The surge in the value of bitcoin has created a boom in cryptocurrency trading as investors try to find the next big crypto trend. At the same time, it has also created a spike in crypto crime, with criminals raking in $1.9bn from crypto-related crimes in 2020, according to CipherTrace.

“Scams are where banks are currently seeing the biggest losses and biggest concerns from their customers,” says Rachel Sexton, a partner in EY’s UK financial crime and forensics team. “Often, the cryptocurrency being offered doesn’t exist beyond a fraudulent email that says here is a ‘great investment opportunity,’ and then the fraudster will just disappear with the money.”

In the US, crypto scammers pretending to be Tesla CEO Elon Musk conned people into handing over $2m-worth of cryptocurrency in just six months.

While fraud was the dominant crypto crime, theft of crypto assets was the second biggest offense. Hackers targeting crypto exchanges are a significant part of that, with more than $12bn pilfered from those venues since 2011.

“The average value of a hack on a crypto exchange is $24m, making them extremely lucrative,” says Tamas Kadar, co-founder and CEO of SEON, a fraud detection platform.

Hackers demanding crypto

Ransomware has also been on the rise, with hackers often demanding payments in cryptocurrency. A hacker group known as DarkSide, which carried out the cyberattack on the US Colonial Pipeline in May 2020, has received more than $90m in ransom payments from at least 47 victims, according to research from blockchain-analytics firm Elliptic.

In total, there was a record high of almost 400 ransomware attacks in 2020, Temple University data revealed.

While crypto criminals can attempt to operate anonymously, theft of cryptocurrencies leaves permanent fingerprints on the blockchain. That means, in theory at least, that the assets can be tracked down. James Brennan, Associate Managing Director in Kroll’s compliance risk and diligence practice, spends his time chasing down crypto thieves in a bid to recover stolen assets. Part of that involves performing forensic analysis to figure out how the assets were stolen.

“If someone steals one bitcoin, they will transfer that into hundreds or even thousands of smaller transactions, trying to obfuscate the flow of money to make it harder for investigators or forensic accountants to follow the trail into entities who may be cooperative.”

James Brennan, Associate Managing Director, Kroll

Often hackers will carry out a phishing attack to gain access to someone’s account. It is also common for fraudulent actors to connect with victims over chat networks to trick them into sending funds to fake financial platforms.

“For us, it’s really a tracing exercise,” says Brennan. “We can see the most recent transaction and where the stolen cryptocurrency was sent to, but a lot of these hackers are pretty sophisticated individuals, so they’re smart enough not to use the same wallet address for multiple thefts.”

The hackers will then typically perform multiple wallet transfers before sometimes using what is known as a mixing service or ‘tumbler,’ where the cryptocurrency is broken down into smaller transactions and shuffled among different tumbler users, making it even more challenging to trace.

“If someone steals one bitcoin, they will transfer that into hundreds or even thousands of smaller transactions, trying to obfuscate the flow of money to make it harder for investigators or forensic accountants to follow the trail into entities who may be cooperative,” said Brennan.

No legal way to restore stolen assets

Even if investigators trace a stolen crypto asset to a particular wallet address or exchange, it is not always straightforward to get the assets back if that entity is in a jurisdiction such as China or Russia, where there is no legal mechanism for recovering them.

“It’s very difficult to recover assets because there is not one overarching regulatory body or one jurisdiction where all of these thefts occur, so because it’s borderless it makes it that much more difficult,” Brennan adds.

While crypto crime only accounts for less than 1% of all cryptocurrency transaction volume, it is still a significant issue that’s likely to increase as the cryptocurrency movement gathers momentum and new crypto assets launch, says Hinesh Shah, Senior Associate Forensic Accountant at law firm Pinsent Masons.

Because of that, some banks are still cautious about entering the crypto market.

“Financial institutions are struggling with the delineation between their responsibilities to protect consumers from fraud and the customer’s own responsibilities,” says Shah. “Some banks are choosing not to engage with customers who accept payment in cryptocurrencies.”

