Home / Archive / $950 Million Stolen from ‘Immature’ Cryptocurrency Exchanges & Wallets in 2018: Analytics Firm CEO

$950 Million Stolen from ‘Immature’ Cryptocurrency Exchanges & Wallets in 2018: Analytics Firm CEO

Last Updated March 4, 2021 2:53 PM
Christina Comben
Last Updated March 4, 2021 2:53 PM

$1.7 billion was stolen from cryptocurrency exchanges, custodial services, and in ICO exit scams in 2018. That’s a dramatic rise from the year before, despite the shrinking market. And according to the Q4 CipherTrace Cryptocurrency Anti-Money Laundering Report , that money needs to be laundered.

But here’s the kicker: with a global wave of regulations going into effect later this year, laundering cryptos will be increasingly harder to do.

CCN.com caught up with Dave Jevans, CEO of CipherTrace and co-chair of the Cryptocurrency Working Group at the APWG.org to find out what this means.

Like Taking Candy from a Baby

Of the total stolen funds in 2018, the majority came from exchanges and custodial services–more than $950 million. That was 3.6x more than in 2017–but why is this the case?

CipherTrace Q4 Report
CipherTrace Q4 Report

“Many exchanges have only been operational for two years or less. They have not invested in the security technologies and practices needed to safeguard IT systems, employees, and critical data,” Jevans explains.

“These cryptocurrency companies are at risk of having a simple file of cryptographic private keys stolen that can give the hackers $30M to $500M in profit. Yet these companies are immature in their security team funding, training and implementation.”

Jevans believes that the cryptocurrency space needs an enormous amount of infrastructure investment and education to prevent such attacks. This includes cold storage of private keys, strong anti-phishing measures including email authentication, and behavioral analytics and data sharing. “The APWG can help with this,” he says.

Anti-Phishing Working  Group, APWG, https://www.apwg.org/

He continues, “Two-factor authentication of employees and customers will also help, as well as the use of ephemeral instances to reduce attackers’ chances of getting into more machines outside the exchange.”

As well as being the founder and CEO of CipherTrace, a company that develops cryptocurrency AML, forensics, and blockchain threat intelligence solutions, Jevens holds 17 patents in computer security and cryptography. He’s also been tracking criminal activity and correlating it with the price fluctuations of Bitcoin since 2011.

New AML/CFT Regulation in 2019

By quarter three of 2019, a wave of new AML/CFT (anti-money laundering and counter financing terrorism) regulations will come into effect. This will force unregulated exchanges and custodians in all major jurisdictions to become compliant.

These regulations take the form of international standards  determined by the Financial Action Task Force (FATF), a Paris-based international organization to combat money laundering.

The new FATF rules will apply to the 38 member countries including the US, EU, and G20.

This means that onboarding customers will involve strict KYC or the business will be fined or shut down. Exchanges will also have to allow for monitoring of their services and to report any suspicious account activity.

Beyond being an inconvenience for businesses and customers (as well as a slap in the face of those who believe in financial freedom of transactions), how will this impact the criminal activity in the space? According to Jevens, the regulations will be significant.

“Criminals will increasingly be detected and rejected at compliant companies as regulations are enforced. This will force cybercriminals into the darker alleys of the Internet and the cryptocurrency ecosystem… They will be forced to use more advanced and esoteric services to launder their funds.”

Such as?

“Cybercriminals are trying to defeat anti-money laundering and crypto tracing technologies with techniques such as “crypto dusting” where they send 50,000 people a week a tiny amount of cryptocurrency that comes from a money laundering service, thus trying to taint the security tools that are used to detect it. Think of it as spamming people with dirty coins.”

Is Regulation Getting it Right?

Considering the mindboggling amount of lost funds, the lack of regulation is glaring. According to another report out today, some 60 percent of hacks may be carried out by just two groups.

In light of this, is regulation going down the right path? And what about cryptocurrency users who believe we deserve privacy with financial transactions?

“Regulation is going in the right direction with regards to protecting investors, companies, financial institutions, and governments. With regard to people who deserve privacy with financial transactions, you still have this,” Jevans argues.

“The only transactions that are today tracked by governments are those over $10,000 or those that have ties to sanctioned individuals and governments, terrorists, and known money launderers. New regulations on cryptocurrencies do not change this.

The cryptocurrency markets are growing, getting more secure, and becoming an attractive place to invest in 2019. A lot of the scams, frauds and technically poor operations and ICOs have been weeded out, or will be soon. Regulations make for a more orderly and safe market for everyone. This is coming, and it is actually a good thing.”

What About Banks and Money Laundering?

There are plenty of examples of traditional banks laundering money, and recent episodes like that of Deutsche Bank.

So why does crypto get such a hard time? Jevens doesn’t let the banks off the hook either but says it’s more like comparing apples with oranges.

“Crypto gets a hard time because it is a new form of non-governmental currency, it has little regulation, and as a percentage of money transferred, it still has a high rate of international criminal use.

SWIFT handles about $1.25 quadrillion dollars per year of transfers. About $5 trillion per day of traditional inter-bank funds transfer. So a $250B banking money laundering case that spans multiple years, is a tiny fraction.

If you want to launder $250 Billion, you should use banks.

Bitcoin, on the other hand, is more closely measured with credit cards for fraud and value transferred. Bitcoin moves about $8B per day and Mastercard moves about $11B per day.

However, Bitcoin and other cryptocurrencies, despite approaching the major credit card networks in value transfers, does not have the same security and anti-fraud controls.

So as the industry matures in 2019 and the coming years, we can expect cryptocurrencies to be much more in line with the anti-fraud and anti-money laundering numbers that we see in credit card networks and bank payment systems.”

What About Traditional Money Laundering?

But isn’t it harder to launder crypto? Something like two-thirds of US $100 bills are outside the US, isn’t that more problematic?

“It is much easier to launder cryptocurrencies on an international scale than to launder small-to-mid sized amounts of USD. This is because laundering smaller amounts of crypto internationally can be done through a myriad of services, exchanges, currency shifting services, digital walla networks, decentralized exchanges, etc.

So, smaller amounts are much more easily laundered through cryptocurrencies. But large amounts (tens or hundreds of billions of dollars or euros) are better laundered through sophisticated schemes that use existing fiat banking systems.”

Looking at the Year Ahead

Beyond international AML/CFT regulations making criminals’ lives more diffid¡cults, what else does Jevans expect from 2019? (His answers might surprise you):

“Nation states will launch their own cryptocurrencies. Nation states will exploit cryptocurrencies for evasion of sanctions. And privacy-oriented coins will need to consider AML/KYC requirements and get them implemented into their protocols.”