Ethereum has recently undergone a historic Merge event in September, which has transformed it into a proof-of-stake blockchain. This entails validators staking their Ether (ETH) to confirm transactions. Ethereum’s March upgrade, known as Shanghai, has enabled stakers to withdraw their locked Ether. Ethereum’s investment themes include decentralized finance (DeFi), stablecoins, Bitcoin (via wrapped versions of BTC), and non-fungible tokens (NFTs). The network also offers fixed-income assets following the upgrade.
In broad terms, there are various ways of making money with or through Ethereum, and these can be categorized into investment themes such as DeFi, stablecoins, BTC, and NFTs. The Shanghai upgrade introduced fixed-income assets, with Ethereum’s staking yield indicating the risk-free rate of the crypto ecosystem.
In traditional finance, yield is one of the key pillars. An increase or decrease in yield leads to a rise or fall in the perceived risk of other financial assets. As a result, movements in the benchmark rate established by the United States Federal Reserve are frequently used to inform investment decisions. Compliance professionals use trends in the risk-free rate to identify irrational movements of funds in capital markets, as these fund flows may be attempts to launder money. The rationale behind this is that launderers of illicit funds don’t actively pursue financial gains like regular investors, as the sole aim of money laundering is to obscure the trail of dirty money.
Ethereum’s Shanghai Upgrade and Crypto Forensics
With Ethereum’s staking yield serving as the risk-free rate of the crypto ecosystem, the Shanghai upgrade may have boosted the state of crypto forensics. In traditional finance, financial crime risk is managed using automated systems that alert institutions to the potential illicit use of financial assets. While data scientists design and deploy models to flag suspicious transactions, investigation teams must still assess the resulting leads and determine whether Suspicious Activity Reports (SARs) need to be filed.
A significant difference between forensics for traditional finance and crypto is that the latter focuses more on the criminal entity than the activity itself. In other words, investigators analyze networks of crypto wallets to identify transfers of criminal assets.
Money laundering occurs in three phases: placement, layering, and integration. For crypto assets, it is convenient to design solutions to detect the placement of illicit assets. This is because most laundered money originates from crypto-native crimes such as ransomware attacks, DeFi bridge hacks, smart contract exploits, and phishing schemes, where the perpetrator’s wallet addresses are readily available. Once a crime has been committed, relevant wallets are monitored to examine asset flows.
In contrast, forensic experts working for a bank, for example, have no visibility into the offense, such as human or drug trafficking, cybercrime or terrorism, when criminal proceeds are injected into a bank’s ecosystem. This makes detection extremely difficult. Hence, most Anti-Money Laundering (AML) solutions are designed to identify layering.
To design solutions to detect layering, it is critical to think like criminals, who create complex flows of funds to obscure the money trail. The classic approach to exposing such activity is to identify irrational movements of assets since money laundering does not aim to generate profit.
Ether’s post-Shanghai staking yields provide benchmark interest rates for crypto, allowing us to formulate baseline risk-reward structures. With this information, investigators can systematically identify financial behavior that contradicts trends in the benchmark rate. For instance, an address or group of addresses that points to an entity that consistently takes high risk while earning below the risk-free rate might suggest fraudulent activity that should be investigated.
Transaction surveillance architecture can be used to identify the wash trading of NFTs, where multiple market participants collude to carry out several NFT trades to layer criminal assets or manipulate prices. This activity would raise a red flag since the vast majority of these transactions are not intended to generate profits.
Similarly, in a scenario where DeFi protocols are being used to layer proceeds of terrorism, detecting irrational asset movements can provide substantial leads to investigators, even without knowledge of the actual crime.
The rise of Ethereum’s staking yield and the Shanghai upgrade have significant implications for crypto forensics. The ability to detect suspicious activity in crypto is less than ideal, partly due to its extreme price volatility. The volatility makes static risk thresholds ineffective and can enable money laundering to go undetected. Once Ethereum sets a benchmark rate, it will provide a means of establishing baseline rationality for fund flows and spotting outliers. As the crypto market shifts toward DeFi ecosystems, forensic teams must increase their capabilities to investigate complex fund flows across diverse protocols without prior knowledge of the source of criminal assets.