Cryptocurrency Money Laundering Red Flags

Posted in Anti-Money Laundering (AML) on May 31, 2024

Cryptocurrency use is not slowing down. As online transactions become more widespread, vendors have to watch out for increasing daily threats – especially money laundering red flags arising from using cryptocurrencies like Bitcoin and others!

Consumers need a virtual wallet to hold their virtual coins to trade with cryptocurrencies or online assets. These wallet providers are constantly offering fast and efficient services, allowing users to transfer funds quickly to other people or corporations (if they also have a wallet).

This novel world of online assets is striking to money launderers, allowing them to sometimes (or at some unregulated offshore vendors) transact anonymously and avoid the usual anti money laundering or AML legislation in places like banks or other financial institutions. This money laundering opportunity is growing, and reports estimate that about $1 million was laundered online in 2018, which increased to $2.8 billion in 2019.

Table of Contents

Key Takeaways

  • Patterns of red flag behaviors can be used to identify the money laundering of cryptocurrency.
  • Many forms of transactions of cryptocurrency are tied to fraudulent behavior.
  • The anonymity of virtual assets allows criminals to conceal their identity behind the screen.
  • Patterns of the seller and buyer relationships highlight cryptocurrency money laundering red flags.
  • The origin of funds is important in identifying money laundering red flags.
  • The geography and movement of funds can be used to identify other fraudulent activities.

Cryptocurrency Money Laundering Red Flags

The Financial Action Task Force (FATF) research into cryptocurrency money laundering red flags of virtual assets and cryptocurrency offers common characteristics of money laundering activity online. This report has investigated virtual crimes against AML legislations globally since 2017 by utilizing over 100 case studies to draw conclusions.

The Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing report of 2020 sets out guidelines to help financial establishments and cryptocurrency service providers further enhance AML Bitcoin guidelines.

Cryptocurrency Transaction Types

Even on the new front of cryptocurrency, the general principles of money laundering criminal activity remain. The strategies used by fraudulent users incorporate traditional methods altered to be anonymous and virtual. FATF finds that the type of cryptocurrency transaction is relevant and often can decipher when money laundering may be in effect. The following types are noted as often being fraudulent:

  • Many payments in small amounts to avoid attracting attention.
  • High-value cryptocurrency transactions in only a short period.
  • Instantly transferring virtual funds out of highly controlled areas and into low-regulated dominions.
  • Immediately withdrawing virtual funds without any in-between transactions.
  • Depositing previously identified stolen funds into crypto wallets.

In one example, criminals used a phishing scam to steal 400 million Korean won, later exchanging those funds for virtual cryptocurrencies. After carrying out many high-value transactions in a short time, the funds were relocated into a foreign virtual wallet and done 48 times in an attempt to hide identity.

Money Laundering Red Flags 3

Virtual Money Laundering Patterns

Virtual money laundering is often tied to patterns of transactions.

Patterns identified include:

  • New accounts that are seemingly inconsistent with the opener’s determined wealth.
  • New accounts funded by a hefty preliminary payment that is shortly afterward traded.
  • Transactions with seemingly illogical sets of cryptocurrencies or accounts without ties.
  • Large amounts of cryptocurrencies exchanged recurrently within a period to one account from numerous others.
  • Small quantities from multiple virtual wallets that are instantly relocated or removed.
  • A series of crypto movements resulting in a loss of money due to account fees.
  • Recurrent exchanges of fiat money to cryptocurrency without apparent reason.

For example, a financial security corporation took notice of two transactions summing to $4.8 million between crypto accounts within only 6 minutes of one another. This wallet in the Cayman Islands was deemed suspicious and frozen, later found to be illegally obtained funds.

Concealment Of Identity

The technology that allows for anonymous exchanges between consumers of cryptocurrency also allows for the increasing threat of money laundering without ties to who is behind the wallet. It can often hinder how much information authorities have when looking into suspicious activity of virtual funds. Money laundering behavior that abuses the anonymous factor of cryptocurrency may show the following characteristics:

  • Transactions using more than one cryptocurrency type, especially highly anonymous currencies with seemingly “unjustified” high feeds
  • Movement of funds from a transparent blockchain account to a centralized cryptocurrency exchange platform and then to a private or anonymous coin or currency
  • Customers operating as unlicensed providers for other users on peer-to-peer cryptocurrency sites who may frequently charge high fees to handle the virtual funds on behalf of their patrons than a licensed company
  • A substantial volume of peer-to-peer transaction activity using mixing services without justification
  • Funds from a suspicious source deposited into a cryptocurrency wallet, such as gambling sites
  • Funds entering cryptocurrency wallets from suspicious IP addresses or managed with encryption software
  • Funds transferred across international borders using decentralized hardware
  • Users who use proxies or DNS allow users to hide domain names while registering for a cryptocurrency wallet
  • Multiple virtual wallets, all from a singular IP address
  • Usage of undocumented cryptocurrencies linked to fraud
  • Funds sent with clearly insufficient customer due diligence (CDD) or know-your-customer (KYC) procedures
  • The use of virtual currency ATMs for numerous minor transactions in high-risk jurisdictions

