Have you ever wondered if your cryptocurrency platform collects ransomware payments? Maybe not, but it might be worth investigating. Ransomware associated with Bitcoin continues to plague businesses, government agencies and individuals with no signs of letting up. And if your platform is sanctioned, you risk losing access to all your funds instantly.
What exchanges or platforms do criminals use to collect or launder ransomware payments? And what implications does this have for people who use exchanges legitimately?
Blacklisted Exchanges and Mixers
Between 2014 and 2017, the BTC-e crypto exchange reportedly collected almost 95% of all ransomware payments worldwide. The feds claimed that BTC-e leader Alexander Vinnik also played a role in the theft of around 800,000 bitcoins (about $400 million at the time) from Japan’s Mt. Gox exchange. . Eventually, the US government charged Vinnik, who was sentenced to five years in prison. BTC-e eventually shut down, along with all of its accounts. Meanwhile, many legitimate BTC-e client account holders have been stuck in limbo.
Then came SUEX, the OTC cryptocurrency broker that allegedly received $160 million worth of ransomware and other scammers. In 2021, the US Treasury’s Office of Foreign Assets Control (OFAC) placed the Russia-based broker on the Specially Designated Nationals and Blocked Persons (SDN) list. Americans are prohibited from doing business with any company on the SDN list.
More recently, virtual currency mixer Tornado Cash was sanctioned. According to the US Treasury, the mixer “has been used to launder more than $7 billion in virtual currency since its inception in 2019.” A State Department spokesperson said the mixer provided “material support” to the Lazarus Group, an organization believed to work on behalf of the North Korean government. In August 2022, the platform was also on the SDN list.
Given these incidents, how do you know if an encryption platform is being used for nefarious purposes? What signs indicate that criminals might also be using your exchange?
Putting things into perspective
The reality is that malicious actors can use any financial entity for fraudulent purposes. In 2021, the illicit share of all cryptocurrency transaction volumes hit an all-time low of 0.15%. Meanwhile, the UN estimates that the amount of fiat money laundered around the world in a year is 2-5% of global GDP, or $800-2 trillion.
It is not uncommon for criminals to use multinational banks to launder money. But if you are investing in crypto and your platform is sanctioned overnight, you may not be able to get your coins back the next day.
How Crypto Platforms Deter and Detect Illicit Activity
Three key policies can help crypto businesses deter money laundering and ransomware payments. When evaluating the platform you use, ask yourself if it implements:
- Know your customer (KYC). This means requiring customer verification when establishing a business relationship when a customer completes a transaction and if required by law. Verification may include collecting customer data such as name, address and date of birth.
- Travel rule. According to the Financial Action Task Force’s “Travel Rule,” crypto platforms must collect and share data about parties in transactions. The data collection threshold (transaction size) differs by country.
- Transaction monitoring. This includes a continuous transaction monitoring system to detect signs of money laundering. For example, exchanges can analyze wallet addresses and transaction hashes.
Some crypto companies that report red flags that could indicate money laundering include:
- Transactions of unusual size, location, or pattern. For example, a sudden and large transaction between two parties with no prior connection.
- Sending cryptocurrency to darknet markets, mixing services, dubious gambling sites, fraudulent exchanges and platforms with lax anti-money laundering (AML) standards. Blockchain analysis can detect the use of mixing services.
- Structured several transactions, all just below reporting thresholds. This is how criminals break down large payments into smaller sums.
Cryptocurrency trading regulations
Given the ongoing cryptocurrency scams, many are calling for regulatory action. A recent DIFC Fintech conference outlined the current cryptocurrency regulatory scenario. Some of the highlights include:
- Around 95% of regulators currently have a team working on crypto regulation.
- The crypto industry is pushing for clear regulatory action. Regulations can have a positive effect on the development of cryptocurrency business.
- When global cryptocurrency exchange Binance introduced KYC verifications, over 96% of its customer base complied.
- The SEC imposed approximately $2.35 billion in total monetary sanctions against digital asset market participants in 2021.
Complex cryptocurrency jungle
In a recent executive order and policy documents, President Biden pledged to support the development of cryptocurrencies and restrict their illegal uses. But regulation often hampers the speed of innovation. Meanwhile, the United States continues to develop cryptocurrency policies with global impact. These policies include sanctioning cryptocurrency exchanges, recovering ransomware payments, and improving collaborative security efforts with other countries.
KYC and AML policies have been applied to US cryptocurrency exchanges for years. Nevertheless, this cannot prevent players from turning to exchanges in other less regulated countries that allow illicit transactions. For now, the only way to combat this is to continuously monitor platforms involved in illegal activities.
In November 2021, less than two months after the SUEX sanctions, the Treasury Department followed up with sanctions against Chatex, another Russian platform, as well as three of Chatex’s suppliers. Then, in April 2022, the Treasury Department added a third exchange operating in Russia, Garantex, to the SDN list.
So far, efforts to combat cryptocurrency crime are all steps in the right direction. Yet no in-depth analysis has measured the overall impact of these actions on cryptocurrency levels.
The sanctions and law enforcement efforts have also been accompanied by a call to develop a US central bank digital currency (CBDC). However, a CBDC comes up against privacy and sovereignty issues that largely gave rise to cryptocurrencies in the first place.
Undoubtedly, no easy solution exists for cryptocurrency related crimes. But the easy answers never existed with paper money either.