Cryptocurrency Fraud: What to Know & How to Protect your Exchange

At SEON, we’re long-term cryptocurrency believers. This is why it pains us so much to see that our favorite platforms are constantly under attack from fraudsters. 

So we wanted to put together some ideas on how you can reduce crypto fraud at your company, especially by focusing on a transaction and user identification security.

Crypto Fraud and its Beginning

It’s been an up and down journey to date but it finally seems like crypto adoption is serious and the alternative payment method is here to stay but any new technology brings a level of risk and teething issues; crypto is no different.

Action Fraud, the UK’s national reporting center for fraud and cybercrime, saw cryptocurrency fraud reports increase by 116% between June 2020 and June 2021.

From market manipulation techniques such as pump-and-dumps to imposter websites and mining scams, since crypto transactions are irrevisable the chances of recovering any losses due to fraud are next to minimal.

The attractive nature of “getting rich quick” often creates a more pressured environment for investors, therefore people are acting more on impulse and not performing the right due diligence checks.

SEON itself was created after Tamas + Bence launched a crypto exchange that was attacked by cybercriminals!

Types of Crypto Fraud

Since cryptocurrency and blockchain are both new technologies, there are a variety of routes for fraudsters to initiate a form of cryptocurrency scam or conduct money laundering.

Some of the ways cybercriminals conduct cryptocurrency fraud include:

• Theft by hacking
• Initial Coin Offering (ICO) scams
• Pump and Dumps
• Ponzi schemes
• Impersonation scams
• Giveaway scams
• SIM swapping / hacking

What is Crypto Exchange Fraud?

There are a bunch of ways fraud can take place within the crypto space from scam ICOs, pump and dumps as well as market manipulation.

More specifically, crypto exchange fraud counts every attack designed to extort value from a cryptocurrency exchange through illegal means.

Most of the attacks happen when buying crypto, where fraudsters use stolen credit cards for payment and fake IDs to bypass the KYC checks.

According to the Better Business Bureau, cryptocurrency fraud scams are the second-worst for businesses in North America, averaging $300 in losses for customers. (And if you’re curious, fake job posts topped the list.)

32% of these scams involved the trade of cryptocurrencies for goods, services, or fiat currency. Meanwhile, 23.4 % had to do with the purchase of digital assets as purported investment opportunities.

How do Crypto Exchange Scams Work?

Crypto exchange fraud happens mostly at the stage where fiat is converted to crypto. Fraudsters use stolen credit card numbers to purchase cryptocurrencies, which triggers chargeback requests from the legitimate cardholer.

There is also the key issue of compliance for KYC and AML checks (Know Your Customer and Anti Money-Laundering). As crypto exchanges become increasingly regulated, fraudsters use stolen and fake IDs to bypass the checks in order to register to the platforms.

The Inherent Risks of Working With Cryptocurrency

Cryptocurrencies are some of the most attractive assets for fraudsters due to their nature:

• Digitized: these coins are entirely digital so fraudsters only need a computer and Internet access to break into wallets and platforms, either through hacking, phishing, or preinstalled malware.
  
• Decentralized: nobody controls cryptocurrencies, which means nobody wants responsibility when fraud happens. This makes it harder to enter a legal battle.
  
• Irreversible: A BTC or ETH transaction, for instance, can never be reversed. Fraudsters have zero incentives to refund anyone once they get paid.
  
• Anonymous / Pseudonymous: Unlike bank accounts, you don’t need personal data to receive crypto. Coins can be tracked, but fraudsters, tax evaders and money launderers still create multiple wallets or use tumblers to muddy up their trail.
  
• Complex: Cryptocurrencies are hard to understand, and tend to attract get-rich-quick scams. This opens the door to scams like fake coins, fake trading platforms, and Ponzi schemes.
  
• Volatile: not necessarily a magnet for cryptocurrency fraud, but it is a challenge, as users want to buy and sell as fast as possible.

Why Are Crypto Exchanges Under Attack?

So as we’ve seen, these coins trading places are inherently risky for consumers. But coin trading platforms have their own set of challenges, as it’s their job to:

• Onboard users safely
• Process fiat payments to buy crypto
• Secure storage and transactions

Starting with the last point, storage, it’s easy to see why anyone with bad intentions would want to get in. Like online banks and loan providers, exchanges are highly targeted by fraud criminals because they are the fastest way to access what is essentially digital cash. 

