Crypto crime: a growing threat in 2023
2023-04-20 by Hugues Marty
The rise of cryptocurrencies has revolutionized the global financial system and given rise to a new form of crime, crypto crime. The decentralized and anonymous nature of cryptocurrencies has made it easier for criminals to commit a range of illegal activities such as money laundering, fraud, and theft. According to a report by CipherTrace, crypto crime has been on the rise, with losses due to crypto crime increasing by 40% from the previous year, reaching $10.52 billion in 2020.
Phishing, where criminals use fake websites or emails to trick users into revealing their private keys or passwords, is the most common type of crypto crime. According to the report, phishing accounted for 56% of all crypto-related crime in 2020. In some cases, criminals have even used social engineering techniques to trick victims into transferring their cryptocurrencies to them.
Crypto exchanges, which are used to buy, sell, and store cryptocurrencies, have also been targeted by criminals. In 2020, exchange hacks accounted for 15% of all crypto-related crime. Notable exchange hacks include the 2014 Mt. Gox hack, where $450 million worth of Bitcoin was stolen, and the 2018 Coincheck hack, where $530 million worth of NEM was stolen. These hacks have not only resulted in financial losses but have also eroded the trust of investors in the cryptocurrency ecosystem.
Ransomware attacks, where criminals demand payment in cryptocurrency to unlock or restore data, are another growing threat. In 2020, losses due to ransomware attacks totaled $350 million. Ransomware attacks have become more sophisticated, with criminals using advanced techniques such as double extortion, where they not only encrypt the victim’s data but also threaten to release it publicly if the ransom is not paid. Notable ransomware attacks include the 2017 WannaCry attack, which affected over 200,000 computers in 150 countries, and the 2020 Garmin attack, where the company paid a $10 million ransom in cryptocurrency to restore its systems.
Despite the growing threat of crypto crime, regulations are lagging behind. Many countries lack clear laws and regulations governing cryptocurrencies, making it easier for criminals to operate. In 2019, the Financial Action Task Force (FATF) issued guidelines on crypto regulations, but many countries have yet to implement them fully. The lack of clear regulations not only makes it easier for criminals to operate but also makes it difficult for law enforcement agencies to investigate and prosecute crypto-related crimes.
Decentralized Finance (DeFi) is a new frontier for crypto crime. DeFi platforms, which allow users to lend, borrow, and trade cryptocurrencies without intermediaries, are vulnerable to attacks such as flash loan attacks and rug pulls. In 2020, losses due to DeFi-related attacks totaled $129 million. The anonymous nature of DeFi platforms and the lack of regulation make them an attractive target for criminals.
In order to safeguard against the rising tide of crypto crime, a comprehensive set of preventative and mitigative measures can be implemented to safeguard the security and integrity of the digital economy.
- Education and awareness campaigns
Education and awareness campaigns are essential to combat crypto crime. These campaigns should target both the general public and industry professionals, as many people are still unaware of the risks associated with cryptocurrencies. In particular, people need to be educated about the prevalence of scams and Ponzi schemes in the crypto world. According to a report by Chainalysis, scams and Ponzi schemes accounted for 23.6% of all cryptocurrency crime in 2020, with losses totaling $2.7 billion.
To address this issue, education and awareness campaigns should emphasize the importance of conducting due diligence before investing in cryptocurrencies or participating in ICOs. People should also be warned about the risks of giving away their private keys or other sensitive information. This is especially important as phishing attacks targeting crypto users have become increasingly sophisticated. For example, some attackers use social engineering techniques to gain access to a user’s private keys or seed phrase.
- Stronger security measures
Stronger security measures are needed to protect crypto users from hacks and other attacks. These measures should include multi-factor authentication, encryption, and secure storage solutions. For example, some crypto exchanges now use hardware wallets to store their customers’ funds, which are more secure than software wallets.
In addition, crypto companies should implement intrusion detection and prevention systems (IDPS) to monitor their networks for signs of cyber-attacks. IDPS can detect and block attacks in real-time, reducing the risk of data breaches and other security incidents. They can also provide valuable insights into the types of attacks that are targeting crypto companies and help improve security measures over time.
- Improved regulations
Improved regulations are needed to combat crypto crime. In many countries, the regulatory landscape for cryptocurrencies is still in its infancy, which makes it difficult for law enforcement agencies to prosecute criminals. In addition, some countries have become safe havens for crypto criminals, as they have weak or non-existent regulations.
To address this issue, governments should work together to establish clear regulations for cryptocurrencies. This would help to prevent money laundering, tax evasion, and other illicit activities. For example, the Financial Action Task Force (FATF) has developed a set of guidelines for virtual asset service providers (VASPs), which includes crypto exchanges, to prevent money laundering and terrorism financing. The guidelines require VASPs to conduct customer due diligence, report suspicious activities to authorities, and maintain records for five years.
- Collaboration and information-sharing
Collaboration and information-sharing between crypto companies and law enforcement agencies are essential to combat crypto crime. Crypto companies have access to valuable data that can help law enforcement agencies to identify and prosecute criminals. For example, some blockchain analytics companies can track the flow of cryptocurrencies through the blockchain, which can help identify the individuals behind illicit transactions.