For example, a darknet market known as AlphaBay was used to buy and sell illegal goods, including drugs, weapons, and forged credentials. More than 40,000 vendors used the marketplace to reach over 200,000 buyers, conducting $1 billion in transactions until the United States authorities took it down.

Individuals Involved

Patterns of red flag behavior from both senders and receivers of cryptocurrency have been identified as including the following:


  • Users with accounts under multiple names avoid trade or withdrawal limitations placed by the site creator or many accounts under a single IP address
  • Accounts or transactions that begin from suspicious IP addresses
  • Users with a domain registered in a high-risk jurisdiction or a jurisdiction other than their country of residence

Customer Due Diligence

  • Users with insufficient personal information have denied requests from the site to provide KYC information or have forged identification materials
  • Senders and receivers lacking knowledge of the source of their transactions or correspondents


  • Accounts with shared identification credentials or illegal activity associated with them
  • Accounts showing dissimilarity between the IP address on account and the IP address of the transactions
  • Customers repeatedly adjus their identification information or contact forms
  • Customers attempting to access the platform from multiple IP addresses within a single day or short period
  • Accounts showing significant gains or losses by performing trades with the same individuals
  • Accounts communicating with each other in a way that indicates illicit activities

Money Mules

  • Senders that are unaware of how to use crypto technology
  • Vulnerable customers engaging in high-risk dealings
  • Customers purchase spending large amounts of money on cryptocurrency when it is inconsistent with their wealth

For example, a bank receiving legal virtual assets discovered the seller could not identify the origin of the funds. After investigation, the bank revealed the cryptocurrency was linked to illegal activity.

Source Of Funds

Illegal sources of cryptocurrency funds may be tied to the following behaviors:

  • Funds coming from cryptocurrency investments or the initial coin offerings or ICOs platforms with insufficient control, or mixing services
  • Transactions from cryptocurrency accounts without known links to fraud, ransomware, darknet marketplaces, other illegal activity, or online gambling sites
  • A single virtual wallet tied to many credit or debit cards used to withdraw large amounts of fiat money
  • Extensive deposits into virtual wallets that are instantly withdrawn as fiat money
  • Little to no customer transparency where relevant personal identification is not available to cryptocurrency providers

For example, the managers of DeepDotWeb were found to be referring visitors to the site to illegal darknet markets in return for cryptocurrencies. The owners removed the cryptocurrencies through a series of Bitcoin virtual wallets to conceal the origin of over $15 million.

Money Laundering Red Flags 2

Red Flag Locations

Criminals moving funds across borders and around the world often abuse the regions with little control over cryptocurrency guidelines. General behavior indicators of this include:

  • Cryptocurrency funds that are from or sent to a country that the customer is not from
  • Customers using cryptocurrency providers in high-risk areas that are known to have limited AML procedures in place
  • Customers set up their workplaces in places with little to no cryptocurrency protocols without justification for doing so

For example, an unlicensed Bitcoin seller was shut down in 2019 after using a US-based exchange to trade over $800,000 in payments. The seller then switched jurisdictions to an Asian exchange, then ‘imported back to the US later.

What’s Next?

Following the FATF guidelines is an excellent source of information to help strengthen AML legislation. AML cryptocurrency or AML Bitcoin programs should do their best to regularly follow a risk assessment model that reflects their needs and threats. It means measures should be implemented to address money laundering behaviors with virtual and cryptocurrency money laundering red flag indicators, as set out in the report. AML procedures should follow guidelines such as:

  • Have CDD processes to identify customers and identify higher-risk customers for enhanced due diligence
  • Monitor transactions capable of suspicious activity and report suspicions to authorities straightaway
  • Screen customers against international sanctions lists
  • Monitoring when customers are the subject of negative media


In summary, the FATF offers exceptional guidelines for understanding, monitoring, and learning to prevent money laundering in cryptocurrency formats and cryptocurrency money laundering red flags. Financial agencies and corporations should examine the many examples and bullet points provided to identify fraudulent activity before it takes off efficiently.