ACFCS Cryptocrime Workshop Takeaways Day Two: With crypto value surge, pandemic scams, ransomware attacks, more banks, exchanges reporting on aberrant activity

The Skinny:

  • After two days of learning and a crash course to set the foundation for learning, ACFCS’ “Cryptocurrencies and Cryptocrime Workshop,” is in the books. The dynamic, interactive event done in partnership with blockchain analytics heavyweight Chainalysis was crafted to take some of the mystery and fear out of the notoriously volatile virtual value sector, bolster compliance and innovate on investigations.
  • Day two covered a broad ambit of tips, tactics and techniques to better tie the seemingly random strings of letters and numbers on a transparent, immutable yet enigmatic blockchain back to individuals, businesses and entities engaged in fraud, money laundering and organized crime.
  • Day one included practical takeaways and relevant insight from former and current federal investigators, bank and crypto exchange compliance leaders, regulatory and watchdog bodies and more from around the world, including the United States, India, Canada, Europe, Latin America and other regions, including the growing need for stronger public-private partnerships locally and globally.
  • As well, even as the virtual value space gains more legitimacy and mainstream acceptance, risks abound. With the value of Bitcoin and other crypto coins reaching record heights – Bitcoin itself in recent months has flirted with $60,000 and a $1 trillion market cap – more individuals and companies are jumping aboard the hype train. But so are criminals, scammers and fraudsters.

By Brian Monroe
bmonroe@acfcs.org
May 24, 2021

After two days of learning and a crash course to set the foundation for learning, ACFCS’ “Cryptocurrencies and Cryptocrime Workshop,” is in the books.

The dynamic, interactive event done in partnership with blockchain analytics heavyweight Chainalysis was crafted to take some of the mystery and fear out of the notoriously volatile virtual value sector, bolster compliance and innovate on investigations.

The event saw dozens of speakers and sessions engage hundreds of professionals in the public and private sectors to analyze and scrutinize some of the current challenges and historical vulnerabilities in the crypto sector, the related exchanges – where digital and fiat converge and convert and vice versa – and brick-and-mortar banks.

Day two covered a broad ambit of tips, tactics and techniques to better tie the seemingly random strings of letters and numbers on a transparent, immutable yet enigmatic blockchain back to individuals, businesses and entities engaged in fraud, money laundering and organized crime – and an overarching acknowledgement that as crypto’s value has risen, so has interest from criminals of all stripes.

Here are some takeaways from Day Two:

More money, more problems

With the value of Bitcoin and other crypto coins reaching record heights – Bitcoin itself in recent months has flirted with $60,000 and a $1 trillion market cap – more individuals and companies are jumping aboard the hype train. But so are criminals, scammers and fraudsters.

One law enforcement official stated that last year, financial services firms filed some 500 suspicious activity reports (SARs) tied to potential illicit virtual asset activity, representing $800 million, in just one month.

This year, in the same month period, financial institutions filed more than 800 SARs representing a value of some $3.4 billion in aberrant crypto transactions in one month. Even so, the estimated overall percentage of illicit crypto is less than fiat, 1.3 compared to 1.8 percent.

Less mystery, more transparency – except when it comes to holding accounts

From the perspective of law enforcement, and the classic financial services sector, virtual asset service providers (VASPs) have taken great strides toward transparency.

Many of these operations have opened up their compliance programs and processes to scrutiny to their banking connections – in the desperate hope to keep accounts and prevent an unceremonious de-risking.   

Not surprisingly, speakers also concluded that if you’re a financial institution, even if you say you “don’t bank crypto,” you’re still an off-ramp and a gatekeeper for illicit crypto.

Many crypto exchanges create fake names and don’t tell banks they are engaged in crypto transactions, putting more pressure on fincrime compliance teams.  

Privacy does not always equal criminal activity

Even so, many speakers noted that the crypto sector is more nuanced, with the majority of actions and actors engaged in perfectly legal activity.

In short: move away from monolithic views of crypto risk. Banks holding crypto exchange accounts need to take a refined risk-based approach to act as a gatekeeper – but it can and is being done.

But, even at just a percent of illicit virtual asset activity, equating to billions of dollars, there are criminal groups, narco traffickers, cyber-enabled fraudsters and sanctions evaders looking to use the “pseudo-anonymous” aspect of crypto for their own gain.

How to fight them: Surprisingly, some of the approaches should be low-key and old school – so don’t reinvent the wheel, but know the details. Criminal typologies and red flags are broadly similar in crypto and fiat, with important distinctions based on the technology and user behaviors.

As one attendee said: “You still have to do old school cop work. In your investigations, look for leads in the real and virtual worlds. The tech is going to change and your skills are going to have to flow with the technology.”

Day One Snapshot: More sharing under 314(b), but more needed through PPPs

Day one included practical takeaways and relevant insight from former and current federal investigators, bank and crypto exchange compliance leaders, regulatory and watchdog bodies and more from around the world, including the United States, India, Canada, Europe, Latin America and other regions.

One of the biggest challenges for the crypto space is its nebulous nature.

Some of the biggest names in the sector, like Bitcoin, Monero Zcash and others, sit at the nexus of many different technological, legal and compliance frameworks, with regions, regulators and watchdog groups differing on what they actually are: a property, a security, commodity or a currency – or some mix of all of the above.

Worse off, these coins – while potentially created to be a boon for all of existence – in some instances has become a bane, beset by illicit groups will ill-intent.

Speakers noted the connection between the domain of digital value – which has fallen roughly 50 percent in recent days under the weight of pressure from China and wavering support from Tesla founder Elon Musk – and cyber-enabled fraud, like ransomware and other cyber hack attacks.

The most high-profile example was the Colonial Pipeline ransomware attack, halting the operation and causing gas prices to soar, and even shortages in some Southeast states. News agencies later reported the company paid millions in Bitcoin to get access back to locked systems.

But these groups are fighting back.

Banks and crypto firms are more aggressively using Patriot Act Section 314(b) to share information on potential threat actors and trends across ecosystems, swimming together data, addresses and transactions from multiple exchanges to put all the pieces of the illicit financial crime puzzle together.

Some key takeaways from the first day:

  • Banks and crypto firms are using Patriot Act Section 314(b) to share information on potential illicit actors and operations.
  • As well, many crypto exchanges are working together with each other to share information on potential threat actors and trends in their own ecosystem, swimming together data, addresses and transactions from multiple exchanges to put all of the pieces of the illicit financial crime puzzle together.
  • How are most illicit groups stealing Bitcoin? From hacks and other cyberattacks against crypto exchanges and even co-opting insiders. One illicit group even created their own fake crypto trading firm, complete with social media connections and executive bios.
  • The relatively new U.S. Treasury tactic of naming Bitcoin addresses on the blockchain tied to sanctioned and blacklisted entities and region is working, even though illicit groups can try to change the coin address. Why? Blockchain analytics firms can watch the movement of funds and trace it back to the larger organized criminal groups in control.
  • Former law enforcement professionals highlighted the vital importance and growing focus on public-private partnerships (PPP), and the three-legged stool – banks, law enforcement and blockchain analytics and forensics firms – getting a stronger ally in foreign investigative agencies tag teaming to take down cyber-enabled and crypto-fueled international hack and smash syndicates.

Even with many large exchanges working with law enforcement and trying to bring fincrime compliance countermeasures up to international standards, other crypto-tinged operations are just hanging on by a thread – and a tenuous grip on their bank account relationship.

Some 70 percent of banks banking crypto exchanges don’t know it because the exchange changed its name to “look more benign. They are disguising themselves because they know their business may not be welcome at your institution,” said Joe Ciccolo, founder of BitAML.