skip to Main Content

September 15, 2020

SINET 16 | FATF Red Flags | Banking Crypto | Argentine Border Hacked | Sanctions Update | Hot Wallet Hack | DeFi-ing Regulation

  • CipherTrace Named a SINET 16 Innovator for 2020
  • Virtual Asset Red Flags Released by FATF
  • On the Blog: Bank Responsibilities to Monitor for Crypto Transactions
  • Ransomware Hack Shuts Down Argentina’s Borders for 4+ Hours
  • Sanctions Alert: New Russian Crypto-Related Designations
  • $1.6M Stolen in Slovakian Crypto Exchange Hack
  • DeFi Growth Creates Regulatory Risks

CipherTrace Recognized as One of the Most Compelling Emerging Cybersecurity Companies

On September 10, SINET announced its selections for the 2020 SINET 16 Innovators cohort—and CipherTrace is on the list! The award recognizes emerging companies from around the world and is highly valued in the cybersecurity industry. A committee of over 100 industry leaders evaluated candidates based on the urgency in the marketplace for their products and solutions, how innovative and unique their solutions are, how well their products and technologies solve real and significant cybersecurity problems, what advantages exist over competing solutions, and their ability to succeed based on the state of their product, capital, and leadership.

See the full list of awardees:

FATF Releases Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing

FATF’s report on Virtual Assets Red Flag Indicators is meant to assist reporting entities, including financial institutions (FIs), designated non-financial businesses and professions (DNFBPs), and VASPs.

In order for banks to comply with any of the red flags indicated in FATF’s report, it is necessary for them to be able to accurately identify and monitor all crypto-related transactions. Doing so will allow them to identify red flags such as:

  • Customers converting a large amount of fiat currency into VAs with no logical business explanation
  • Customers that operate as unregistered/unlicensed VASPs on peer-to-peer (P2P) exchange websites, using bank accounts to facilitate these P2P transactions
  • Customers using one or multiple credit and/or debit cards that are linked to a VA wallet to withdraw large amounts of fiat currency (crypto-to-plastic), or funds for purchasing VAs are sourced from cash deposits into credit cards
  • Customers that are potential crypto money mule or scam victims.

Why It Matters: Despite the focus on VASPs’ red flags, the indicators illustrate the essential role that banks provide during ingress and egress of illicit funds and highlights the use of money mules at both ends.

Read the full FATF Report:

Best Practices for Monitoring Virtual Currency-Related Transactions at Your Bank

Existing FinCEN regulations clearly state that it is the responsibility of all financial institutions to identify and report suspicious activity concerning how criminals and other bad actors exploit CVCs for money laundering, sanctions evasion, and other illicit financing purposes. These requirements apply to all financial institutions, even if those financial institutions do not directly buy, sell, provide custody, or have virtual currency exchanges as customers. CipherTrace research has shown that many banks are left exposed because they do not monitor virtual currency-related transactions.

Read more on our website:

Argentina’s National Immigration Agency Hacked by Ransomware Group

Argentine government officials are refusing to negotiate with the group responsible for a recent ransomware attack on its national immigration agency, Cointelegraph reports.

According to a September 6 report, a group of Netwalker ransomware hackers breached Argentina’s immigration agency, Dirección Nacional de Migraciones (DNM), on August 27. After the hack, DNM received a ransom note stating, “your files are encrypted.” The note elaborated that the only way to unlock the files was to buy the decrypter program from the hackers for $2 million USD.

Later that day, a ransomware group posted a small portion of sensitive data to prove the validity of the hack. After the government refused to pay the ransom, the group increased the ransom to $4 million USD.

The Argentine news outlet Infobae reported that the hack shut down all border crossings for more than four hours as authorities took all computer networks used by immigration officials offline. Argentine government officials responded by declaring that “they will not negotiate with hackers and are not concerned with retrieving the stolen data.”

Why It Matters: The hack of the DNM is a rare instance of a ransomware attack on a governmental agency. Brett Callow, a threat analyst and ransomware expert at Emsisoft malware lab, said, “In the case of government departments, this is particularly problematic as the data can often be extremely sensitive, and in some cases even represent a risk to national security.” The cryptocurrency addresses given in ransomware demands can provide clues as to who is behind the attack.

Read more in Cointelegraph here:

SANCTIONS ALERT: New Russian Crypto-Related Designations

On September 10, four individuals were added to OFAC’s SDN List for attempting to influence the US electoral process. Three of the designated individuals were linked to supporting the cryptocurrency accounts of the Internet Research Agency (IRA)—a Russian “troll farm” tied to influence operations abroad on behalf of Russian political interests. According to OFAC, “the IRA uses cryptocurrency to fund activities in furtherance of their ongoing malign influence operations around the world.” These designations include BTC, LTC, ZEC, and BSV addresses.

Read the full alert:

Slovakian Crypto Exchange Eterbase Loses $1.6M in Hot Wallet Hack

Eterbase, a small crypto exchange in Slovakia, was hacked by a group that broke into their hot wallets and stole approximately $1.6 million in various cryptocurrencies.

On the evening of September 7, hackers broke into Eterbase’s system and stole just under $1.6 million of bitcoin, ether, XRP, tezos, algorand, and TRON. The following morning, Eterbase announced from its Telegram channel that hot wallets for six of the cryptocurrencies listed on the exchange had been compromised.

In the announcement, Eterbase shared the wallet address to which the hackers initially routed the funds but withheld further details until its own investigation into the attack could be completed.

Why It Matters: With all the positive aspects that cryptocurrencies offer, attacks like this are a reminder of why cryptocurrency investments have yet to achieve complete mainstream acceptance. In order for cryptocurrency adoption to continue to expand, investors will need assurance that their value is secure, or at the very least can be retrieved in the case of a hack.

Read more in Coindesk here:

DeFi Permissionless Transaction Volume Hits $4.7B Daily, Creating Regulatory Risks

According to joint research published by BCG Platinion and, the USD value locked in DeFi has grown exponentially in 2020, creating potential new money laundering risks. According to CoinGecko, DeFi has locked up 37%—$15.7 billion USD—of Ethereum’s total market capitalization. Since DeFi protocols are designed to be permissionless, anyone in any country is able to access them without any regulatory compliance. As a result, DeFi can easily become a haven for money launderers.

“DeFi operates within areas that traditionally have significant oversight from governments and regulatory bodies around the world who wish to protect unknowing users from scams and high-risk products,” the report states. While the operations of these exchanges are decentralized, the scale of the governance decentralization varies greatly. For instance, Uniswap—located in San Francisco—has received venture investment capital from Andreessen Horowitz and Union Square Ventures.

According to the research paper, in order to meet growing global AML compliance requirements, it’s possible that “DeFi may become partially permissioned, using decentralised identity and address checking services to block certain users from its use.”

Why it Matters: Judging by the current regulatory trends of greater KYC and other compliance requirements such as the FATF Travel Rule, DeFi could eventually fall under the scope of global regulators as it grows in scale.

Dive deeper with this report from Boston Consulting Group and

Back To Top