Bad actors are scrambling to launder $1.7 billion of crypto-currency stolen and scammed in 2018.
This is according to a report published this morning by blockchain threat intelligence solutions firm CipherTrace.
The 2018 Q4 Crypto-currency Anti-Money Laundering Report adds that the bad actors need to launder their ill-gotten proceeds before tough new global anti-money laundering (AML) and counter-terror financing regulations go into effect over the next year.
Of the $1.7 billion, CipherTrace says hackers stole more than $950 million from crypto-currency exchanges and infrastructure during 2018, which is 3.6 times higher than in 2017.
It adds that cyber crooks developed ingenious new techniques to drain millions more from user accounts and wallets.
On top of that, it notes initial coin offering (ICO) exit scams, phony exchange hacks and Ponzi schemes victimised investors and crypto-currency users for almost three-quarters of a billion dollars.
"These numbers only represent the loot from crypto crimes that CipherTrace can validate; we have little doubt that the true number of crypto asset losses is much larger," says Dave Jevans, CEO of CipherTrace.
Local target
Last year, South Africans also fell victim to crypto-currency scams. In March, many South Africans fell prey to a Bitcoin scam which resulted in losses of over $50 million (R593 million).
[SODEBAR]Carel de Jager, a consultant at the Blockchain Academy, comments that since crypto-currency schemes can be marketed and traded without restrictions to any specific jurisdictions, South Africans fell for many crypto-currency-related phishing attacks along with the rest of the world.
He notes that 2018 also saw the collapse of several global Ponzi schemes, such as Bitconnect.
"Crypto-currency is a new asset class. It is built using incredible technology which will change the world forever, probably more than the Internet did," says De Jager.
"But similar to the Internet, it is decentralised, meaning that consumers have limited power when they fall victim to a scam. We all clicked, at least once, on an e-mail link to claim a large inheritance from our deceased uncle.
"But we learnt from that experience and now delete those links from our spam folders without blaming 'the Internet'. We now need to learn how to spot crypto-currency scams without blaming 'the blockchain'."
Farzam Ehsani, co-founder and CEO of VALR.com, notes: "I'm not aware of any significant breaches of any South African crypto-currency exchange last year, but this may be because we don't have very many exchanges in the country.
"However, I am aware of South African individuals who had some of their funds compromised on international crypto-currency exchanges. It is really important for consumers to educate themselves about how to safeguard their crypto-currencies. Ultimately, it comes down to understanding the risks and benefits of holding crypto-currencies."
Inside jobs
In its report, CipherTrace adds that the total dollar value of Q4 2018 thefts was lower than the number for Q3 partially due to the falling price of all crypto-currency.
In addition, it says, rather than hacks on exchanges and wallets, inside jobs began to dominate the crypto crime landscape.
"It appears that a new breed of cyber criminals steeped in computer science and fintech found it easier to commit fraud against unwitting investors and exchange users as opposed to attacking hardened IT systems," says Jevans.
"Whether it's theft by hackers or inside jobs like exit scams, criminals must launder all of these ill-gotten gains before they can spend those funds in the real economy."
CipherTrace says global gangs, terrorist groups and cyber criminals must also hide their money trails.
"These bad actors are clearly flocking to jurisdictions with weak AML and know your customer regimes, because in our Q3 report we published the results of research showing 97% of criminal Bitcoin flows into unregulated crypto-currency exchanges," says Jevans.
"While recognising the tremendous potential for innovation provided by blockchain technology, this dark side of the crypto-currency ecosystem is not lost on regulators. And 2018 saw major moves around the globe to rein in the Wild West aspect of these markets. By 2020, most modern economies will have deployed strict crypto-currency anti-money laundering regulations."
In SA, the central bank this month proposed tighter regulation of crypto-currencies in the country. Among other issues, the South African Reserve Bank wants to provide an overview of the perceived risks and benefits associated with crypto assets.
Exit scams
In total, CipherTrace says $950 million worth of crypto-currency was stolen from exchanges and infrastructure in 2018. Korea and Japan were home to most of the thefts (58%) throughout 2018.
Whereas in the first three quarters, thefts by hackers dominated the crypto crime scene, the fourth quarter was mostly about inside jobs or fraud, says CipherTrace.
It explains that the theft numbers were significantly lower in Q4, owing mostly to a lack of mega heists.
The significant price erosion of all crypto-currencies in the second half also contributed to the lower total dollar value of stolen tokens, the company says.
On top of outright crypto-currency thefts, investors lost almost three to four billion dollars from inside threats such as "exit scams" in which developers and founders absconded with ICOs or users' custodial crypto funds, and then disappeared into the night, it notes.
Consumer protection
Alan Robertson, YOU# co-founder, is of the view that the best way for consumers to protect themselves is through understanding their risks and taking steps to mitigate them as much as possible.
"For instance, limit the amount of crypto kept on exchanges and wallets, and know that when a party manages your private keys, you are as safe as their controls are.
"Keep a large proportion of your crypto in hardware wallets which do not expose your private keys. That way, you are in control of them. If you own crypto-currency and don't understand what a hardware wallet is, then you need to get onto Google immediately," Robertson concludes.
Share