Investing in cryptocurrency is an increasingly popular way to build wealth, and fraudsters have become some of its most loyal adopters. With the crypto market now worth over $3 trillion, the industry represents massive opportunities for gains—and losses.
The recent Securities and Exchange Commission announcement of crypto regulations and the Department of Justice’s latest crypto seizure shed light on exactly how much money and risk is at stake behind the seemingly-open doors of crypto exchanges.
In early April, the SEC shared new plans to expand investor protections and begin regulating crypto exchanges. These plans come on the heels of a $3.6 billion seizure of cryptocurrency by U.S. law enforcement in February, which was the department’s largest financial seizure in history. While specifics around the SEC’s regulations have yet to be disclosed, it showcases that the federal government is taking steps to ensure that crypto will not be a safe haven for cybercriminals to commit fraud.
The complicated money laundering process unearthed in the DOJ seizure shows just how difficult it is to “wash” stolen crypto. The fraudsters charged with the crime used fake identities to set up online accounts, leveraged programs to automate transactions, and spread the stolen funds across various exchanges and dark web markets through “chain hopping.” Despite these sophisticated and complex efforts, once the currency began exchanging hands, it became evident on the publicly-accessible blockchain.
The case was solved in part due to proactive outreach from and cooperation between crypto exchanges and federal authorities. With crypto already falling under increased regulation from agencies like the IRS and SEC, we could see increased requirements for crypto companies from law enforcement as well, such as mandating proactive reporting. The ramifications of this crypto bust and the new SEC regulations should be a wake-up call for crypto exchanges, reinforcing the need to focus on identifying and proactively stopping fraud.
Cryptocurrency is under fire
Valued at a whopping $5.5 trillion, the fintech industry experienced tremendous growth in recent years, creating a perfect high-return environment in the eyes of fraudsters. According to a recent report, account takeover fraud exploded across fintech by 850% from 2020 to 2021, with the vast majority of attacks concentrated in crypto and digital wallets. Chainalysis also reported that crypto scammers took home a record $14 billion in cryptocurrency in 2021, a 79% increase from 2020.
So why the increase in attacks? As consumers traded in their physical bank branches for digital-first financial services and alternative payments like cryptocurrencies, fraudsters preyed on the lack of consumer education, the absence of sufficient fraud controls, and the regulatory limbo associated with crypto. Fraudsters know that crypto offers both immediately redeemable value and the potential for long-term profit. The many investors who are not cautious enough, or not willing to store their crypto in more secure ways, make these crypto exchanges prime targets—especially if only protected by a username and password.
From a fraudster’s perspective, crypto makes for an optimal target because the transactions are quick and irreversible. If a fraudster takes over a legitimate user’s account on an exchange and liquidates the balance, there is little that the exchange can do to fix the situation other than to take a loss, which they are not guaranteed to do.
Why crypto companies must prioritize fraud prevention
The transparency of the blockchain makes it difficult for fraudsters to get away with their crimes forever––all it takes is one mistake to reveal their real identity, at which point that mistake is part of the public, permanent blockchain record. However, the real challenge for exchanges doesn’t lie in catching these cybercriminals post-attack, but in preventing them from happening in the first place.
Fraudsters will continue to leverage automation to commit attacks at scale, and expose new vulnerabilities within crypto exchanges to exploit. Any crypto company without a plan in place to proactively prevent fraud and account takeovers at scale is at a distinct disadvantage. Businesses cannot risk tarnishing trust with traders. Just 5.6% of the U.S. and UK population trust cryptocurrency as a safe investment, and one instance of fraud can break down existing trust. With the right strategy and technology in place, crypto companies can better detect fraudulent signups, stop unauthorized transactions, and defend trusted accounts from suspicious sessions.
How to strengthen crypto fraud controls
With cryptocurrency threats on the rise, the SEC’s regulations are welcome, but these preliminary regulations will only act as a baseline to protect businesses and consumers. Crypto companies must go beyond regulations to proactively invest the right resources to prevent a growing volume of hacks and fend off fraudulent behavior. The last year alone saw a 200% uptick in digital wallet abuse and a 140% increase in crypto exchange abuse.
Now is the time for crypto organizations to respond. Adopting a layered approach to fighting fraud can help ensure end-to-end protection, including verifying customers on the front end and monitoring account behavior with fraud prevention solutions bolstered by machine learning on the back end.
Companies that utilize anti-money laundering (AML) regulations and know-your-customer (KYC) solutions help make the crypto space safer and more reliable. Another wise security precaution is to provide options for customers to secure their own assets, such as enabling, or even requiring, multi-factor authentication (MFA). MFA requires multiple methods of verification to confirm a user’s authenticity, combining independent credentials such as a password, mobile push notification, or fingerprint.
It’s also an important practice to talk to customers about fraud. Explaining and warning against common scams creates transparency and shows how much the business values consumer education. Companies can establish a firm barrier against fraudulent activity by providing guidance on how customers can keep their online activity safe, along with reinforcing their own efforts to keep accounts secure. Ultimately, the responsibility lies with businesses to ensure trust in their platforms.
