skip to Main Content

October 7, 2020

Where’s Where in KYC | KuCoin Hack | BitMEX Owners Charged | Ransom Payment Warnings | MiCA Proposal | Hitcoin | A Clarion Call to Banks

  • CipherTrace’s 2020 Geographic Risk Report: VASP KYC by Jurisdiction 
  • KuCoin Hot Wallets Compromised after Hackers Steal 150 Million in Crypto
  • CFTC Charges BitMEX Owners with Illegal Operations and Anti-Money Laundering Violations
  • FinCEN, OFAC Sanctions Advisory for VASPs
  • EU Takes Up MiCA Legislation That Could Transform How Crypto Operates in Europe
  • Woman Charged with Paying a Phony Hitman Bitcoin to Kill Her Ex-Husband
  • FinCEN’s Blanco: “Banks Must Be Thinking About Their Crypto Exposure”

CipherTrace Releases Ground-Breaking Report on the Geography of KYC Risk

Effective Know-Your-Customer (KYC) protocols are a vital part of any anti-money laundering (AML) regime. When done right, KYC processes can help financial institutions better understand and manage their risks and prevent money laundering. But it’s one thing to have strong KYC guidelines on paper–and another to implement them.

By analyzing and probing the KYC processes of over 800 VASPs in more than 80 countries, CipherTrace geographically located where weak and porous KYC could be exploited by money launderers, criminals, and extremists.

Why It Matters: Jurisdiction shopping to maintain operations in a country where AML regulations are laxer is not an uncommon practice. We found, for example, that three-quarters of the cryptocurrency businesses registered in the Seychelles have bad or porous KYC policies, making the small island country a boon for potential money launderers.

Read the full report:

Cryptocurrency Exchange KuCoin’s Hot Wallets Hacked for Millions 

On September 26, the Singapore-headquartered digital asset exchange KuCoin announced that it had detected large withdrawals of bitcoin (BTC) and ethereum (ETH) tokens to an unknown wallet beginning at 19:05 UTC the day prior, affecting roughly $150 million in user funds.

In a livestream, CEO of KuCoin Johnny Lyu said that the group that infiltrated their system had obtained the private keys to KuCoin’s ethereum hot wallets. The hackers then sent the majority of the contents of two hot wallets to an outside ethereum address. In total, the attackers were believed to have made off with 11,480 ETH.

After the hack, KuCoin transferred the remainder of its hot wallets to new secure wallets and froze all customer deposits and withdrawals. Most of the stolen cryptocurrencies were ERC20 tokens, which can be easily laundered through DeFi protocols. This case marks the first high profile instance of a DEX, Uniswap, being used as a money mixer. Unlike centralized exchanges, a DEX can’t freeze funds—only specific projects can.

On October 3, KuCoin CEO announced that the exchange had identified the suspected hackers and had officially involved law enforcement in their investigation.

Why it matters: Bad actors are continuously developing new, innovative attacks and designing more convincing social engineering tricks to which insiders fall prey. Only the largest exchanges have the security maturity of traditional financial institutions, which are typically subject to security rules and audits. Until VASPs display the same level of rigor as their financial services counterparts, we will continue to see hacks of exchanges.

Read the full story in CoinDesk:

Read more on this developing story, including my analysis:

BitMEX Owners Charged with Illegal Operations and AML Violations

On October 1, the Commodity Futures Trading Commission (CFTC) filed a civil enforcement action charging five entities and three individuals that own and operate the BitMEX trading platform, including BitMEX CEO Arthur Hayes. These charges include operating an unregistered trading platform and violating multiple CFTC regulations such as failing to implement AML procedures.

According to the complaint, HDR Global Trading Limited owned and operated the BitMEX trading platform. Despite being incorporated in the Seychelles, “HDR does not have, and never has had, any operations or employees in the Seychelles.” Hayes held his ownership interest in BitMEX entities through a Delaware limited liability company that maintains bank accounts at financial institutions in the US. Though the platform served at least 85,000 US customers and managed a large portion of its trading infrastructure from within the US—with half its employees working from San Francisco or New York offices—BitMEX never registered with the CFTC.

Regarding AML violations, the complaint claims that BitMEX not only failed to comply with record keeping obligations, but the company was actively deleting and altering critical customer identification information. In certain cases, these records were deleted “explicitly because a user was found to be located in the US or another restricted jurisdiction.”

