Most digital exchanges are unregulated and therefore unqualified to safely process cryptocurrency transactions. They don’t employ necessary know-your-customer (KYC) tactics, and roughly $1 billion in digital asset funds have been stolen since the start of 2018.

These are the unsettling claims made by a new report released by blockchain and virtual currency forensics firm CipherTrace.

The most popular target currency still appears to be bitcoin, and one of the document’s key findings is that roughly 97 percent of bitcoin used in illegal transactions or that stem from criminal activity are sent to unregulated digital exchanges that enforce weak anti-money laundering (AML) tactics. An exchange is considered lacking in AML mechanisms if it does not regulate illegal drug dealing, maintain records over time, report suspicious or large transactions, or enforce KYC regulations, the report details.

In addition, nearly 5 percent of all bitcoins received by unregulated exchanges come from criminal transactions, and some of the world’s top exchanges have laundered as much as $2.5 billion in BTC.

To uncover these findings, researchers at CipherTrace examined over 45 million cryptocurrency transactions through roughly 20 of the world’s largest and most dominant exchanges. A transaction was marked as “criminal” if it came from a dark market website or through means of extortion, ransomware, malware or terrorist financing.

To fully comprehend the damage, the authors also examined crypto funds reported stolen in 2017 to see if the last nine months have been more devastating. According to the report, over $900 million of the more than $1 billion reported stolen in 2018 was taken in just the first three quarters of this year, meaning that the amount of theft has more than tripled since last year.

However, most of these losses can ultimately be blamed on the massive Coincheck hack that took place in January. That one theft was large enough to account for more than half of the reported losses in CipherTrace’s study. Other major hacks that occurred throughout 2018 include those on South Korean exchanges Bithumb ($30 million) and Coinrail ($40 million), as well as Japan-based Zaif ($60 million).

While the document discusses several methods of crypto theft, the most common one appears to be phishing, in which mass, customized extortion occurs through email and other electronic means to garner cryptocurrency-based ransoms. Other common methods include advanced malware and targeting employees of cryptocurrency exchanges directly.

The report also mentions SIM swapping. Though the report indicates that this is still a relatively new method of theft, SIM swapping is an insidious process by which a victim’s phone number is transferred to a thief’s SIM card. The thief then uses the number to change passwords and access the victim’s accounts.

Researchers also mention many of the regulatory actions taken against crypto-hackers, many of which have occurred in the third quarter. Among the most prominent are AMLD 5, which was passed by the European Commission on July 9, 2018. The new ruling states that by January 20, 2020, all AML and counter terrorism funding (CTF) laws presently applied to banks and traditional financial institutions will also apply to digital currency platforms. AMLD 5 also enforces identity checks for every new customer.

In addition, the Financial Action Task Force (FATF) is looking to apply all its present standards designed for traditional monetary establishments to virtual currencies by the end of June 2019. It is also seeking to ensure these standards are implemented in every nation. Currently, there are several countries that the FATF classifies as “rogue states,” or regions that deny compatibility with FATF goals and refuse to cooperate. These include Syria, Pakistan, Iran, Tunisia and Yemen among others.

However, the authors do take note of several countries working to instill appropriate regulation of virtual currencies and blockchain businesses. Two that really stand out are Malta and Canada, the former having established several licensing requirements for initial coin offerings (ICOs) and similar funding ventures scheduled to go into full effect on November 1.

Canada is also seeking to bring crypto regulation to new heights by requiring payment processors and digital currency exchanges be treated as money service businesses (MSBs). This will require stronger KYC rules for all crypto-related business. Should this law pass, it will go into effect in late 2019.

To view the full report, click here.



