ACFCS Cryptocrime Workshop Takeaways Day One: Bitcoin-fueled Ransomware ransackers run amok, but more banks, virtual asset firms working together to fight back

The Skinny:

  • After a Crypto Crash Course Wednesday, ACFCS kicked off its official start to its two-day “Cryptocurrencies and Cryptocrime Workshop,” where hundreds of professionals in the public and private sectors tackled some of the current challenges and historical vulnerabilities tied to the roiling and rollicking virtual value sector.
  • Day one included practical takeaways and relevant insight from former and current federal investigators, bank and crypto exchange compliance leaders, regulatory and watchdog bodies and more from around the world, including the United States, India, Canada, Europe, Latin America and other regions.
  • The most high-profile example was the Colonial Pipeline ransomware attack, halting the operation and causing gas prices to soar, and even shortages in some Southeast states. News agencies later reported the company paid millions in Bitcoin to get access back to locked systems. 
  • But these groups are fighting back. Banks and crypto firms are more aggressively using Patriot Act Section 314(b) to share information on potential threat actors and trends across ecosystems, swimming together data, addresses and transactions from multiple exchanges to put all the pieces of the illicit financial crime puzzle together.

By Brian Monroe
bmonroe@acfcs.org
May 20, 2021

After a Crypto Crash Course Wednesday, ACFCS kicked off its official start to its two-day “Cryptocurrencies and Cryptocrime Workshop,” where hundreds of professionals in the public and private sectors tackled some of the current challenges and historical vulnerabilities tied to the roiling and rollicking virtual value sector.

Day one included practical takeaways and relevant insight from former and current federal investigators, bank and crypto exchange compliance leaders, regulatory and watchdog bodies and more from around the world, including the United States, India, Canada, Europe, Latin America and other regions, illuminating what criminals are doing and detailing the latest compliance countermeasures to stop them.

One of the biggest challenges is that virtual Assets, like Bitcoin, Monero Zcash and others, sit at the nexus of many different technological, legal and compliance frameworks, with some countries categorizing them as a property, others a security or commodity, and, finally, a currency.

Speakers noted the connection between the domain of digital value – which has fallen roughly 50 percent in recent days under the weight of pressure from China and wavering support from Tesla founder Elon Musk – and cyber-enabled fraud, like ransomware and other cyber hack attacks.

The most high-profile example was the Colonial Pipeline ransomware attack, halting the operation and causing gas prices to soar, and even shortages in some Southeast states. News agencies later reported the company paid millions in Bitcoin to get access back to locked systems.

Some key takeaways from the first day:

  • Banks and crypto firms are using Patriot Act Section 314(b) to share information on potential illicit actors and operations.
  • As well, many crypto exchanges are working together with each other to share information on potential threat actors and trends in their own ecosystem, swimming together data, addresses and transactions from multiple exchanges to put all of the pieces of the illicit financial crime puzzle together.
  • Some 70 percent of banks banking crypto exchanges don’t know it because the exchange changed its name to “look more benign. They are disguising themselves because they know their business may not be welcome at your institution,” said Joe Ciccolo, founder of BitAML.
  • How are most illicit groups stealing Bitcoin? From hacks and other cyberattacks against crypto exchanges and even co-opting insiders. One illicit group even created their own fake crypto trading firm, complete with social media connections and executive bios.
  • The relatively new U.S. Treasury tactic of naming Bitcoin addresses on the blockchain tied to sanctioned and blacklisted entities and region is working, even though illicit groups can try to change the coin address. Why? Blockchain analytics firms can watch the movement of funds and trace it back to the larger organized criminal groups in control.
  • Former law enforcement professionals highlighted the vital importance and growing focus on public-private partnerships (PPP), and the three-legged stool – banks, law enforcement and blockchain analytics and forensics firms – getting a stronger ally in foreign investigative agencies tag teaming to take down cyber-enabled and crypto-fueled international hack and smash syndicates.