Crackdown on crypto crime: protecting investments in a threatening environment

What is crypto crime? And how can investors and exchanges protect themselves?

Vijay Valecha, Finance Middle East, March 27, 2024

he crypto industry is on the rise, as global cryptocurrency asset prices and market sentiment recover from the 2022 losses. Overall, investors worldwide recorded $37.6 billion in cryptocurrency gains in 2023, with the global cryptocurrency market cap being set at $2.51 trillion as of March 2024, according to CoinGeko.

But where there is money, there is also the threat of theft.

Last year, the value received by illicit cryptocurrency addresses totalled $24.2 billion, the latest report by blockchain data platform Chainalysis found. This is a large number but it amounts to just 0.34% of total transaction volumes, demonstrating the market’s resilience in an ever-evolving environment.

“The cryptocurrency industry has witnessed exponential growth globally,” Vijay Valecha, Chief Investment Officer at Century Financial told Finance Middle East. “As the industry expands, the complexity of the supply chain increases, amplifying the risk of supply chain attacks orchestrated by sophisticated adversaries.”

But what exactly does crypto-crime entail? And how can investors and exchanges protect themselves? The answers lie ahead.

The types of crypto crime

The digital nature of cryptocurrencies makes them an attractive target for cybercriminals, who exploit vulnerabilities in the system architecture or human error to orchestrate attacks. Moreover, while crypto’s strengths, such as decentralisation, anonymity and security, appeal to investors, they can also be attractive to attackers.

“Cyberattacks, in my opinion, encompass a vast ecosystem, which you could argue is an umbrella under which crypto falls,” said Vivien Lin, Chief Product Officer at BingX. “Crypto further expands how criminals can reach you, enabling new ways to target you.”

The most common crypto attacks take the following forms:

•Phishing scams: Crypto criminals create fraudulent websites or emails that mimic legitimate cryptocurrency exchanges or wallets to trick users into divulging their credentials.

•Ransomware attacks: Cybercriminals use malware to encrypt victims’ files or devices and demand ransom payments in cryptocurrency to unlock them.

Ponzi schemes and investment scams: Scammers promise high investment returns in cryptocurrency projects or platforms, often using false or misleading information.

•Initial Coin Offering (ICO) fraud: Fraudsters create fake ICOs or token sales to raise funds from investors, only to disappear with the money without delivering the promised products or services.

•Social engineering attacks: Crypto criminals manipulate individuals or employees of cryptocurrency-related businesses through social engineering tactics to gain unauthorised access to sensitive information or funds.

In terms of the types of assets involved in illicit crypto transactions, Chainalysis has identified changing patterns. Through 2021, Bitcoin “reigned supreme as the cryptocurrency of choice among cybercriminals”, the company said, pointing towards its high liquidity as a likely reason. However, this is no longer the case, as stablecoins are now involved in the majority of illicit transaction volumes.

The same old threats?

As any industry scales, its exposure to potential threats also escalates—and this was the case with cryptocurrencies. However, when analysing the specific threats that crypto investors and exchanges face, they are not unfamiliar to the financial industry. More often than not, crypto criminals leverage the same strategies used in other types of financial crime, albeit modified to fit the crypto sector.

“Crypto crime has undeniably expanded in the past few years. Nevertheless, gauging its pervasiveness in relation to other cyberattacks has become challenging due to the integration of crypto into traditional financial crimes,” Yusuf Mansawala, Chief Market Analyst at CPT Markets, explained.

According to an FBI report, crypto scams accounted for 86% of all investment fraud losses in the US, amounting to $3.94 billion. This number marks a 53% increase from 2022, when multiple crypto scams plagued the sector, including the $32 billion collapse of FTX, and the $4.7-billion bankruptcy of Celsius.

In contrast, 2023 saw a notable drop in illicit transaction volumes. Chainalysis reported a sharp decline in crypto scamming and stolen funds, for which the total illicit revenue was down 29.2% and 54.3%. The latter was largely driven by a sharp drop in decentralised finance (DeFi) hacking, which was characterised as a sign these platforms are improving their security practices.

