Cybercrime is frequently portrayed as an unprecedented phenomenon driven by technological innovation and the digitisation of exchanges. However, framing it as a radical disruption obscures a structural continuity with pre-existing criminal economies. The cyber dimension alters operational modalities—accelerated transfers, proliferation of intermediaries, cross-border fragmentation—yet remains embedded in a broader set of illicit practices involving corruption, money laundering, exploitation of regulated professions, and asymmetries in judicial cooperation. Cybercrime should therefore not be approached as an autonomous sector but rather as a component of a multi-actor criminal ecosystem, whose coherence relies on the circulation, transformation, and legitimisation of illicit financial flows.
“To put it briefly, there is no terrorist organisation without financing, no trafficking without money laundering, no corrupters without the corrupted, no tax evasion without state complacency, and so on; moreover, globalisation has intertwined all these threats, making them mutually dependent.”
Jean de Maillard (26 June 2021) Conference: 25 Years After the Geneva Appeal
Adaptation Rather Than Rupture
Since the first computer viruses of the 1970s, criminal activities have incorporated digital infrastructures without altering their fundamental objectives. This evolution reflects less the emergence of novel forms of crime than the exploitation of new vulnerabilities, enabled by technical disintermediation, the global dissemination of attacks (ransomware, fraud), and heightened media visibility of the resulting harm.
Empirical analysis remains constrained by limited consolidated data. In France, fewer than 1% of reports received by TRACFIN[1] result in actionable intelligence, highlighting informational fragmentation and the difficulty of capturing aggregated mechanisms underlying illicit financial flows. In this context, analysing the underlying processes—rather than merely quantifying the phenomenon—proves more heuristic.
Crypto-Assets: Adoption Driven by Liquidity Rather Than Anonymity
Although crypto-assets occupy a central role in ransomware payments, their significance is often misinterpreted. Criminal actors do not predominantly favour privacy coins, despite their design emphasising confidentiality; instead, they rely heavily on stablecoins, valued for their liquidity and the speed with which captured value can be accessed. This preference suggests that the primary objective is not concealment but the efficient and secure conversion of illicit gains.
This dynamic is reinforced by certain non-cooperative states which, by obstructing or delaying judicial action, provide environments conducive to the consolidation of illicit flows. These jurisdictions host professional laundering networks—lawyers, notaries, real-estate brokers—exploiting gaps in international cooperation to reinvest capital in opaque sectors such as property markets, the art trade, or offshore commercial infrastructures.
Interpreting Cyber-Laundering Through Merton’s Economic Functions
The classical typology of money laundering (placement, layering, integration) describes the stages of transforming illicit funds but is less suited to understanding the operational criteria underpinning criminals’ strategic choices. An alternative approach consists in analysing these choices through the six functions of financial intermediation defined by Robert C. Merton[2].
This functional perspective characterises not institutions, but the economic roles performed by intermediaries, whether legal or illicit. Three functions are particularly salient in the cyber context:
- Exchange of goods and services: conversion of ransoms and fraudulent proceeds into legitimised financial assets.
- Pooling of funds: commingling of illicit and licit flows through tangible or electronic assets.
- Transference across time and space: multi-jurisdictional fragmentation and accelerated circulation.
When financial volumes become significant at a local scale, additional functions gain importance: risk management, the production of credible information, and the construction of an economic narrative compatible with observable levels of transactions. Italian mafia organisations offer a paradigmatic case, wherein criminal structures partially substitute state functions and generate legitimising narratives.
Towards Integration Into Multi-Product Criminal Organisations?
The economic trajectories of cybercriminal activity indicate a progressive shift from opportunistic operations to increased sophistication of financial mechanisms. In early phases, the primary functions identified by Merton—immediate liquidity and rapid conversion—prevail, particularly in ransomware attacks. These appear to be reaching a plateau in aggregate revenues, while cyber-fraud, more diffuse and industrialised, continues to expand, driven by the outsourcing of technical competencies and task segmentation.
This evolution suggests a potential integration into multi-product criminal organisations characterised by diversified activities, reinvestment capabilities, and territorial anchoring. However, this integration remains incomplete due to three factors:
- A perception of low legal risk, reducing incentives to join structured networks.
- An abundant supply of laundering services, accessible even to small-scale actors, limiting the need to internalise such capacities.
- Marginalisation by traditional criminal organisations, partly due to the media visibility of cybercrime and its association with state-linked interference strategies.
Implications: Targeting Economic Functions
Consequently, addressing cybercrime cannot be reduced to the regulation of technological infrastructures. It requires intervention targeting the economic functions of financial intermediation that structure and organise professional laundering networks (financial institutions, notaries, lawyers, real-estate agents, etc.). The issue extends beyond neutralising tools: it involves disrupting criminal value chains and the economic incentives that sustain them.
Written by Paul Labic. Laboratory for theoretical and applied economics (BETA), CNRS UMR 7522. Associate researcher at the research lab of the French police academy (ENSP)
[1] TRACFIN “Intelligence Processing and Action Against Clandestine Financial Circuits” is a service of the French Ministry of Finances. It fights money laundering.
[2] Merton, R. C. (1995). A Functional Perspective of Financial Intermediation. Financial Management, 24(2), 23–41. https://doi.org/10.2307/3665532
