Start your day with intelligence. Get The OODA Daily Pulse.

In our recent post on crypto fraud relative to fraud in the traditional fiat monetary systems, we encouraged our readers to think very critically about the perceptions of and narratives about the instrinsic value of cryptocurrency and the blockchain technologies on which they are based. In the shadow of the Hamas attack on Israel, TRM Labs has released a report on how Hamas uses crypto – which also moves the narrative away from the FTX collapse and the Sam Bankman-Fried trial as the central organizing principle in the perception of the future cryptocurrency.  Details here.

In Wake of Attack on Israel, Understanding How Hamas Uses Crypto

TRM Labs is a blockchain intelligence company that helps financial institutions, crypto businesses and government agencies detect and investigate crypto-related financial crime and fraud. 

From the TRM Labs report: 

On Saturday October 7, 2023, the Gaza-based terrorist group Hamas launched a wide scale attack on Israel, launching thousands of rockets and, according to reports, killing more than 700 Israelis. While the use of cryptocurrency for fundraising and other terrorist financing activity remains relatively low compared to traditional fiat currency, there will be an increased focus on cutting off Hamas’ ability to raise and move funds in the coming days and weeks.

Fundraising efforts since the October 7 attacks

TRM has identified a number of fundraising efforts since the war began. For example, Gaza-based group GazaNow, which is actively supporting Hamas, is soliciting donations using a cryptocurrency address. The address, which was first active in August 2021, has received nearly $800,000 in total and less than $5000 since Saturday’s attacks. 

On October 9th, GazaNow announced that they were suspending their public fundraising efforts, directing supporters to reach out through personal messaging. An admin of the campaign would then provide a link to a fundraising campaign on Instagram. Within minutes that campaign was suspended as well. Another fundraising campaign called “Tofan al-Aqsa” – the name of the Hamas operation – is also soliciting donations through its Twitter account. As of the time of writing, the campaign has failed to raise significant funds.

Image of “Tofan al-Aqsa” fundraising campaign

Image Source:  TRM Labs

In addition, on October 10, the cyber branch of the Israel Police’s Lahav 433 announced the seizure of cryptocurrency accounts belonging to Hamas. According to the Israeli Police, Hamas had been using accounts to raise money on social media since Saturday’s attacks. Lahav 433 is working with the Defense Ministry, Shin Bet, and other intelligence agencies in the effort to shut down cryptocurrency channels that terrorist groups are using. According to reports, cryptocurrency exchange Binance cooperated with Israel in locating and shutting down the accounts.

Hamas: The first terrorist organization to use cryptocurrency

Since at least early 2019, the Izz-Al Din-Al Qassam Brigades, Hamas’ military arm, has attempted to use cryptocurrencies as an alternative fundraising method to support its military operations. Hamas initially tested cryptocurrency fundraising by soliciting Bitcoin donations on its Telegram channel before shifting to direct fundraising on its website, alqassam.net

In August 2020, the United States Department of Justice (DOJ) announced the global disruption of three terror financing campaigns including the seizure of cryptocurrency accounts associated with al-Qassam Brigades.

U.S. and Israeli authorities target Hamas’ use of cryptocurrency

Over the last few years, Israel’s National Bureau for Counter Terror Financing (NBCTF) has repeatedly targeted Hamas’ use of cryptocurrency, seizing dozens of cryptocurrency addresses with tens of millions of dollars in volume, controlled by entities affiliated with Hamas. These include Gaza-based businesses such as Dubai Co. For Exchange, al-Muhtadon, al-Mutahadun For Exchange and al-Wefaq Co for Exchange. The overwhelming majority of the funds seized have been Tether on the Tron network. 

The Hamas, Hezbollah, and Iran connection

Israeli authorities have also seized addresses belonging to other groups supporting the attack on Israel. In July 2023, the NBCTF announced a seizure order of dozens of addresses linked to the group Palestinian Islamic Jihad (PIJ) who announced that they are participating in the ongoing attacks including through the holding of hostages.  A week earlier, the NCBTF seized millions of dollars worth of cryptocurrency belonging to the Lebanese terrorist group Hezbollah and Iran’s Islamic Revolutionary Guard Corps’ (IRGC) Quds Force. 

For the full report from TRM Labs, go to this link

What Next?

