Cryptocurrency thieves earned at least $356 million in the first quarter of 2019, which could see the industry face a billion-dollar money laundering problem by year’s end.

Payments from US-based exchanges to offshore cryptocurrency wallets also increased 46 percent over the last two years, analytics firm CipherTrace reports with new research.

“Once these payments reach exchanges and wallets in other parts of the globe, they fall off the radar of US authorities,” said CiperTrace. “This highlights a major regulatory blind spot for the US.”

Five cryptocurrency exchanges hacked

Thieves stole $16 million from long-serving digital asset exchange Cryptopia in January. Singapore-based exchanges CoinBene and DragonEx lost a combined $46 million dollars worth of Ethereum-based tokens through attacks disclosed in March.

CoinBene is a particularly curious case. Following original reports, CoinBene’s parent company claimed user funds were 100-percent secure – and promised any potential victims would be compensated should that change.

CipherTrace investigated by checking CoinBene’s ‘hot wallets.’ It discovered $105 million in cryptocurrency had been sent to other platforms during the period of the alleged hack (March 25 to 28), mostly to embattled exchange EtherDelta.

Expected regulatory response to cryptocurrency thefts

“We can confirm that over $100 million has moved recently, but a portion came back to CoinBene’s cold wallet, so all of that movement was probably not stolen currency,” CipherTrace’s spokesperson told Hard Fork. “However, we have traced a significant portion moving through EtherDelta which we continue to monitor as part of CipherTrace’s ongoing investigation.”

South Korean exchange Bithumb was also rocked by third attack, when $13 million worth of EOS was lost in March. Later reports suspected a further $6 million in Ripple had also been taken. The company later described the event as an “accident involving insiders.”

Coinbin, another South Korean exchange, was forced into bankruptcy last quarter. Roughly $26 million had been lost, which it later blamed on an embezzling insider.

Crazy cryptocurrency conspiracies to bring regulatory tsunami

CipherTrace’s report tentatively categorized the $190 million QuadrigaCX mystery as theft, rather than an exit scam or exchange hack.

Researchers cited evidence provided by auditing firm Ernst & Young that showed curious holes in QuadrigaCX’s official story, including 14 ‘fake accounts’ used to trade large amounts of cryptocurrency on other exchanges.

“Ultimately, thieves and scam artists will need to launder the cryptocurrency stolen or scammed in Q1 2019,” warned researchers. “Furthermore, this will require innovative new ways to cash out, and turn all that tainted virtual money into clean, spendable fiat currencies.”

Analysts recognized 17 countries (plus the European Union) within jurisdiction of the Financial Stability Board that had at least some regulatory measures (or standard-setting bodies) to deal with digital assets.

CipherTrace emphasized cross-border, inter-exchange payments in traditional finance require money transfer services to keep five-year records of currency exchanges greater than $1,000. The same is expected for money transfers over $3,000.

Cryptocurrency businesses are not bound by the same rules. “The gaps in these regulations present risky avenues that can be exploited by money launderers and terrorist organizations,” said CipherTrace.

“Specifically, the money laundering potential of crypto-to-crypto exchanges and privacy coins are not well understood by lawmakers attempting to regulate digital assets based on the physics of fiat currency,” it added.

The firm warns a “tsunami” of tough, global anti-money laundering and counter-terror financing regulations will “roll over” the cryptocurrency ecosystem throughout the coming year in response.

Coincidentally, new rules for Finland came into play today, which essentially force the industry to adopt strict anti-money laundering rules.

Did you know? Hard Fork has its own stage at TNW2019, our tech conference in Amsterdam. Check it out.