How do Criminals Finance their Activities in the Metaverse?

Due to its risk-generating nature, challenges, and cybercrime, the Metaverse fosters criminal innovation against security and stability, namely its decentralized composition and its maintenance of anonymity and discretion. These potentials, when exploited, help criminals engage in innovative activities not only to carry out cybercriminal activities but also to finance their illegal operations. In this chapter, we explore the modalities and methods used by criminals to generate and launder funds, as well as the regulatory gaps exploited in this process of cybercrime.

1. Ransomware attack and extortion process

Ransomware, in its traditional definition, is well-established and widely used by criminals to target online objectives and take sensitive personal or public data hostage. This type of attack, according to our observations, transcends into the Metaverse by targeting valuable virtual assets, such as NFTs, real estate in the Metaverse, and user accounts by taking them hostage through the encryption of their input and access data and demanding sums in cryptocurrency as ransom to return the encrypted data to their original owners (Katterbauer et al., 2022). The Metaverse offers cybercriminals fertile ground to develop these activities, and the potentials offered by this emerging technology are likely to constitute a considerable advantage in circumventing regulations and deterrent procedures. The examples that show us how these attacks proliferate in the Metaverse are numerous, such as Decentraland’s Bug Bounties, the Axie Infinity attack, and the hack of NFTs and crypto games, which are the most recent and dangerous examples of 2022, effectively targeting virtual assets (Alawadhi, 2023).

Criminals in the Metaverse also resort to other cunning activities to achieve their criminal goals and interests. Extortion is one of these widespread activities in the Metaverse and can threaten the integrity of users, regardless of their nature. Individuals and businesses are the most well-known targets of extortion, and they are threatened with the disclosure of their sensitive information if they do not pay the demanded ransoms. The Metaverse facilitates the spread of these illicit activities and operations, whose criminals’ identities are always protected by the virtual principles of anonymity and decentralization, making efforts to deter and secure this space a distant mission (Wu et al., 2022). As confirmed by Masjedi (2023), the examples of extortion are numerous and very varied, but the point of difference between his vision and the previous one is that the author wants to shed light on the new, relevant, and significant recent processes and activities, such as the attack on Discord servers by extortionists to steal valuable assets.

2. Fraud and the conversion of forms of virtual assets

A series of cyberattacks spreading in the Metaverse, taking on fraudulent and scamming forms. Cybercriminals in the Metaverse target their victims after infiltrating servers and databases, stealing access credentials to log in as owners and commit fraud and scam activities in their name or even steal their virtual assets. These criminals can also cause major disruptions in virtual economies by causing disturbances and severe damage, using online products that allow the creation of fake profiles and counterfeit data to carry out fraudulent investments (Wu et al., 2022).

These fake profiles and information diverted for fraud and scamming purposes can be used to serve more complex objectives. The conversion of virtual assets is one of these discussed forms where criminals can convert funds collected illicitly or even stolen from unknown sources into legal assets in the Metaverse by purchasing virtual land or legally developing or investing in NFTs (Lin et al., 2023). Criminals, taking advantage of the potentials already discussed, can conceal and hide the origin of their funds by creating criminal expertise for other criminals wishing to exploit the Metaverse for their criminal purposes and avoid financial surveillance and control. Security agencies are unable to deter these activities and intercept them all when the Metaverse supports the development of these activities by providing specific potentials that help money laundering to develop in an unexpected and dangerous manner (Team, 2023).

Social networks, as networks for the flow of information with little control and surveillance, constitute ideal platforms for criminals to carry out peer-to-peer transactions by buying or selling virtual assets. Social networks, through certain products they offer to users and potential users, in terms of fund and money transfers, cryptocurrency purchases, investments in the virtual world, etc., allow criminals to use these capabilities offered by social networks to conceal illicit funds and disguise the origin of these transactions, thus rendering the interventions of intergovernmental or even internal organizations, which seek to enforce law and security in the virtual world, ineffective (Lin et al., 2023). It should be noted that in these criminal processes within social networks, cryptocurrencies remain the most predominant means for carrying out criminal activities. Although the latter presents unlimited advantages for users, it remains the ultimate means of harm (Barrett & Lynch, 2020).

To diversify the methods of financing criminal activities in the Metaverse, criminals also use cryptocurrencies to facilitate payments and transfers, as cryptocurrency transactions evade the control and surveillance mechanisms applied by certain security agencies. And in addition to the discretion regarding the origins and sources of transactions, cryptocurrencies also offer criminals efficiency and speed to evade border controls and surveillance imposed by global instruments to organize the global financial order. However, despite the advantages of cryptocurrencies for criminal activities, there is still an Achilles’ heel in their circulation and transaction activities, which investigators and cybersecurity experts can track if international institutions put more effort and resources into developing investigative and surveillance tools (Wu et al., 2022).

REFERENCES

Katterbauer, K., Syed, H., & Cleenewerck, L. (2022). Financial cybercrime in the Islamic Finance Metaverse. Journal of Metaverse, 2(2), 56–61. https://doi.org/10.57019/jmv.1108783

Alawadhi, I. M. (2023). Future Cybercrimes in the Metaverse. In Advances in digital crime, forensics, and cyber terrorism book series (pp. 24–32). https://doi.org/10.4018/979-8-3693-0220-0.ch002

Lin, K., Wu, J., Lin, D., & Zheng, Z. (2023). A survey on metaverse: Applications, crimes and governance. In 2023 IEEE 1st International Conference on Metaverse Communications and Networking (MetaCom) (pp. 541-549). IEEE. https://doi.org/10.1109/MetaCom57706.2023.00097

Masjedi, Y. (2023, July 6). These 11 New Discord Scams Can (and Will) Steal Your Data. Retrieved from https://www.aura.com/learn/discord-scams

Team, C. (2023, August 17). Bitfinex Hack Money Launderers Plead Guilty. Retrieved from https://www.chainalysis.com/blog/bitfinex-hack-plea-july-2023/