In Chapter 3 of our “Fraud Fighters Manual for Fintech, Crypto, and Neobanks,” Kevin Yang of Nibiru explores the current state of cryptocurrency fraud, including why crypto attracts fraudsters, how to protect crypto assets, and why regulating the digital frontier is essential.
In this edition of Fraud Fighters Manual: Community Insights, we expand on these insights, examining the best practices for detecting and preventing fraud related to crypto assets and why teams shouldn’t wait for regulators to set up a crypto fraud program.
According to Pamela Clegg, Vice President of Crypto Investigations and Risk at CipherTrace, “as of the start of Q2 2023, reporting and data indicates that cybercriminals targeting cryptocurrencies experienced a significant decrease in successful exploits, with hacking incidents dropping by 70% when compared to the same period in 2022.” Despite this decline in successful breaches, the impact of crypto fraud is still significant, with the top 10 crypto hacks and exploits of 2023 totaling $471.2 million.
One of the main driving factors of this is inconsistent—or non-existent—regulations. As Kevin Yang points out in Chapter 3 of our Fraud Fighters Manual, crypto is “like the Wild West right now because people can get attacked by somebody on the other end of the world with no jurisdiction, law enforcement, or extradition. That makes it a playing ground for fraudsters.”
Crypto fraud prevention is paramount, especially considering this technology—and the anonymity that comes with it—makes it really easy for people to get away with money laundering or fraud. But, as we’ll discuss, most of this fraud isn’t actually any different from traditional fraud methods Fintechs and FIs are already dealing with.
Let’s start by looking at the difference between crypto fraud and crypto scams, after which we’ll analyze some of the top methods for preventing crypto threats.
Crypto Fraud vs Crypto Scams
As we cover in our Fraud Fighters Manual, crypto fraud and crypto scams—while commonly used interchangeably—aren’t the exact same thing. As Pamela Clegg puts it, “crypto fraud must involve some on-chain movement, transactions on the blockchain.”
Essentially, crypto fraud (or virtual asset fraud) involves on-chain activity, while crypto scams refer to off-chain activity involving cryptocurrency.
Pratik Zanke from PayMate echoes this sentiment, saying crypto fraud “refers to fraudulent schemes or activities that exploit vulnerabilities or deceive individuals in the cryptocurrency ecosystem.” Examples include fake ICOs, Ponzi schemes, pump-and-dump schemes, and fake wallets and exchanges.
These involve cases where fraud is committed through the use of cryptocurrency or by finding exploits in cryptocurrency exchange or storage systems.
Pratik states that crypto scams “encompass a broader range of fraudulent activities related to cryptocurrencies. It includes all kinds of deceptive practices, not just limited to financial fraud.” Examples include social engineering scams, fake airdrops and giveaways, impersonation scams, and investment scams.
In these cases, crypto assets could be stolen, but crypto technology is rarely part of how the fraud is actually perpetrated, with fraudsters instead tricking victims into voluntarily turning over their crypto assets. The method of deception is often not unique to crypto assets in any way, as is the case with crypto fraud.
According to Pamela Clegg, “just because something is called a crypto-scam or crypto fraud, does not automatically mean that it would be unique to crypto activity or that it even touches cryptocurrency in the same way.” For example, consider a criminal that uses “cloned credit cards to purchase crypto at a cryptocurrency exchange. The fraud perpetrated here was credit card fraud, not crypto fraud.” In this case, the “crypto was just the asset acquired thanks to the credit card fraud. This is not crypto fraud and the traditional AML or transaction monitoring system at the bank or credit company should pick up on the red flags for those credit card purchases.”
This is a blessing and a curse to fraud fighters. While it may be harder to isolate fraud related to crypto (as it’s committed in the same way), teams already have the skills—and tools—to fight crypto-related fraud.
Fraud Detection and Prevention Strategies Suited to Crypto Fraud
Crypto and fiat—whether many people know it or not—are inherently linked, especially in the modern economy. Modern customers exchange fiat to crypto, and often convert crypto back to fiat at some point (although they may make other transactions and purchases between that time).
While there are fraud strategies that exploit vulnerabilities in crypto technology, such as hacking wallets or exchanges, many strategies are actually non-financial in nature, such as account takeover, fake ICOs, and other investment scams, romance scams, and other social engineering scams.
As Pamela Clegg says, when we think of crypto fraud, “we immediately think the ‘crypto’ part of that phrase is the vulnerability, but that’s rarely the case.”
She goes on to say that “any fraud occurrence that ends with stolen crypto or a crypto scam, but originates from non-financial activity or fiat activity, still has an element of traditional fraud to it.” And this element of traditional fraud is often an organization’s best method of attack when it comes to preventing crypto scams.
Pratik Zanke has the same opinion, saying “fraud detection [for crypto] will always overlap traditional methods used in FIs or Fintechs,” including “behavior analysis, KYC and AML compliance, two-factor authentication (2FA), biometric verification, device recognition, and collaboration and data sharing.”
For most organizations, the best strategy is actually leveraging tactics that anti-fraud teams are already using. Risk management teams are familiar with these types of fraud, understand their impact, and know how to devise strategies (and specific rules) to combat these traditional types of financial fraud. And they already have the systems—and training—to do it.
That being said, there are still some strategies that are ideally suited for detecting and preventing fraud related to crypto. We’ll explore some of the best methods for organizations to combat crypto fraud, according to our Community Insights respondents.
The way cryptocurrency operates is very different from traditional fiat; cryptocurrencies are entirely digital and are tracked via the blockchain—a distributed ledger that logs all transactions. But since crypto operates so differently from traditional fiat, how can professionals investigate these systems and identify suspicious activity?
