  • Customers purchasing spending large amounts of money on cryptocurrency when it is inconsistent with their wealth.

For example, a bank receiving legal virtual assets discovered the seller could not identify the origin of the funds. After investigation, the bank revealed the cryptocurrency was linked to illegal activity.

Source Of Funds

Illegal sources of cryptocurrency funds may be tied to the following behaviours:

  • Funds coming from cryptocurrency investments or ICO’s, platforms with insufficient control or mixing services.
  • Transactions from cryptocurrency accounts without known links to fraud, ransomware, darknet marketplaces, other illegal activity, or online gambling sites.
  • A single virtual wallet tied to many credit or debit cards used to withdraw large amounts of fiat money.
  • Extensive deposits into virtual wallets that are instantly withdrawn as fiat money. 
  • Little to no customer transparency where relevant personal identification is not available to cryptocurrency providers.

For example, the managers of DeepDotWeb were found to be referring visitors to the site to illegal darknet markets in return for cryptocurrencies. The owners removed the cryptocurrencies through a series of Bitcoin virtual wallets to conceal the origin of over $15 million.

Money Laundering Red Flags 2

Red Flag Locations

Criminals moving funds across borders and around the world often abuse the regions with little control over cryptocurrency guidelines. General behaviour indicators of this include:

  • Cryptocurrency funds that are from or sent to a country that the customer is not from.
  • Customers using cryptocurrency providers in high-risk areas that are known to have limited AML procedures in place.
  • Customers set up their workplaces in places with little to no cryptocurrency protocols without justification for doing so.

For example, an unlicensed Bitcoin seller was shut down in 2019 after using a US-based exchange to trade over $800,000 in payments. The seller then switched jurisdictions to an Asian exchange, then importing back to the US later on.

What Next?

Following the FATF guidelines is an excellent source of information to help strengthen AML legislation. AML cryptocurrency or AML Bitcoin programs should do their best to regularly follow a risk assessment model that reflects their needs and threats. This means measures should be implemented to address money laundering behaviours with virtual and cryptocurrency money laundering red flag indicators, as set out in the report. AML procedures should follow guidelines such as:

  • Have CDD processes to identify customers and identify higher-risk customers for enhanced due diligence.
  • Monitor transactions capable of suspicious activity and report suspicions to authorities straightaway.  
  • Screen customers against international sanctions lists.
  • Monitoring when customers are the subject of negative media.


In summary, the FATF offers exceptional guidelines for understanding, monitoring, and learning to prevent money laundering in cryptocurrency formats as well as cryptocurrency money laundering red flags. The many examples and bullet points provided should be examined by financial agencies and corporations to efficiently identify fraudulent activity before it takes off.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}