Cryptocurrency ecosystems rely on various components, including wallets, exchanges, and infrastructure providers. Supply chain attacks targeting these components can compromise the security of the entire ecosystem, with terrible consequences.

“Attacks on exchanges, bridges and online wallets often result in almost immediate profit for a hacker, with little to no consequences due to the pseudonymous nature of most if not all cryptocurrencies,” added Kevin Reed, CISO at Acronis. “Platforms become more vulnerable because they are pressed to meet product deadlines in fierce competition, which leads to poor quality of their software and to massive incentives for attackers.”

Enhancing crypto security

As the crypto industry expands, the complexity of the supply chain increases, amplifying the risk of supply chain attacks orchestrated by sophisticated adversaries. Moreover, the human element behind transactions and investment decisions makes the sector vulnerable to manipulation. In this context, experts advise that companies and individuals implement policies that reduce the risk of falling prey to crypto criminals. These include:

Ensuring regulatory compliance
Conducting due diligence on investments
Scheduling regular security audits and penetration testing
Avoiding phishing attempts
Selecting reputable exchanges
Enabling two-factor authentication (2FA) for crypto transactions

“The burgeoning technology and financial sectors are prime targets for cybercriminals, driving demand for robust cybersecurity solutions, regulatory requirements and compliance standards, which are becoming stricter, compelling organisations to prioritise cybersecurity to protect data and maintain customer trust,” said Chris Murphy, Managing Director in the Middle East Cybersecurity practice at FTI Consulting.

In addition to enhanced cybersecurity policies, a major driver of the reduction in crypto crime has been the industry’s fostering of collaborative security efforts with law enforcement agencies. In the past year, specialised teams responded to over 58,000 law enforcement requests and conducted 120 law enforcement workshops and training sessions— a 70% increase compared to 2022.

In 2023, Binance alone increased its investment in compliance programmes by 35% to $158 million, compared to the $213 million invested the previous year. Looking ahead, these types of partnerships and policies are expected to be key in cementing investor’s trust.

“As 2024 unfolds, I believe we will see a push for more mature market infrastructure that will encourage a healthier, more competitive custody and exchange ecosystem in the primary crypto markets,” Eric Jardine, Cybercrime Research Lead at Chainalysis, added.

However, the latest technologies allow players to go a step further. The experts interviewed agreed that organisations should prioritise understanding the specific threats targeting them and the potential impacts on their business. This requires an intelligence-led approach, which involves identifying who is targeting the organisation, how they are doing so, and developing tailored defences against their tactics, techniques and procedures.

“Thanks to the inherent transparency of blockchains, analytics tools can provide regulators, law enforcement agencies and crypto businesses with the ability to detect and react to malicious activity,” Jardine added. “This will undoubtedly aid in the rapid maturing of the segment and bolstering of consumer confidence.”

The future of crypto crime

Looking ahead, as technologies continue to evolve and become more sophisticated, so will malicious actors. According to experts, the next years will see the progression of quantum computers capable of breaking modern cryptography and the training of artificial intelligence (AI) algorithms are some of the challenges that the industry will have to contend with, according to experts.

“We already see perpetrators creating deepfakes with influencers to deceive the audience. Perhaps we may not yet imagine all the types of attacks in the crypto environment that will be carried out using AI,” said Vugar Usi Zade, COO of crypto trading platform Bitget.

BingX’s Lin added: “While current cryptocurrencies remain unaffected by quantum computing capabilities, safeguarding against the looming threat of quantum supercomputers will necessitate concerted efforts to implement a series of modifications aimed at preserving decentralised governance structures.”

To address these emerging threats, continued collaboration between cryptocurrency stakeholders, cybersecurity experts, regulators and law enforcement agencies will be essential to develop and implement effective mitigation strategies and safeguards.

Additionally, ongoing research and development efforts to enhance the security and resilience of cryptocurrency networks and infrastructure will play a crucial role in mitigating future risks.

Source

Finance Middle East