In addition, the Crypto Crime Intelligence Briefing (CCIB), launched in 2020, is a coalition of law enforcement agencies, blockchain companies, and other organizations working together to combat criminal activity involving cryptocurrencies. The CCIB provides a platform for information-sharing and collaboration, which can help to identify new threats and develop effective strategies to combat them.
- DeFi security audits
DeFi platforms are becoming increasingly popular, but they also pose a significant security risk. DeFi platforms are built on decentralized blockchain technology, which makes them more resistant to censorship and government control. However, they are also more vulnerable to hacks and other security incidents.
To address this issue, DeFi platforms should undergo regular security audits to identify vulnerabilities and prevent attacks. Audits can help identify code flaws and other security weaknesses that could be exploited by criminals. For example, in March 2021, DeFi platform Cream Finance suffered a $34 million hack due to a vulnerability in its smart contract.
- Improved cybersecurity training
Improved cybersecurity training is needed for both industry professionals and the general public to combat crypto crime. Many of the vulnerabilities in the crypto world are due to human error, such as falling for phishing scams or using weak passwords. By improving cybersecurity training, people can learn how to identify and prevent these types of attacks.
For industry professionals, cybersecurity training should be a mandatory requirement. Crypto exchanges and other companies handling large amounts of cryptocurrency should have cybersecurity professionals on staff to ensure that their networks are secure. They should also provide ongoing training to their employees to keep them up to date on the latest security threats and best practices.
For the general public, cybersecurity training should be integrated into educational programs, such as high school and college curriculums. People should be taught how to identify phishing scams, use secure passwords, and protect their private keys. By improving cybersecurity awareness among the general public, we can reduce the number of victims falling for scams and other crypto-related crimes.
- Blockchain forensics
Blockchain forensics is an emerging field that involves analyzing blockchain transactions to identify the individuals behind them. Blockchain forensics can help law enforcement agencies to track down criminals involved in crypto-related crimes. For example, in 2021, the U.S. Department of Justice seized $2.3 million worth of cryptocurrencies from a ransomware attack on the Colonial Pipeline. The department used blockchain forensics to identify the bitcoin wallet used by the attackers and seize the funds.
Blockchain forensics companies, such as Chainalysis and Elliptic, are working with law enforcement agencies to provide valuable insights into the flow of cryptocurrencies through the blockchain. This information can help identify the individuals behind illicit transactions and provide evidence for criminal investigations.
- Improved privacy
Improved privacy measures are needed to protect the identities of crypto users. While blockchain transactions are public, the identities of the individuals behind them are often anonymous or pseudonymous. This anonymity can make it difficult for law enforcement agencies to track down criminals involved in crypto-related crimes.
To address this issue, some privacy-focused cryptocurrencies, such as Monero and Zcash, use advanced cryptography to conceal the identities of their users. These cryptocurrencies use techniques such as ring signatures, stealth addresses, and zero-knowledge proofs to ensure that transactions remain private.
In addition, some crypto companies are developing privacy-enhancing technologies for bitcoin and other mainstream cryptocurrencies. For example, CoinJoin is a privacy-enhancing technology that allows multiple users to combine their transactions into a single transaction, making it more difficult for outsiders to identify the individual transactions.
- Decentralized exchanges
Decentralized exchanges (DEXs) are becoming increasingly popular as they provide users with greater control over their funds and reduce the risk of hacks and other security incidents. Unlike centralized exchanges, which hold users’ funds, DEXs allow users to trade directly from their wallets, eliminating the need for intermediaries.
In addition, DEXs are built on decentralized blockchain technology, which makes them more resistant to censorship and government control. This can be especially important in countries with weak or non-existent regulations for cryptocurrencies.
However, DEXs also pose some security risks, such as vulnerabilities in smart contracts and liquidity issues. To address these issues, DEXs should undergo regular security audits and provide liquidity pools to ensure that users can trade without experiencing significant slippage.
- Multi-Stakeholder collaboration
Multi-stakeholder collaboration is essential to combat crypto crime. This collaboration should involve law enforcement agencies, crypto companies, regulatory bodies, and other organizations working together to develop effective strategies to combat crypto-related crime.
For example, the CryptoSafe Alliance, launched in 2021, is a coalition of crypto companies, cybersecurity firms, and other organizations working together to combat crypto-related crime. The alliance provides a platform for information-sharing and collaboration, which can help to identify new threats and develop effective solutions.
Collaboration should also involve regulators and policymakers, who play a crucial role in developing policies and regulations to combat crypto crime. Regulations can help to deter criminals and protect consumers from scams and other illegal activities.
However, regulations should also be designed to foster innovation and growth in the crypto industry. Heavy-handed regulations can stifle innovation and drive the industry underground, making it more difficult for law enforcement agencies to track down criminals.
Crypto crime is a growing problem that poses significant risks to the crypto industry and its users. However, there are steps that can be taken to combat this problem, including increased cybersecurity measures, improved privacy, and decentralized exchanges.
Blockchain forensics and multi-stakeholder collaboration can also provide valuable tools for identifying and combating crypto-related crime. Ultimately, the key to combating crypto crime will be to develop effective policies and regulations that protect consumers while fostering innovation and growth in the industry.