A recent report shows good news for the crypto industry: crime is down dramatically. Except in one area, where it has increased 4x. Here’s what business owners need to know to tighten their compliance against this archetype.
Safe and secure transactions are key to the cryptocurrency industry’s long-term legitimacy and widespread consumer adoption.
So a recent report from Chainalysis should come as good news. The security company’s 2021 Crypto Crime Report revealed a sharp drop in criminal activity in the crypto market — from a high of 2.1% in 2019 (approximately $21 billion) to just 0.34% (roughly $10 billion).
A decrease of that size, particularly in the midst of a year of overwhelming economic uncertainty brought on by the COVID-19 pandemic, is certainly cause for celebration.
But let’s not cut the cake just yet.
There remains the matter of $10 billion in identified criminal activity concentrated around a very particular criminal activity, one we’ve written about going back years:
While the overall level of crypto crime has certainly fallen, ransomware scams have increased four-fold. The problem has become so serious that the U.S. Treasury is soon announcing sanctions to target ransomware payments made specifically with cryptocurrency.
What does this mean for business owners, and how can the crypto space better identify and combat this criminal archetype? We’ll explain below.
The data on ransomware attacks in cryptocurrency
Chainalysis notes in its report that the overall amount of crime in the crypto economy can vary depending on a handful of key, hard-to-predict events.
For example, one such event which contributed to the high rate of crime in 2019 was the PlusToken Ponzi scheme which accounted for $2 billion in lost funds from consumers.
No scam of comparable size occurred in 2020, which at face value accounts for the overall decrease in crime analyzed. Without a large-scale criminal event like PlusToken, the “day-to-day” level of more small-time crypto crime appears much lower.
However, one trend within that cohort is startling.
Ransomware scams increased by over 300%, accounting for $350 million in lost consumer funds, and representing 7% of measured criminal activity in 2020.
Why are ransomware attacks increasing?
One of the themes we explore at the BitAML blog is crypto scams. We have authored a dozen or so posts describing individual scams in detail to aid business owners in their understanding of criminal activity, as well as to provide them with material to use in their consumer protection strategies.
Ransomware attacks have popped up in our coverage several times over the years as an area of serious concern, one that has been specifically cited by FinCEN and OFAC, and one with unique compliance steps to be followed by businesses.
We and others have noted that crypto scams, in general, tend to resemble those of more traditional financial markets. A romance scam or a classified ad scam operate much the same way in any financial economy, the difference being the type of funds ultimately requested by the scammer.
Let’s keep in mind as well that criminals are attracted to the same features about cryptocurrency as most consumers: instant availability of funds, pseudo-anonymity, etc.
But ransomware has always been a particular risk for cryptos, and the data from Chainalysis shows that this criminal archetype continues to buck trends. The report suggests that financial criminals working in crypto have found their pressure points and are doubling down on what is working.
Ransomware is a bit unique in that it requires a slightly more sophisticated kind of criminal to pull it off. A successful ransomware scam involves complex efforts to disguise funds, as well as more advanced methodologies and technological requirements than your average low-tech criminal running a romance scam.
Opportunity is another potential explanation for the increase. As Chanalysis notes, work-from-home throughout the pandemic has created new security vulnerabilities for many businesses, creating conditions favorable to this more tech-savvy criminal cohort.
With work-from-home or hybrid models becoming more normalized, these conditions will likely be favorable to scammers for some time, at least until businesses figure out new cybersecurity strategies to combat crime.
This all adds up to the right conditions for savvy financial criminals interested in the anonymity and technological features of cryptocurrency to make a killing.
What can businesses do?
Businesses serve a front-line role in policing the cryptocurrency economy.
The detection and reporting of potential illicit activity is an asset to law enforcement efforts to combat financial crime and safeguard the integrity of various marketplaces. Cryptocurrency is no different.
If your AML compliance regime does not yet account for scam activity like ransomware, or you are unsure that it does enough, here are a handful of suggestions to start with.
What can cryptos add to their compliance strategy?
First, revisit your transaction monitoring and make sure that you have red flags in place to detect potential ransomware activity.
This means watching out for new customer transactions, typically from a business account, that are out of the blue and of an unusually large amount.
While not necessarily indicative of illicit activity, good KYC and outreach to the potential victim is good compliance.
Second, make sure that your business is using blockchain analysis tools to help identify addresses associated with criminal activity. The Chainalysis report is built on funds received by various addresses and the identification of “tainted” crypto on the blockchain.
This information is out there, and building tripwires into your transaction monitoring that look for specific addresses and high-risk wallet activities goes a long way toward tamping down on criminal activity.
Third, there are proactive measures your business can take. Revising your call scripts for touchpoints with customers to include ransomware-related questions is a good place to start. You can also proactively reach out to customers that are deviating from their normal transactional patterns, particularly those engaging in a transaction seemingly out of the blue.
While not necessarily indicative of criminal activity, anything that seems “out of the ordinary” for a customer is worth a follow-up.
Lastly, be reminded that if ransomware activity is detected, FinCEN and OFAC require that specific steps be taken when it comes to reporting the activity. You can read more about that in this post.
Overall, the fact that crime in the cryptocurrency economy has declined is cause for celebration. However, let’s not rest on our laurels.
Criminals certainly aren’t going to throw their hands up and walk away from crypto, so we need to be vigilant and educated on scam typologies like ransomware. Criminal activity will continue to evolve and become more effective in an effort to evade law enforcement. As the front liners, businesses need to evolve in kind.
Ransomware may end up becoming more of a “norm” in the crypto space than other financial markets due to the inherent appeal crypto holds for more sophisticated financial criminals. It may be a typology that crypto needs to keep an extra eye on for the long haul.
If you want a professional to review your AML compliance program to ensure that you’re doing everything possible to combat financial crime in the cryptocurrency space, you can reach out to BitAML for a free consultation here.