Written by @Rob.Tharle, CYBERA’s Head of Product.
For the last year or so, an average week in Crypto would see an estimated $10M in hacks and $6M from phishing attacks – ranging from the basic social media compromises to much more complex tailored attacks, such as gas reward manipulation.
But it’s hardly been an average couple of weeks…
The collapse of FTX has lost a lot of people, a lot of money. Many – including the likes of Jamie Dimon at JPM are predicting that this will trigger a surge in regulated De-Fi – not a bad thing, unless you actually believe in decentralisation, in which case, giving control to the international banks is probably not going to get you very far.
But however, the ‘backdoor’ in FTX came about the fact is that money was siphoned off a major exchange, in a move that was clearly designed to evade internal compliance as well as external auditors. It’s also led another wave of negative sentiment.
At the same time awareness of web3 continues to grow – whether this is metaverse exploration, or more fundamental developments with companies exploring use cases for NFTs or tokenisation. As this continues, we should expect to see a parallel uptick in the creativity of our less principled counterparts, the cyber criminals, who are always creating new ways to swindle people out of their money.
In Jan 2022, the NFT market hit a peak, with volumes declining since. The impact of the crypto winter played a role, but some high-profile examples of breaches will also have played a part – these include Lympo, the sports NFT platform, that suffered a hot wallet security breach and lost tokens worth $18.7m in Jan’22. They weren’t all technical breaches though – even in web3, fraud can be as simple as an Instagram hack and phishing message – in April ’22 Bored Ape Yacht Club was compromised and the criminals reported got away with up to $3m in stolen NFTs.
But these events put a negative press on the whole de-fi industry reputation and increased pressure on regulators to do more. Which then impacts the newer initiatives.
So quite rightly, in the metaverse, one of the major topics at the moment is identity. Many in the market are exploring this from a human rights perspective, but there is a huge fraud angle as well. Whether it is impersonation, or simple confidence tricks based on presenting a false identity in a virtual space, the environment is ripe for identity-based fraud.
Three things can really help here to improve reputation of the industry and therefore help bring it more into the mainstream.
Firstly, ensuring that victims – whether large companies or individual purchasers – can report the loss and share the details with the law enforcement community, as this both builds awareness and acts as one deterrent to potential criminals.
Encouraging the wider community to share information on bad actors to help built up security for the whole community. Therefore, reporting is key.
And finally – making it easy to engage with law enforcement when a fraud has taken place. Joining the dots will not only give people confidence, but also reduce the time to connect the right information with the people who need it to quickly find the perpetrator.
But what happens once frauds are reported? Industry collaboration is about more than just adding your name to a list – it is about action. At CYBERA, we provide our Watchlist to global financial institutions, law enforcement bodies, governments and corporate clients. Over 50% of that data is linked to a crypto address – and often the link to a fiat bank account. What we’re aiming to deliver is actionable intelligence, in real time, through global data sharing.
By starting to take these steps, it will be possible to help consumers and be ahead of the coming regulations. Regulators are already moving to act to secure the space, with increased regulatory expectations around VASPs and the FATF Travel Rule being case in point. As fraud regulation in the fiat space is increasing, crypto, web3 and metaverse firms should expect even more regulation coming their way. They should also welcome it as a way into the mainstream.
With that, it also time to put greater, focus on onboarding, not just identity verification, but also checking for known mules, whether that is checking wallets before linking them to exchanges, or running a check against a list of known bad-wallets when entering metaverse worlds. Mules are a big problem, whether fiat or Crypto Banks around the world have spent millions trying to grow awareness in their customer base to help them protect themselves against cybercrime. We should be looking to leapfrog this and avoid that spend by building MFA and awareness measures in now – while web3 is still developing around us.
About CYBERA
At CYBERA we’re on a mission to stop money laundering and help protect customers from scams and other financial cybercrime. We close gaps that allow cyber criminals to thrive by sharing crime data in real-time with financial institutions, fintech, and crypto exchanges, and coordinating a global response to support customers who have become victims of financial cybercrime.
CYBERCRIME WATCHLISTTM helps support firms to reduce fraud and money laundering and meet the requirements of the CRM as part of a holistic fraud and financial crime strategy.
Financial Institutions (FIs) can check against the CYBERCRIME WATCHLISTTM for confirmed mule accounts when processing payments. For outbound & inbound payments, where there is a match on either IBAN (Account Number & Sort code) or on Name the transaction can be flagged as high risk.
At account opening and ongoing CDD, email, phone and name can be used to match to CYBERCRIME WATCHLISTTM to reduce opening new mule accounts.
CYBERCRIME COMPLAINTTM further supports by providing users with alerts of any of their accounts reported as mules directly in their dashboard.
Unlike other data sources, CYBERA is a global solution, so is well placed to support the increasing levels of cross-border real-time payments.