Recent years have demonstrated the growing reliance of cryptocurrency by terrorist organizations attempting to counter and avoid the traditional counterterrorism financing measures in place by regulatory services. The online nature of fundraising based on social media, such as telegram, has revealed the significant rise and role in digital currency to allow these terrorist groups, such as Hamas, Hezbollah, the Islamic State Khorasan (ISK) , the Taliban, IS and the Palestinian Islamic Jihad to fund their activities.
A brief history of crypto as a tool for terrorism
In 2016, former CIA counterterrorism analyst Yaya Fanusie discussed the emergence of social media fundraising campaign in 2015 by a Gaza-based Jihadist group, which, by 2016, were asking for bitcoin donations via QR codes shared on twitter. The campaign, ‘Jahezona (‘Equip Us) is perhaps the first instance of a verified terrorist group involving themselves in digital currency as a means to solicit donations. The campaign called for worldwide Muslims to donate funds, and showed images and graphics of the group’s desired weaponry. This attempt seemingly inspired other group’s efforts to solicit digital donations, such as Malhama Tactical, a private military Jihadist group in Northwest Syria who began fundraising on X and Telegram in June 2018. It appears that as recently as February 2024, Malhama Tactical has continued campaigning, with a New York woman convicted of sending Bitcoin to the terrorist group.
Also in 2016, the Ibn Taymiyya Media Center - associated with the Mujahideen Shura Council in Gaza - began soliciting Bitcoin donations, raising about $9,000 by 2018. Some of these donations were traced back to the non-compliant exchange BTC-e, which had aliases tied to groups like ISIS.
Another very early example of cryptocurrency used to solicit donations for terror is the case of the American teen, Ali Shukri Amin, who gave ISIS supporters advice on how to conceal financial donations via bitcoin, while also guiding supporters on how to travel to Syria to join the terror group.
Over time, in order to evade detection groups have been creative in their masking of digital currency transactions. In 2020, French police arrested a terror financing network sending
Groups have since pivoted towards privacy-focused cryptocurrencies like Monero, which can obscure specific information and the source of a transaction, in attempts to further evade counterterrorism financing measures. Neo-nazi terrorist groups and white supremacists have also relied on Monero, such as the group Order of Dawn who used it to buy guns.
Other evasion techniques have included an increase in cryptocurrency activities by terrorist groups in the regions of West Africa and Central Asia - India and Nigeria have interestingly become the world’s largest adapters of cryptocurrency.
The role of digital currency in Terrorist Financing has grown exponentially, in parallel with the growth of its popularity as a whole. After October 7 2023, The Israeli Defence Ministry claimed it had seized virtual wallets linked to Hamas that received $41 million between 2019 and 2023, and tracked $94 million in cryptocurrency raised by the PIJ. Between 2021 and 2023 alone, Israel ordered 18 Administrative Seizure Orders.
Available at - https://nbctf.mod.gov.il/en/Minister%20Sanctions/PropertyPerceptions/Pages/Blockchain1.aspx under ‘Annex of the Seizure Order - Wallet Details’.
We have seen in recent months an effort by the regulatory authorities, via private lawsuits, to clamp down on industry individuals who are complicit in terror activity on their platforms. Changpeng Zhao, founder of Binance, was sentenced to prison and faced a lawsuit worth ‘billions of dollars’ in 2024 after it was ruled that he knowingly provided cryptocurrency services to the terror group Hamas, helping to finance the October 7th assault.
Reports as recent as February 2024 report that the NBCTF disclosed the amounts in USD donated to various designated terrorist organisations via the TRON blockchain. The approximate amounts are reportedly $2.3 million to Hamas, $29 million to DUBAI Co. for Exchange, $87 million to PIJ and a staggering $2.364 billion to Hezbollah. TRON’s terror ties have been reinforced by the investigation of Justin Sun, founder of Tron, who, when approached about the popularity of Tron among malicious users, allegedly extended his ‘great appreciation to everyone in our industry who is contributing to the widespread adoption of cryptocurrency.’
Additionally, Israel’s National Bureau for Financing (NBCTF) froze 143 Tron wallets from July 2021 to October 2024.
Why cryptocurrencies appeal to terrorists:
Crypto’s anonymity: In the case of the Jahezona incident in 2016, the traced transactions and blockchain data collected of the donations suggests that the organizers were skilled crypto users with a strong grasp of techniques to preserve anonymity. For example, the users used platforms to cash out finances or obfuscate the origin and destination of funds. It suggests that bitcoin appealed to illicit actors due to the anonymity of the transactions, despite the transparency of blockchain data.
Additionally, privacy coins such as Monero are utilized by terrorists to ensure untraceability. These privacy coins use cryptographic techniques to obscure transaction details, including sender and receiver addresses and amounts that are transferred.