Why it matters: Executive liability for inadequate anti-money laundering controls has long precedent at traditional financial institutions. Enforcement agencies are increasingly turning their eyes toward the virtual asset world. BitMEX is the latest example of the heads of a virtual asset service provider facing severe consequences for the AML deficiencies in their exchange. The defendants in this case each face up to 10 years in jail and the CFTC’s injunction may top $1.3B USD, making it one of the most expensive AML penalties ever levied against a financial institution.

Read the CFTC announcement:

Read the full CFTC complaint:

Read the DOJ Indictment:

FinCEN, OFAC Warn VASPs of Potential Sanctions Violations for Allowing Customers to Pay Ransomware

On October 1, the U.S. Department of the Treasury’s Office of Terrorism and Financial Intelligence issued a pair of advisories to assist U.S. individuals and businesses in efforts to combat ransomware scams and attacks.

Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an advisory to provide information on the role of financial intermediaries in payments, ransomware trends and typologies, and related financial red flags. FinCEN’s advisor highlights that detecting and reporting ransomware payments are a vital part of ransomware prevention.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to alert companies that engage with victims of ransomware attacks of the potential sanctions risks for facilitating ransomware payments. Sanctions compliance programs of VASPs should account for the risk that a ransomware payment may involve an SDN or blocked person, or a comprehensively embargoed jurisdiction.

Why it matters: If a ransomware victim uses a VASP to send cryptocurrency to a sanctioned actor, that VASP could be in violation of sanctions. Blockchain analysis is vital in order to determine the entities associated with counterparty addresses. Even if a specific crypto address isn’t designated, transacting with said address could be a sanctions violation if it is associated with a sanctioned entity.

Read the FinCEN Advisory:

Read the OFAC Advisory:

Quick Read: European Commission Proposes a Legal Framework for Cryptocurrencies

The European Commission is considering a legal framework for the regulation of cryptocurrencies. The Regulation on Markets in Crypto Assets (MiCA) would define what constitutes a crypto asset as well as defining a host of requirements and relationships.

Why It Matters: In our latest report, CipherTrace analysts revealed that 6 out of the 10 worst countries for crypto KYC are located in Europe. If passed, MiCA would make the EU the most regulated space for cryptocurrency in the world.

Read about MiCA: 

Nevada Woman Charged with Paying Bitcoin to Fake Hitman in Murder-for-Hire Plot 

A Nevada woman is being charged by the Department of Justice with paying a dark web hitman $5,000 in bitcoin to assassinate her ex-husband.

Although the hit, ordered in the spring of 2016, was not completed, Kristy Lynn Felkins was charged with intent to murder in a California court on September 24. Agents from the Department of Homeland Security traced the bitcoin to an account associated with Felkins.

Acquired chat logs detailed a month-long correspondence in which Felkins and the fake hitman discussed the murder, and the “hitman” later attempted to sell her on a more expensive method before ghosting her. The agents then traced Felkins’s bitcoin to a LocalBitcoins account associated with the pseudonym that she had been using to keep in contact with the phony hitman.

Why It Matters: This case demonstrates that many people still view bitcoin as the perfect tool for anonymous transactions when, in reality, bitcoin is more traceable than cash. Additionally, law enforcement agencies continue to become more sophisticated in the use of tools to trace illicit cryptocurrency transactions and identify the bad actors behind them.

Read more in CoinDesk here:

FinCEN Doubles Down on Banks’ Crypto Exposure

Taking center stage in a keynote address at the virtual 2020 ACAMS Las Vegas Conference, FinCEN Director Kenneth A. Blanco clarified a long-standing confusion banks have had regarding their exposure to cryptocurrencies and the steps they must take the mitigate these risks.

While existing FinCEN guidance (FIN-2019-A003) clearly states that it is the responsibility of all financial institutions to identify and report suspicious activity concerning how criminals and other bad actors exploit virtual currency for money laundering, sanctions evasion, and other illicit financing purposes, many banks remained unclear on how exactly virtual currencies could affect their institutions.

Why It Matters: With this announcement, FinCEN affirms that it is going to be looking for suspicious activity linked to cryptocurrencies. Banks and financial institutions ignore the crypto on their payment rails at their own peril.

Read more:

Read Blanco’s full remarks:

Back To Top