While President Donald Trump’s goal of making the United States “The Crypto Capital of the World” is laudable, cybersecurity experts warn that the pursuit will have unintended consequences. They include a proliferation of tech-enabled strategies, such as Fraud-as-a-Service (FaaS).
AU10TIX chief business development officer Ofer Friedman said such attention draws fraudsters for one simple reason – they go where the action is. As the space draws more action, that activity will include heightened fraud.
History warns us to be prepared
It’s already happening. In 2024’s fourth quarter, nearly 25% of identity fraud attacks targeted cryptocurrency. This comes as AI deepfakes, digital injections, and other tech-enabled tactics enable lower-skilled criminals to conduct expansive fraud through FaaS. These one-stop shop services can be quickly and easily deployed.
Friedman cited precedent to support his belief that the crypto industry should better protect itself. Government approval brings legitimacy and assuages the uncertain, drawing more into the activity.
Before the United States re-sanctioned online gambling, lotteries, and casinos in 2018, the market was worth less than $5 billion. Today, it approaches $30 billion and is projected to reach $35 billion by 2028. Between 2019-2023, online sports betting surged fourteen-fold to $113.9 billion.
Such numbers are catnip for criminals. Give them easy access to deepfake generators, botnets, phishing kits and Dark Web marketplaces full of stolen data, and it’s easy to predict what comes next.
AU10TIX detected one attack spanning APAC, EMEA, LATAM, and North America. It targeted payments, crypto and social media with 4,580 unique permutations of the same ID template that suggested FaaS involvement.
FaaS among the rapidly evolving fraud tools
Friedman has worked in cybersecurity for two decades, and he’s never seen fraud evolve as quickly as it is today. AI allows criminals to create realistic-looking pictures and even digital conversations as they seek to open accounts and otherwise gain access to coveted information. FaaS developers even know which companies use which detection strategies, so they can improve clients’ chances of a successful penetration.
The ability to randomize is crucial to success. Friedman said technology simplifies that process to the point that it’s hard to accurately determine how much fraud is happening because some is hard to detect.
Why crypto will be increasingly targeted
One certainty, though, is that fraudsters will increasingly target cryptocurrencies. Valuations are volatile and prone to manipulation. Now that it seems on the cusp of legalization, more will also be drawn in.
“Once a government makes it legal, it’s a vote of confidence, not just something you would be punished for,” Friedman said. “You should expect lots of people who were not the early adopters and not the risk takers to start. So you can expect the snowball, and with it, obviously, the fraud, because the snowball will increase the price.”
New investors seeking to get rich quick in an industry with a suspect reputation for security. What could possibly go wrong?
This is where the pros separate from the amateurs. Many of the latter will try the front door or target low-value victims. The former patiently seeks weaknesses in solid profit centers.
Friedman said some criminals seek to exploit recruitment and registration processes. Some, including groups traced to North Korea, apply for work with American companies. They use AI-generated audio and video in an attempt to evade authentication processes.
This can be easier with crypto firms, with their standard automated onboarding processes. Those with real-time onboarding practices are also vulnerable. FaaS only makes it easier.
The good and bad of digital identities
Do digital identities offer a solution? Yes and no. Asynchronous keys are needed to release the data, and that deters many, especially amateurs.
However, there are two loopholes. Someone still needs to issue the digital ID. While it’s hard to do, fakes are getting better, and some could avoid detection. Once you’re in, you’re in good.
Better security at account opening will drive fraudsters to softer targets, like servicing existing customers. Defences are down, and it becomes easier to exploit.
“So what those digital IDs will do is enable fraudsters to whitewash fraudulent identities, make them digital, and from that point on, they can get wherever they want,” Friedman said. “On the other hand, it will push many who do not have the skills or the dare to do that, to commit fraud in real-time in video conversations with support, for example.”
Friedman said the volume of attacks and their constant evolution as they seek to avoid detection make it useless to train detection systems on what has already fooled them. Fraud occurs during account opening and customer service. It can lie in wait for years before striking.
The only solution is a multi-layer defence that makes it as hard as possible for fraudsters to succeed. Companies like AU10TIX also look for anomalies in data traffic for signs of suspicious activity. There is no magic, guaranteed solution.
“It’s an evolving situation,” Friedman said. “It’s an arms race.”