CipherTrace is out with a report on cryptocurrency scams and fraud. It is widely known that crypto suffers from rampant acts of theft and cons as these digital assets have become the targets of global criminals seeking an easy payday or simply to launder illicit funds.
Founded in 2015, CipherTrace was launched by entrepreneurs with expertise in cybersecurity, eCrime, payments, banking, encryption, and virtual currencies. The U.S. Department of Homeland Security Science and Technology (S&T) and DARPA initially funded CipherTrace.
The CipherTrace 2018 Q4 Cryptocurrency Anti-Money Laundering (AML) Report claims that $1.7 billion in cryptocurrency was stolen during 2018. More than $950 million was stolen by hackers in 2018, which is 3.6X more than in 2017. On top of this amount, investors and exchange users lost a minimum of $725 million in cryptocurrency in 2018 to exit scams such as fraudulent ICOs, phony exchange hacks, and Ponzi schemes.
An exit scam is a con where the promoters of an ICO fails to execute – claiming the business venture simply failed. The creators then flee with the money. The CipherTrace report states that a new breed of cybercriminals is shifting their techniques from hacking to insider jobs. It is so much easier. Criminals are becoming more adept and sophisticated in their plots of crypto fraud.
“Cryptocurrency criminal activity continues to evolve and accelerate. Fortunately, pending global legislation will hamstring many criminals, global gangs, and terrorist groups by greatly reducing their opportunities to launder,” states Dave Jevans, CEO of CipherTrace and co-chair of the Cryptocurrency Working Group at the APWG.org. “These tough new laws will drive bad actors to not only innovate but also flock to jurisdictions with weak regulatory oversight, as we have shown in earlier research. CipherTrace’s blockchain intelligence and anti-money laundering technology helps exchanges, financial services firms, regulators, and law enforcement work together to create trust in the crypto ecosystem.”
The report also outlines crypto regulations including anti-money laundering (AML) laws. CipherTrace says that by 2020 most modern economies — including the US, EU, and G20 as well as Gibraltar, Bermuda and Malta — will have deployed strict cryptocurrency AML and Know Your Customer (KYC) regulations. But cybercrooks are avoiding existing rules using devious money mixers, unregulated crypto-to-exchanges, and privacy coins. Regulators recognize the tremendous potential for innovation provided by blockchain technology but they also see the dark side of the cryptocurrency ecosystem.
Recent regulatory actions include:
- The Fifth Anti-Money Laundering Directive (AMLD5) went into effect in the EU
- The Financial Action Task Force (FATF) called for an effective global response to the AML / CTF risks associated with virtual asset financial activities.
- Japan banned privacy coins
- Malta initiated extensive AML provisioning
- US Department of Treasury’s FinCEN announced moves in the AML space
- and more
As part of the Report, CipherTrace has highlighted the Top 10 Trending Crypto Threats:
- SIM swapping: An identity theft technique that takes over a victim’s mobile device to steal credentials and break into wallets or exchange accounts to steal cryptocurrency.
- Crypto dusting: A new form of blockchain spam that erodes the recipient’s reputation by sending cryptocurrency from known money mixers.
- Sanction evasion: Nation states that use cryptocurrencies to circumvent sanctions and that has been promoted by the Iranian and Venezuelan governments.
- Next-generation crypto mixers: Money laundering services that promise to exchange tainted tokens for freshly mined crypto, but, in reality, cleanse cryptocurrency through exchanges.
- Shadow money service businesses (MSBs): Unlicensed MSBs that bank cryptocurrency without the knowledge of host financial institutions, thus exposing banks to unknown risk.
- Datacenter-scale cryptojacking: Takeover attacks that mine for cryptocurrency at a massive scale and that have been discovered in datacenters, including AWS.
- Lightning Network transactions: Enabling anonymous bitcoin transactions by going “off-chain” and now scaling to $2,150,000.
- Decentralized stable coins: Stabilized tokens that can be designed for use as hard-to-trace private coins.
- Email extortion and bomb threats: Mass-customized phishing email campaigns by cyber-extortionists using old passwords and spouse names and that demand bitcoin. Bomb threat extortion scams spiked in December.
- Crypto robbing ransomware: New malware distributed by cyber-extortionists that empties cryptocurrency wallets and steals private keys while holding user data hostage.
Crowdfund Insider reached out to Dave Jevans, CEO of CipherTrace, for some additional insight into the world of crypto-crime and acts of crypto-fraud. We asked Jevans if the lightly regulated crypto exchanges are the significant shortfall in AML/KYC and will this all change in 2019?
“Lightly regulated exchanges will improve their KYC and AML enforcement technologies in 2019. There will be an increasing level of diligence on exchanges globally,” said Jevans.
And how do Tumblers / Mixers stay ahead of enforcement?
Jevans said that mixers have shut down in the face of increasing law enforcement action. However, newer ones and larger ones have been able to evade law enforcement by very strong operational security (opsec). This enables them to hide their operations, their location, their personnel. The other is increasing technical sophistication of their mixing technologies such of the use of freshly mined coins in different pools of liquidity.
We asked Jevans if he foresees current jurisdictions of crypto preference maintaining their relevance. Jevans said that legitimate companies are moving toward better-regulated jurisdictions.
“This will take a year or two to happen. Money laundering operations will begin to focus on jurisdictions where there is weaker or no regulation or enforcement. Regulation is not effective without enforcement, so jurisdictions that can do both will thrive.”
Regarding SIM Swap fraud, one of the top ten crypto threats, this segment seems to have a simple fix. Mobile operators can simply tighten up the SIM Card provisioning and tracking. Why don’t they do this?
“Mobile operators could and should tighten up SIM provisioning, but the major hole is online and phone attacks. These are when criminals call into a mobile vendor pretending to be you, and saying that you lost your phone and need a new one,” said Jevans. “This security needs to be tightened, but it is complicated by the needs of hundreds of millions of consumers who are renewing their phones, phone contracts, and transferring accounts.”
Asked for predictions for 2019 and whether or not crypto theft and scams get bigger. Jevans warned they would.
“[Crypto] theft and scams will get bigger. There are more criminals getting into the market, and they are getting more enterprising. The good news is that cryptocurrency companies and financial institutions are learning how to harden their infrastructures. The regulatory pressures will also help to drive out crypto crime.”
You may download the CipherTrace report here.