From the TRM LAb report: 

Looking Ahead

“As the digital world rapidly evolves, so too do the methods employed by groups like Hamas to finance their operations. The Israeli National Bureau of Counterterrorism Finance’s recent seizures show both just how sophisticated these fundraising campaigns have become and law enforcement’s ability to track, trace and seize funds. TRM will continue to support its partners in Israel and across the world in stopping the use of cryptocurrencies to fund acts of terrorism.”

Terrorist Networks Will Continue to Use Cryptocurrency and Blockchain Technologies to Finance Operations and for Technology Operations

Terrorist networks and other criminal organizations have increasingly shown interest in using cryptocurrency and blockchain technologies to finance their operations due to the perceived anonymity and decentralization these technologies offer. While traditional financial systems are subject to regulations and oversight, cryptocurrencies provide a degree of anonymity, making it challenging for authorities to trace transactions and identify the individuals involved. Here are some ways in which terrorist networks exploit these technologies:

  1. Anonymous Transactions: Cryptocurrencies enable pseudonymous transactions, where users can conduct financial activities without revealing their real-world identities. Terrorist organizations exploit this anonymity to fund their operations discreetly, making it difficult for law enforcement agencies to track the flow of funds.
  2. Decentralized Exchanges: Decentralized cryptocurrency exchanges allow users to trade digital assets without the need for a central authority. Terrorist networks can use these platforms to exchange cryptocurrencies, making it challenging for authorities to monitor or regulate these transactions.
  3. Privacy Coins: Certain cryptocurrencies, known as privacy coins (e.g., Monero, Zcash), offer enhanced privacy features that obscure transaction details, including sender addresses and transaction amounts. Terrorist networks can use privacy coins to obfuscate their financial activities, making it nearly impossible to trace transactions on public ledgers.
  4. Crowdfunding and Initial Coin Offerings (ICOs):  Terrorist organizations can exploit crowdfunding platforms and ICOs to raise funds for their operations. They can create fraudulent projects or campaigns, enticing supporters to contribute cryptocurrencies without revealing their identities.
  5. Use of Tor Network:  Terrorist networks often use the Tor network, which provides anonymous internet access, to access cryptocurrency wallets, exchanges, and marketplaces without revealing their IP addresses. This additional layer of anonymity makes it challenging for authorities to track their online activities.
  6. Decentralized Applications (DApps):  Blockchain technology enables the development of DApps, which operate on decentralized networks. Terrorist networks can use DApps for communication, coordination, and file sharing without relying on centralized servers, making it difficult for authorities to monitor their digital activities.
  7. Smart Contracts: Blockchain-based smart contracts allow automated and self-executing agreements without intermediaries. Terrorist networks could potentially exploit smart contracts for various purposes, including fundraising, escrow services, or the execution of pre-defined tasks.
  8. Cybercrime and Hacking: Terrorist organizations may engage in cybercrime activities, such as ransomware attacks or cryptojacking, to obtain cryptocurrencies illegally. These ill-gotten funds can be used to finance their operations without drawing attention to traditional financial transactions.

Governments and international organizations are increasingly aware of the risks associated with terrorist financing through cryptocurrencies. Efforts to combat this issue include enhanced regulations, monitoring of cryptocurrency exchanges, collaboration between law enforcement agencies and blockchain analytics companies, and public awareness campaigns to educate individuals about the risks associated with supporting terrorism through digital currencies.

Additional Resources

Networked Extremism: The digital era enables extremists worldwide to collaborate, share strategies, and self-radicalize. Meanwhile, advanced technologies empower criminals, making corruption and crime interwoven challenges for global societies. See: Converging Insurgency, Crime and Corruption

Bitcoin’s Momentum: Bitcoin seems unstoppable due to solid mathematical foundations and widespread societal acceptance. Other cryptocurrencies like Ethereum also gain prominence. The Metaverse’s rise is closely tied to Ethereum’s universal trust layer. See: Guide to Crypto Revolution

Geopolitical-Cyber Risk Nexus: The interconnectivity brought by the Internet has made regional issues affect global cyberspace. Now, every significant event has cyber implications, making it imperative for leaders to recognize and act upon the symbiosis between geopolitical and cyber risks. See The Cyber Threat

Ransomware’s Rapid Evolution: Ransomware technology and its associated criminal business models have seen significant advancements. This has culminated in a heightened threat level, resembling a pandemic in its reach and impact. Yet, there are strategies available for threat mitigation. See: Ransomware, and update.

Daniel Pereira

About the Author

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.