Fraud and ransomware dominate in Eastern Europe

Fraud and ransomware dominate in Eastern Europe


According to Chainalysis, Eastern Europe is the only region in the world where illegal activity accounts for more than 0.5 percent of all cryptocurrency transactions. A sufficient reason for the Blockchain data platform to consider in detail the crime landscape in this area in the “Report on crypto-crimes in Eastern Europe”, and to compare it with other regions of the world.

Chainalysis has provided some insight into some of the results. Eastern Europe ranks second among all regions of the world when it comes to illegal transactions with cryptocurrencies, only Africa is ahead of it. However, it should be noted that the crypto ecosystem in Eastern Europe is much larger than in Africa. It is also the only region with a total transaction volume of more than $400 million in which illegal activity accounts for more than 0.5 percent of all sent and received valuables.

High percentage of fraud

This region also ranks second in terms of illegally transferred amounts, and only Western Europe has even higher values. The highest percentage of fraud in the world is also noticeable: from June 2020 to July 2021, Eastern European scammers stole about 815 million US dollars in this way. This also indicates a large number of fraudulent sites from Eastern Europe.

Most of this capital belongs to Finiko, a pyramid scheme that collapsed in July 2021. Besides Bitcoin and Tether, they also used their own coin, and promised users a monthly income of more than 30 percent. In total, the scammers stole about 1.5 billion US dollars in cryptocurrencies. How much of it was paid to keep the pyramid scheme alive is currently unclear.

Transactions related to the darknet also occur more frequently in Eastern Europe than in the rest of the world: here transactions are mainly processed through the Hydra market, which is specifically designed for users in Russian-speaking countries.

The House of Cybercriminals

Chainalysis also reports that Eastern European addresses have attracted about $46 million due to ransomware attacks. Analysts note that many of the most well-known ransomware threats are associated with criminal groups from Russia or have a connection with them. These include, for example, the notorious Evil Corp, whose leaders are allegedly even connected with the Russian government (as Washington claims).

Another evidence of the high proportion of cybercriminals from Eastern Europe is the fact that ransomware programs of Eastern European origin often specifically protect operating systems based in the Commonwealth of Independent States (CIS). This is an organization that united the states of the former Soviet Union.

Based on all this, governments and companies are looking for solutions to this problem. This applies to tools for forensic examination of financial transactions.

Security research in the TITANIUM project

The European research project TITANIUM (Tools for investigating transactions in shadow markets0 such as the darknet) has developed solutions to prevent criminals and intruders from using blockchain technology for criminal purposes. Within the framework of the project, steps have been taken to ensure that the instruments comply with EU data protection requirements (GDPR).

With the support of TITANIUM tools, European law enforcement agencies should be better equipped to investigate crimes involving virtual currencies and markets on the darknet.

TITANIUM is one of the cybersecurity research projects in which the Federal Criminal Police Department (BKA) participated. Together with research institutions, companies and law enforcement agencies from seven European countries, BKA has developed analysis tools and technologies to support investigative work in cases where the darknet is used to commit crimes or cryptocurrencies, as a means of crime or proceeds of criminal offenses. This applies to tokens such as Bitcoin, or anonymous cryptocurrencies that are listed on

The IT forensics project, launched in April 2020, provides European law enforcement agencies with the tools they need to identify cybercriminals, even if they are operating behind the supposed anonymity of virtual currencies, according to the EU Commission project report.

Examples of such criminal offenses are ransomware attacks in which users are asked to pay a ransom in Bitcoin, as well as the use of cryptocurrencies on the black market to facilitate trade in illegal goods, data and services.

Law enforcement agencies need new data-based tools to detect, track and prosecute related cybercrimes. However, the challenge is to ensure that these new tools do not violate the fundamental right to privacy of people.

“When developing software, it is becoming increasingly important to implement complex legal requirements at the technical level at an early stage, for example, in the form of “Privacy by Design. Data protection aspects should be taken into account and implemented in the basic software concept,” said Professor Franziska Boehm, Head of the Intellectual property Rights Department at FIZ Karlsruhe, the Leibniz Institute for Information Infrastructure, one of the project partners.

TITANIUM Project Tools

As an additional partner of the TITANIUM project, Interpol participated in the development of a block chain analysis tool called GraphSense, which supports tracking cryptocurrency transactions. This tool allows investigators to search for addresses, tags, and transactions in cryptocurrency, identify clusters associated with an address, and therefore “follow the money” to help their investigations.

The Darkweb Monitor analysis tool collects data on criminal activity on the darknet and provides useful information to support police investigations around the world. The data and subsequent analysis are also designed to identify new trends, support research, and support preventive measures. These are data such as:

  • Cryptocurrency Addresses
  • Enhanced Privacy Key (PGP)
  • IP addresses
  • Usernames and aliases
  • Email address
  • Domains of the darknet trading platform
  • Darknet Forums

The tools also include:

  • Blockchain Investigator: Analysis of virtual Currency transactions
  • Cointel: an additional tool for analyzing transactions in virtual currencies
  • Wallet Investigator: Analyze data from confiscated mobile devices for tracking wallets for cryptocurrencies.
  • Deception Director: Disclosure of identification data using bait and other methods
  • Ephemeral Monitor: Analysis of operators and providers of dark markets
  • Kriptosare: a set of machine learning tools to help with analytics

As part of the project, training was conducted to facilitate the correct use of TITANIUM tools.

According to the information about the project, the tools will be available to European law enforcement agencies in accordance with the provisions of the law of the relevant legal framework. In addition, the tools will be available to interested organizations, but conditions may apply in terms of cost (for example, free trial, commercial license), use (operational use, demonstration, research, inclusion in a set of tools) and type of organization (trade, law enforcement). Some tools may be available in an open source domain.

For example, the French blockchain security company NIGMA Conseil and the Austrian Institute of Technology AIT, the largest state research and technology organization in Austria, have been working together for several months to improve blockchain analysis and anti-money laundering capabilities. The e-NIGMA platform, built on the GraphSense platform, is designed for forensic examination of open source cryptocurrencies.

The work of TITANIUM as a whole should become the basis for a future in which criminals will no longer be able to use Internet technologies and will not go unpunished, the information about the project says. With the support of TITANIUM tools, European law enforcement agencies should be better equipped to investigate crimes involving cryptocurrencies and markets on the darknet.

As a result, with the help of TITANIUM, more law enforcement organizations will have access to the tools they need to investigate such crimes more effectively and efficiently.