Global reach and unrestricted borders: Cryptocurrency enables instant, cross-border transactions with little to no feeds. Illicit actors can quickly move funds globally unrestricted, without the need for formal institutions like banks. Transactions can even be made to regions where banking infrastructure is weak or unavailable, which is particularly enticing to terrorist groups operating from unstable areas without standard financial systems.
Utility on Dark Web Markets: Since cryptocurrencies are commonly used on the dark web, it is a suitable means to use for transactions to pay for weapons, materials or other supplies of interest without being easily detected by traditional financial monitoring systems.
Resilience against seizure: Unlike bank accounts or assets that are tied to physical infrastructure, cryptocurrencies and their digital nature means that as long as private keys are not compromised, funds are difficult to seize or block. This is relevant even when authorities are aware of a wallet’s existence, and builds up another layer of protection against law enforcement.
NOMINIS: insights and analysis:
Growth of bitcoin in particular regions: The growth of terrorist crypto transactions in India and Nigeria poses difficulties in detecting illicit activity. The lack of comprehensive enforcement and the growth of peer-to-peer platforms, which lack restrictions, means that the terrorist financing transactions take place alongside multiple other unregulated transactions. The regulatory ambiguity of these states, where the regulatory environment is evolving, means that there is little clarity about what is officially illegal or forbidden. Both states experience high transaction volumes and an increase in users seeking to take advantage of a regulation-lacking system.
Seizures and sanctions as a response: The Israeli defense ministry’s seizing of a significant amount of cryptocurrency of Hamas and PIJ indicates this tool used by States to hinder the progress of non-State terrorists. These actions demonstrate that while cryptocurrencies provide anonymity, blockchain technology’s transparency makes tracking feasible with advanced tools. These seizures disrupt financial flows, increasing operational difficulties for terrorist groups. However, sanctions are reactive - they cannot prevent new wallets or platforms from being created. This also means it is critical to map entire wallet ecosystems to preemptively disrupt new channels.
The shift to privacy-focused cryptocurrencies: The shift from Bitcoin and Tether to privacy coins like Monero signifies the growing understanding of cryptocurrency transactions among the malicious actors. The threat of Monero is the ability to hide transaction details, such as the sender, receiver and amount, and includes techniques such as stealth addresses and ring signatures, which make the traditional blockchain analysis ineffective.
There is real potential for the terrorist adoption of privacy coins to outpace the current countermeasures of counter terrorism financing in the crypto security space. Therefore, the development of advanced analytics, that can correlate off-chain activities and IP addresses, is absolutely critical. There should also be a press for increased regulation of privacy coins and incentives for transparency.
Blockchain mixers and address-shielding techniques: Blockchain mixers are leveraged by terrorists to obscure transactions, making it more difficult to trace these illicit funds. Mixers such as Tornam Cash work by pooling funds from multiple users, shuffling them, and returning equivalent amounts, breaking the links between the senders and recipients. This successfully hides the origins of funds. Similarly, address shielding blocks core wallet addresses by generating temporary wallet information, making them harder to identify and blacklist.
It is critical for intelligence companies to develop algorithms to aid exchanges in identifying malicious actors on their platforms, with just partial or fragmented data of transactions and links between nodes.
How to best address and combat the evolving nature of terrorist financing tactics
The changing form of terrorist reliance on cryptocurrency suggests that this will only increase with time, parallel to the increasing role crypto is playing in wider society.
Their exploitation of digital currencies, and obvious attempts to use more educated techniques to mask their transactions, demonstrates that they are trying to outprogress the technological advances made in the compliance world to counter terrorist financing. In order to successfully outpace terrorists in their growing reliance on digital currency, the Web3 space must address these evolving challenges.
Ensuring Regulatory Compliance: Utility of compliance tools that enable cryptocurrency exchanges, banks, and fintech firms to comply with Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) regulations can prevent terrorist attempts to make transactions, dissuading them from using your platform for fear of being blacklisted or identified. Additionally, by constant screening of clients’ transactions and wallet addresses in real-time, and utilising the Know-Your-Customer framework, companies prevent their involvement in terror financing, protecting reputational and financial assets.
Addressing Evolving Challenges: To tackle the rise of privacy coins and mixers and the difficulties they pose, exchanges should utilise specialized tools developed by threat intelligence companies to analyze off-chain activities (for example on the web and dark/deep web) and follow the money trail, even when obfuscation techniques are used.
Behavioral Analytics: Terrorist groups often display recurring transaction behaviors, such as small, frequent transfers (smurfing) or the use of mixing services. It is possible to analyze these patterns and flag high-risk transactions that look suspicious.
Collaboration with Regulators and Law Enforcement: Sharing data and findings of illicit transactions between threat intelligence companies, exchanges, and regulators can help to develop a more secure Web3 space, with a more efficient method to detect and prevent terrorist financing via cryptocurrency.
While we strive for accuracy in our content, we acknowledge that errors may occur. If you find any mistakes, please reach out to us at pr@nominis.io. Your feedback is appreciated!