Terrorist organizations are increasingly involved in the crypto sector and are exploiting the development of blockchain technology to raise funds and avoid detection by authorities.
Elliptic found that major terrorist groups such as al-Qaeda, Hamas’s al-Qassam Brigades and the Islamic State are using cryptocurrencies for an increasing range of purposes. These include sanctions evasion, cybercrime, extortion, investment trading, public fundraising and internal transfers of value.
We have observed terrorist financing in more than 30 cryptoassets, including decentralized finance (DeFi) management tokens and stablecoins. Most importantly, extremist organizations have distanced themselves from the use of Bitcoin, highlighting the importance of law enforcement agencies being able to access multi-asset tracking capabilities, like those provided by Elliptic.
Our analysis revealed that most terrorist groups and individuals are now increasingly using Tether (USDT) stablecoin, although the number of means from which terrorist financing can originate continues to diversify.
Public fundraising
Probably the most common form of crypto-based terrorist financing involves soliciting donations through social media channels or dedicated pages by providing a single, dedicated wallet address for crypto donations.
Our research found that public fundraising initiatives have raised anywhere from a few hundred to over $100,000 in cryptocurrencies.
Our research also revealed a link between the use of cryptocurrencies and geopolitical events. For example, wallets linked to the Palestinian Islamic Jihad (PIJ) organization appear to correlate with the escalation of conflict between Israel and militants in the West Bank and Gaza.
We also found that donor campaigns are adapting to a series of high-profile terrorist wallet seizures launched mainly by the United States and Israel since 2020. While some groups – such as al-Qassam – have suspended their campaigns due to increased risks, others have clouded their activities by accepting only privacy-enhanced cryptocurrency donations.
However, crypto donations through crowdfunding campaigns still make up a small share of terrorism financing.
Scams and dark web activity
Using our forensic investigation tool – Elliptic Investigator – we can display a number of wallets associated with several major terrorist groups that send and receive funds from a range of sources. These include sellers of stolen credit cards, dark web markets, Ponzi schemes and crypto investment scams.
Such activity reflects the involvement of terrorists in alternative means of earning. The connection between terrorist financing and credit card fraud has already been reflected in numerous seizures and criminal cases in the United States and the United Kingdom.
Elliptic Investigator chart showing extremist groups receiving funding from a range of sources.
DeFi trading and investing
Although the use of DeFi by terrorist actors is rarely seen, one particular case study – involving the use of this technology by one of the most successful terrorist entities operating in the cryptospace – highlights this risk and offers insight into how DeFi technology could be exploited. in the future.
One particular website that we chose to anonymize accepts funds from addresses that show high engagement with DeFi protocols, suggesting that most of the incoming assets are not donations, but income from investments by the site administrator(s).
Indeed, over 21% of their assets on the Ethereum and Binance Smart Chain (BSC) blockchains originate from decentralized exchanges, with accounts containing a range of DeFi-specific stablecoins and assets.
In total, the site has over $300,000 in incoming cryptoassets, with $51,000 coming from Solana (SOL). The site’s wallet balance shows that she made an additional $10,000 in profit just from investing in Solana. Trading revenues are generated and monetized through various centralized exchanges or held in stablecoins, including over 250,000 USD coins (USDC).
Elliptic Investigator chart showing crypto trading activity and interactions with decentralized exchanges.
Crypto mining
Extremist groups use crypto mining for a number of purposes, such as evading sanctions and financing terrorism.
Iran – which funds groups involved in terrorism such as Hezbollah and its own Islamic Revolutionary Guard Corps (IRGC) – has turned to cryptocurrency mining to circumvent sanctions.
Meanwhile, blockchain analytics show that wallets listed as belonging to an individual named under the NBCTF seizure warrant targeting Hamas have received over $12,000 in cryptocurrency from at least three major funds.
A complex web of transactions shows mining proceeds from three mining pools ending up at an address linked to Hamas.
Conclusion
Our research can support law enforcement investigators in identifying and addressing the latest techniques used by terrorist groups to evade detection and raise funds.
Furthermore, as terrorists experiment with new and obscure crypto tokens, outdated verification procedures that cover only conventional assets have a greater chance of missing terrorist financing. Extremist organizations continue to seek new ways of monetizing or concealing funds that support terrorist activities through chain skipping of funds.
Fortunately, Elliptic’s Holistic screening capabilities enable tracking of every transaction across the entire crypto ecosystem to gain a truly holistic view of risk in a multi-asset world. This allows law enforcement to better detect the source of funds used to support terrorist activities.
Elliptic gave law enforcement agencies exclusive access to the report. If you are a law enforcement officer and would like to request a copy, please email vlada@elliptic.co using your law enforcement or government email address.
Sanctions Compliance with the law