Cryptocurrency Fraud is Evolving; Bitcoin ATMs Mitigate Risk
In one of the more overlooked aspects of the crypto ecosystem,
it appears that the bulk of illicit activities are shifting from hacks and thefts to cryptocurrency fraud and scams. CipherTrace, the crypto-surveillance, and analysis firm released a report at the end of Q4 2019 that revealed hacks and thefts had decreased by 66 percent in 2019 while fraud and misappropriation of funds surged by 533 percent. And beneath the COVID-19 hysteria of 2020, hacks in the crypto sector have been eerily isolated. Outside of a few exploited flaws in P2P exchanges and DeFi flash loan vulnerabilities, the headline-grabbing hacks of exchanges for hundreds of millions of dollars have been absent so far this year. Is the industry due for another massive hack, or are stringent KYC/AML processes, regulatory crackdowns, better security practices, and blockchain surveillance working?
KYC/AML Improvements Are Reducing the Appeal of Crypto Exchange Laundering
2020 is far removed from the no-KYC wild west days of the early-mid 2010s where anonymous altcoin casinos preponderated and the Dark Underbelly of Cryptocurrency Markets thrived. Today, bitcoin and the crypto ecosystem is becoming institutionalized with a surfeit of derivatives (e.g., options, futures, perp swaps, etc.) available on regulated exchanges.
Most of the leading exchanges adhere to the demands of the regulatory regimes in their locales, whether they be in the US or some more obscure locations like Seychelles. Conventional wisdom would indicate that the growing adherence to stricter KYC/AML enforcement has reduced the appeal of major crypto exchanges for money laundering — a sentiment mirrored by CipherTrace’s most recent report. Many exchange venues are also embedding self-regulatory procedures into their business models. For example, exchanges are increasingly tapping blockchain surveillance companies to avoid regulatory ire when it comes to money laundering, regulators are dealing out enforcement dictates for AML compliance, and regulatory arbitrage is becoming harder for exchanges to manage. Even more grassroots access venues to crypto assets, like Bitcoin ATMs, are fully regulated under US KYC/AML laws. For example, Bitcoin ATM provider, Bitcoin of America (BOA), with more than 250 locations in 17 states, is a registered Money Services Business (MSB) with the Treasury Department. And the company’s compliance standards have already proved fruitful in mitigating fraud at a high level.
For instance, in one case in September 2019, a BOA customer placed an online order for $500k in BTC. The transaction size raised the compliance level (e.g., identification requirements, etc.) along with increased scrutiny on the transaction by the team. Upon closer examination, the BOA team discovered that the customer had a restitution order against him in the state of California for a previous fraud scheme. BOA personnel subsequently notified the corresponding FBI office and alerted the agency that the transaction may be used to circumvent the restitution order. The FBI issued a seizure warrant for the funds, distributing to the victims of the previous scam. Bitcoin of America and other alternative fiat-to-crypto exchange services have strict command over fraud prevention. Wires and online transfers require ID And other personal info that increases in tiers in lockstep with the transaction amount increases. As the avalanche of KYC/AML processes continues to take the exchange market by storm, exchanges become less appealing for hackers.
Gone are the days of absconding with $500 million anonymously. Exchanges thoroughly identify users withdrawing sizeable amounts, and blockchain surveillance companies like CipherTrace can trace and blacklist stolen assets on public blockchains. As a result, crypto hackers have turned into crypto fraudsters, or maybe fraudsters simply have their moment to shine. For example, debacles like QuadrigaCX, where roughly $200 million was “misplaced” by the founder, count as fraud. With reduced incentives for third-parties to maliciously steal funds from an exchange due to surveillance risks, inside jobs are becoming more commonplace. Inside jobs may be the new normal, especially when you consider the vastly improved security practices of most industry exchange venues.
Better Security Practices are Forcing Hackers to Get Creative
Unsurprisingly, many of the biggest crypto exchange hacks are inextricably linked to poor security standards of exchanges. Lousy security practices ranged from storing significant sums of customer deposits in hot wallets to a lack of multi-signature authorization for large withdrawals. Times are different now. Regulated custodians like BitGo are widely tapped by many of the leading exchanges, and self-custody digital asset management platforms like Ledger Vault are rapidly becoming the new standard. These services offer secure multi-signature authorization mechanisms, deep cold storage, and other conditional flows required to mitigate any potential exogenous threats to pilfer customer funds. Hackers are acutely aware of this dilemma. Naturally, they have shifted focus to DeFi hacks like the BZx attack. Flash loan attacks are likely to become the new normal as they essentially allow hackers to capitalize with massive sums at little cost. However, zooming out, DeFi liquidity pools and protocols contain vastly fewer aggregates of assets than their centralized exchange counterparts.
Hackers will have to get creative probing DeFi KYC protocols, but the days of repetitive strings of high-profile centralized exchange hacks may be waning. That’s a net positive for the industry. Inside jobs are likely to continue in popularity, however, but that’s no different than the legacy financial world. Fraud is much more commonplace in banking that overt hacks on banking security layers, which may end up reflecting the new standard in the crypto ecosystem. Either the lack of headline-snatching hacks in 2020 is portending that we’re due for another big one, or KYC/AML processes and better security practices are working well. If that’s the case, look for more QuadrigaCX scandals than CoinCheck-style hacks.
Article Produced By