Blockchain analysis is the process of inspecting, modeling, and investigating data on a blockchain. Considering the anonymous nature of cryptocurrency, blockchain analysis is a core tool for risk teams to tackle crypto fraud effectively.
These solutions help teams identify the source of funds for crypto assets. As Baptiste Forestier, Head of Compliance at Hero, puts it, these tools “leverage the power of the blockchain and can track the origin of funds from the beginning.” Combine this with a rule-based approach to fraud, and team’s “can build complex scenarios that are more efficient,” empowering teams to better prevent fraud.
This is an invaluable tool for risk management professionals looking to stamp out fraud, as identifying the source—and trail—of funds can be exceedingly difficult when it comes to crypto assets. With blockchain analysis tools, teams can review transaction logs, verify the transaction history of assets, and piece together the full history of the assets in question.
Risk teams can even analyze the points of exchange, which can be used to expand the transaction history. Overall, blockchain analysis can provide insights into the crypto assets themselves (what they are, who owns them, who’s traded them, etc.). When used properly, this allows risk management teams to connect crypto to the point of exchange—uncovering the full history of the assets.
Teams can review transaction logs, and potentially gain insights into who’s involved in suspicious transactions. This data can then be used to analyze blockchain transactions and behavior patterns—empowering teams to root out fraud.
Address Whitelisting and Blacklisting
Whitelisting and blacklisting aren’t new—they’re widely used (and trusted) by Fintechs and FIs looking to prevent fraud and money laundering by controlling access to their platform and its services. And these solutions are just as useful for crypto platforms.
Blacklisting allows teams to restrict access entirely for high-risk individuals or organizations, and allows organizations to manage service access to moderate and low-risk customers. Whitelisting, on the other hand, helps teams approve trustworthy entities, which is ideal for ICOs (initial coin offerings) or NFT launches.
These practices—when applied to crypto products—are extremely useful from a risk and compliance perspective. Using whitelists and blacklists, teams can effectively manage risk exposure by controlling who can access their services.
Data Enrichment Tools
Information is power, and that’s certainly true when it comes to fraud prevention.
An anonymous respondent noted that teams looking to mitigate crypto fraud should “deploy data enrichment tools.” These solutions enhance the data risk teams have at their disposal, allowing teams to look beyond transactions for a deeper understanding of their customers and their behavior patterns.
Since cryptocurrency solutions are inherently anonymized, it’s more important than ever for risk management teams to use any other information at their disposal. The more information teams have about their users and their behavior, the more equipped they are to detect and prevent crypto fraud.
Cryptocurrency transactions are typically conducted in real-time, and are therefore instant and irreversible.
This makes it very challenging for victims of fraud to recover their funds. For this reason, real-time monitoring is more important than ever, empowering teams to actually identify—and potentially stop—fraud before it happens.
While many real-time monitoring solutions are better suited for examining fiat transactions, these tools are still invaluable in fighting crypto fraud, as they can analyze the points at which fiat is exchanged into crypto (and vice-versa) and better understand traditional financial (and non-financial) activity related to crypto.
Don’t Wait for Regulators to Catch Up: Set the Pace Yourself
Put simply, crypto regulations haven’t quite caught up with crypto fraud and crypto scams. Governments are struggling to keep pace with rapid advancements in (and adoption of) cryptocurrency assets and solutions. In some cases, they still aren’t even sure how to classify crypto assets—let alone how to regulate the crypto industry effectively.
Pratik Zanke points out that “having a global watchdog can certainly build trust. As currently every nation has their own regulation, some say its legal and some say its not,” making it exceedingly difficult to know what regulations apply (and in what jurisdictions).
However, as one anonymous respondent states, organizations “shouldn’t wait to do the right thing. Why wait for the regulator to implement proper controls? They should adopt all the standard practices that all money movement businesses follow.”
Since most strategies for preventing crypto fraud and scams exploit fiat activities or non-financial activities, the majority of these threats can be mitigated—or prevented entirely—by using traditional anti-fraud strategies and methods. And most risk management teams already have the right tools in their toolkit.
There’s no reason why organizations shouldn’t implement adequate fraud detection and prevention strategies—whether all of those measures are essential to meet regulatory standards or not.
The fact is, teams still have a lot to lose monetarily (and reputationally) for failing to identify and stop crypto scams, and they should be doing all they can to prevent these scams from being successful under their watch.
Leverage True Data Monitoring for Enhanced Behavioral Analysis
Risk management professionals should target non-financial activity and fiat activity to best detect and prevent fraud—even crypto fraud and scams. For best results, put additional focus on the points where a currency is being exchanged from fiat to crypto (or vice-versa).
When drawing on talent, teams “should hire people coming from conventional financial institutions,” according to Baptiste Forestier, as it’s “easier to train one of us on crypto, which I did, than to teach AML to a crypto expert.”
Since so much of crypto-related fraud is actually a traditional type of fraud, traditionally trained professionals will have the skills needed to develop systems and programs to prevent fraud—and adapt those strategies for crypto markets and fraudsters.
Leverage a rule-based fraud prevention engine that can ingest data from third-party vendors with ease, allowing teams to analyze all their data in one place. With data monitoring and enhanced data visualization capabilities like network analysis, teams can seamlessly monitor transactions and other user behavior that could signal suspicious activity. With the right rules in place, teams can easily manage crypto-related fraud.
Schedule a demo today to learn how Unit21 can help!
Want more insights from fraud professionals? Check out our Community Insights from Chapter 4—How Experts Prevent Account Takeover (ATO) Fraud. In it, we explore real-life examples of account takeover (ATO) fraud and the top strategies real professionals use to detect and prevent it.