Sexton suspects that banks’ willingness to embrace crypto will change as more institutions enter the market and the asset class begins to mature, but for now they remain hesitant.

“One of the biggest worries on the bank side is how they offer crypto services in a safe way to customers who want to invest in this market,” she said. “If a bank offers a crypto asset for investment and then it swiftly becomes worthless, and customers lose all their money, the bank could face both reputational and financial penalties if customers feel they were mis-sold or the risks weren’t properly explained.”

Clearing deposits of crypto trading

Another potential concern banks have with the crypto market is customers who try to deposit significant sums of money that they say they made trading cryptocurrencies.

“In that situation, banks will ask ‘how do we know this person isn’t a drug dealer or an arms dealer and made all this money that way?’,” says Sexton. “It’s more difficult for banks to establish provenance in that instance, so they want to be sure they don’t have any financial crime risks that come with that.”

By investing in better technology, banks and other financial institutions can be more confident that they are dealing with genuine customers and that their accounts are not being used for criminal or fraudulent transactions.

“Financial institutions need to be mindful of two things: letting go of credit or assets that shouldn’t go to someone, and allowing their platform to be used for illicit purposes – for crypto, there is evidence that both are a growing problem,” says Carol Hamilton, Fraud and Compliance Director for EMEA at GBG, an identity and fraud solutions company. “We work with financial institutions to help them build trust with their customers, and we do that by first helping them to accurately and quickly understand who is at the front door. Once you have that clarity, you can understand very clearly who you’re doing business with and ascertain how to deal with them.”

While large-scale crypto heists usually grab the headlines, low-level daily account hijackings that operate on a ‘quantity, not quality’ basis, where fraudsters make thousands of attempts to gain access to accounts in the hope that some are successful, are also a significant issue for financial institutions, says Kadar.

Artificial intelligence technology is one way to spot that kind of activity.

“AI-enabled fraud prevention allows the companies behind online trading platforms to keep up with the sheer quantity of attacks,” Kadar says. “Machine learning allows systems to keep themselves up to date with the ways in which fraudsters are trying to access accounts, and for the secure sharing of huge amounts of data from companies around the world to make anti-fraud systems even more powerful.”

Crypto criminals leaving transactions traces

While Brennan spends his working hours chasing crypto crooks, he doesn’t believe crypto makes it easier to get away with committing fraud or crime – in fact, it can make it easier to get caught.

“If you compare ransomware payments that are paid in cryptocurrency to traditional ransoms that would have been paid with fiat currency, once that leaves someone’s hands you don’t know where it’s going,” he says.

“With crypto, there is always a transaction ID, and there is always going to be a wallet address where we can trace it to, and, at some point, there’s going to be a need for some sort of off-ramp to convert that into fiat. So it’s certainly easier to catch them because there’s a footprint out there.”

“It was recently confirmed that English law will view cryptocurrencies as ‘property,’ which has opened the doors to the UK courts being able to employ longstanding civil fraud remedies to trace and recover assets for victims.”

Jennifer Craven, a senior associate specializing in foreign and domestic commercial frauds at Pinsent Masons

Authorities and regulators are also stepping up their efforts to clamp down on crypto crime, with the UK government and civil courts, in particular, taking a hard line, says Jennifer Craven, a senior associate specializing in foreign and domestic commercial frauds at Pinsent Masons.

“It was recently confirmed that English law will view cryptocurrencies as ‘property,’ which has opened the doors to the UK courts being able to employ longstanding civil fraud remedies to trace and recover assets for victims,” she says. “There is, therefore, now a growing body of case law illustrating the impact this type of fraud is having on victims and how seriously the UK legal system is taking crypto fraud, which goes to show just how serious a problem this type of fraud is becoming.”

If such crime continues to escalate unabated, it could jeopardize the crypto market’s development.

“If regulation doesn’t reduce some of that, it could overtake the good that can come out of crypto and will almost certainly stop the crypto world flourishing in a way that we haven’t even let it yet,” says Hamilton.