Cryptocurrency transactions may have taken a hit in 2022 with the onset of a bear market.

But criminal activity continued to thrive, with an estimated $20 billion in cryptocurrency transactions last year related to stolen funds, terrorism financing, darknet markets, digital ransoms and other scams, according to the blockchain analysis firm Chainalysis Inc.

That compares with $18 billion in 2021, according to the company’s researchers, who said they believe the total amount in 2022 will continue to grow as additional criminal endeavors are uncovered.

The company, which is based in New York, analyzes blockchain transactions by mapping cryptocurrency wallet addresses and tracing them to real-world entities. The annual report on crime, released Thursday, doesn’t include doesn’t account for money that was laundered through cryptocurrency services, nor does it include transaction volumes associated with crypto firms that collapsed last year.

Thieves have become adept at exploiting digital vulnerabilities, conducting heists that resulted in more than $3 billion in losses last year.

“I was surprised at how hacking remained so persistent,” said Kim Grauer, head of research at Chainalysis. “I would have thought it would have trended down.”

The report concluded that criminal transactions continue to account for just a small amount of overall cryptocurrency activity, at just 0.24% last year.

Its publication followed a Chainalysis blog, published Monday, that attempted to assess the impact on sanctions by the US Treasury Department on cryptocurrency services that allegedly facilitated cybercrimes or other illicit activity. Chainalysis concluded that sanctions have had varying success.

Researchers compared the impact of sanctions on Hydra, once the largest darknet market, Garantex, a cryptocurrency exchange, and Tornado Cash, a mixer allegedly used by North Korea to launder stolen crypto.

According to Chainalysis, the location of a crypto service’s servers played an important role in eliminating money laundering, as did cooperation between governments and the technology upon which some of the services were built.

The sanctioning of Hydra was effective because its server was based in Germany, which shut down the service in cooperation with the US last year, Chainalysis determined. Authorities alleged that Hydra sold hacking tools and drugs and was used to launder money through affiliated cryptocurrency exchanges.

In contrast, the sanctioning of Garantex didn’t work out so well, according to Chainalysis. Although Garantex, which was designated at the same time as Hydra, is no longer considered a legitimate exchange, Russia hasn’t enforced sanctions on the service and its transaction volume increased post designation, the report found.

Tornado Cash, one of the most popular services to obfuscate crypto transactions, has continued to partially operate despite sanctions. However, Chainalysis found activity dropped 68% immediately after it was designated. Tornado Cash’s website has been taken down but its underlying, decentralized infrastructure continues to run.

A spokesperson for the US Treasury Department declined to comment.

This article was provided by Bloomberg News.