NEW YORK (Reuters) - Criminals have stolen about $1.2 billion in cryptocurrencies since the beginning of 2017, as bitcoin’s popularity and the emergence of more than 1,500 digital tokens have put the spotlight on the unregulated sector, according to estimates from the Anti-Phishing Working Group released on Thursday.

Representations of the Ripple, Bitcoin, Etherum and Litecoin virtual currencies are seen on a PC motherboard in this illustration picture, February 13, 2018. REUTERS/Dado Ruvic/Illustration

The estimates were part of the non-profit group’s research on cryptocurrency and include reported and unreported theft.

“One problem that we’re seeing in addition to the criminal activity like drug trafficking and money laundering using cryptocurrencies is the theft of these tokens by bad guys,” Dave Jevans, chief executive officer of cryptocurrency security firm CipherTrace, told Reuters in an interview.

Jevans is also chairman of APWG.

Of the $1.2 billion, Jevans estimates that only about 20 percent or less has been recovered, noting that global law enforcement agencies have their hands full tracking down these criminals.

Their investigations of criminal activity will likely take a step back with the European Union’s new General Data Protection Regulation, which takes effect on Friday.

“GDPR will negatively impact the overall security of the internet and will also inadvertently aid cybercriminals,” said Jevans. “By restricting access to critical information, the new law will significantly hinder investigations into cybercrime, cryptocurrency theft, phishing, ransomware, malware, fraud and crypto-jacking,” he added.

GDPR, which passed in 2016, aims to simplify and consolidate rules that companies need to follow in order to protect their data and to return control of personal information to EU citizens and residents.

The implementation of GDPR means that most European domain data in WHOIS, the internet’s database of record, will no longer be published publicly after May 25. WHOIS contains the names, addresses and email addresses of those who register domain names for websites.

WHOIS data is a fundamental resource for investigators and law enforcement officials who work to prevent thefts, Jevans said.

He noted that WHOIS data is crucial in performing investigations that allow for the recovery of stolen funds, identifying the persons involved and providing vital information for law enforcement to arrest and prosecute criminals.

“So what we’re going to see is that not only the European market goes dark for all of us; so all the bad guys will flow to Europe because you can actually access the world from Europe and there’s no way you can get the data anymore,” Jevans said.