It’s been a billion-dollar springtime for cryptocurrency criminals, according to CipherTrace.
On Tuesday, the blockchain analytics firm said fraudsters, malicious hackers and thieves have amassed $1.36 billion in ill-gotten crypto through the first five months of 2020. CipherTrace published the findings in its June 2020 crypto anti-money laundering and crime report.
That hefty haul puts 2020 on track to become the second-costliest year in the history of crypto, behind 2019’s record $4.5 billion, but likely ahead of 2018’s $1.7 billion, the firm estimates.
This year’s running total largely comes from a single fraud: Wotoken. The massive Chinese multi-level-marketing scheme stole $1.09 billion in 2018 and 2019, but only came to light last month. CipherTrace said Wotoken’s funds – 46,000 bitcoin (BTC), 2.04 million ethereum (ETH), 292,000 litecoin (LTC), 56,000 bitcoin cash (BCH) and 684,000 EOS (EOS) – are still on the move.
“It was a classic pyramid scheme,” John Jeffries, chief financial analyst at CipherTrace, said. Claiming to have a “magic algorithm,” Wotoken grew and grew, passing 715,000 users, until Jeffries said it “collapsed under its own weight.” The scheme’s alleged perpetrators are now on trial in China.
Wotoken underscores the continued rise of fraud as perhaps cryptocurrency’s biggest criminal threat, far bigger in stolen value than hacks and thefts, which account for just 2% of CipherTrace’s 2020 estimate. Last year also saw more lost in fraud than hacks.
What that trend means depends on how you look at it. Jeffries noted that it “demonstrates the maturing of the industry.” As more exchanges beef up their security systems, fewer hackers are getting through. (And some who do still give the money back).
But fraud highlights the need for closer regulation of cryptocurrency businesses, Jeffries said, adding: “If Wotoken was required to truly disclose beyond hyperbole how their thing worked,” it would have failed far faster.
“It’s not just protecting against counter terrorist financing or protecting against money laundering,” Jeffries said of crypto licensing regimes. “It’s to protect uninformed consumers from themselves.”
Criminals are evolving their obfuscatory tactics. In a week of watching darknet wallets send crypto to exchanges, CipherTrace found over 30% of transfers took an interim step, while just under 10% of transfers went directly.
Those extra steps, while traceable, help mask the cryptocurrency’s sources, and they raise the risk of an exchange inadvertently laundering criminal funds, CipherTrace said. Only 0.17% of illicit crypto that landed at exchanges got there directly in 2019.
Transfers from U.S.-based bitcoin ATMs to “high risk” exchanges continue to grow at an exponential rate. Last year 8% went right to shady crypto changers, while only 5% went to “regular” exchanges.
CipherTrace said that “high risk” exchanges are classified as such for their nefarious reputations. Even so, ATM transfers to such venues are not necessarily indicative of criminal behavior.
The Travel Rule
Crypto is a global industry and so too are its exchanges: 74% of exchange-to-exchange bitcoin transfers crossed international borders in 2019.
That could become a problem with the Financial Action Task Force’s (FATF) June 2020 deadline for crypto firms to begin collecting and sharing exchange users’ information.
Jeffries said tech created to help exchanges comply with FATF’s so-called Travel Rule is ready for implementation. However, the countries charged with enforcing the rule are not. Few jurisdictions are really ready, with full regulations in place, he said.
Jeffries predicted a future where bitcoin transfers only happen in “siloed environments” if the industry players and the countries they domicile in don’t get up to speed with the rule.
“It’s important to be able to maintain the value of cryptocurrency for international remittances,” he said.