A new report by Chainalysis suggests that the way in which “illicit cryptocurrency” is being transferred and cashed out is rapidly evolving, continuing a trend toward use of “underground laundering services” and away from centralized exchanges. The shift is thought to be due to evolved blockchain analysis and anti-money laundering measures put in place by such exchanges, as well as the threat of seizures of crypto funds deemed illicit by the IRS.

Chainalysis found that two big seizures of funds accounted for almost $7 billion alone in 2022, with $3.6 billion recovered from the 2016 Bitfinex hack and $3.36 billion seized from the 2012 Silk Road hack. This amounts to more than double what was taken in by the IRS in 2021.

The report also mentioned that darknet market vendors and admins were unlike other categories of “crypto criminals” in that they did not usually send their funds to centralized exchanges but rather other darknet markets that offered laundering services, somewhat similar to those supported by Hydra when it was in operation.

As an example of the disparity in centralized exchange use, the report found that just 21 deposit addresses accounted for 50% of all ransomware funds sent to centralized exchanges whereas the top 21 addresses with funds deposited from darknet markets accounted for just 18% of that category’s total.

Among sources of “illicit cryptocurrency” that was sent to mixers like Blender.io, ChipMixer and Tornado Cash in 2022, darknet markets was the second largest after stolen funds, accounting for approximately 6.3% of all illicit funds received by mixers. Other such sources and their share of mixer funds include fraud shops (2.3%), ransomware (3%), scams (2.7%), cybercriminal administrators (0.4%), and sanctioned entities (0.2%).

One of the report’s most intriguing findings was that just four centralized exchange deposit addresses accounted for $100 million in deposits from “illicit” cryptocurrency sources.