And the consequences of allowing bad users into your site, either as users or through backdoor hacking, can be disastrous. Just remember what bad security could do, as seen with the famous Mt. Gox incident, when the biggest exchange in the world at the time filed for bankruptcy after $473M worth of bitcoin was allegedly stolen by hackers.

Crypto Exchanges and Chargeback Scams

Cryptocurrency exchanges must be able to receive payments safely and fast, and without much support from acquirers. Strict rules set by MasterCard and Visa (who might rightly see cryptos as direct competitors) mean only a few acquirers can actually work with exchanges. 

In fact, the MCC (merchant classification codes) aren’t allowed by most acquirers. Those who still rely on them are essentially working without a safety net. They could lose their licenses for processing cards at any second, which doesn’t help grow a business with complete peace of mind. 

This opens the door to transaction fraud, where a stolen credit card number is used to purchase crypto, which in turn means higher chargeback rates.

All of the above means that exchanges do not benefit from any support when criminals are involved and the cardholders request chargebacks. This makes it even harder for exchanges to deal with fraudsters than traditional retailers, as they don’t have an official way to challenge the chargeback disputes.

Are Crypto Exchanges Safe?

For users, the answer is always to check the platform’s history. Maturity is important, and so is a history of hacking and data breaches. However, even the most secure cryptocurrency exchanges can’t protect users from phishing and social engineering attacks, so it pays to be smart about your login and authentication details.

Which is the Safest Crypto Exchange?

In terms of safety of use, all major platforms offer a secure process of KYC for crypto, and since data cannot be altered or removed on blockchain as all transactions are on public record which makes money laundering somewhat difficult.

Since crypto remains relatively unregulated, there is an argument that no exchange is “safe” however like any other investment, people should only get involved with the understanding their capital is at risk.

Arguably the safest exchange title could be given to Coinbase, one of the largest exchanges globally and is at least somewhat regulated in all the markets it operates in.

However it is worth noting that for example in the UK Coinbase complies with the FCA’s eMoney license, which is nothing directly linked to crypto regulation, more so focused on the fiat transactions.

Examples of Popular Secure Crypto Exchanges Sites

While the crypto landscape is constantly changing, at the time of writing the most popular crypto exchanges according to CoinMarketCap, are:

• Binance: founded in 2017 by Changing Zhao, a high-frequency trading software developer, Binance is now the largest exchange in the world in terms of trading volume. Its daily volume averages $30B.
• Coinbase: founded in 2012, Coinbase Global, simply known as Coinbase, is registered in America, but a fully remote operation. It is the most popular exchange in the US, with a global trading volume of $6.8B per day.
• Huobi: originally founded in China, Huobi is a key player in the APAC region with offices in Hong Kong, South Korea and Japan, but also the United States. It allows more than $6B to be traded on its platform daily.
• FTX: FTX Exchange is a cryptocurrency exchange that specialises in derivatives and leveraged products. It was founded in 2018 by former ETF trader Sam Bankman-Fried, and provides over 100 trading pairs.
• KuCoin: launched in September 2017, KuCOIN has grown into leading global crypto exchange, offering 400+ digital assets to 8M+ users.

3 Ways to Protect Your Crypto Exchange from Fraud

As we’ve seen, two key strategies to protect crypto exchanges involve focusing on payments, and ID verification.

Consider Alternative Payment Methods

While certain trading platforms partner with third-party solutions to take care of the fiat > coin problem, an easier solution for exchanges is to accept payments via bank transfer. They are sometimes reversible, and cheaper to process than card payments. 

However, this can also be problematic since transfers for trade can take days. The volatility of cryptocurrency prices means people want to buy (or sell) in real-time, at the current market rate.

So exchanges often find themselves hacking solutions to accept payments legally. In the US, for instance, Coinbase lets users pay by using Plaid, the fintech that powers Venmo. 

There are a couple of caveats with that method, however. Firstly, Plaid was recently acquired by Visa, which means it could become difficult for a bitcoin platform to keep using it. 

Secondly, there are a number of privacy issues, as you essentially connect your bank account by giving Plaid or Trustly your login details, and they then issue a transfer on your behalf for the trade. The fintech harvests your past bank data, de-identifies it, and shares it with other companies, which some users weren’t too happy about when they looked at the terms.

One silver lining: it is possible that the PSD2 directive, designed in part to allow direct payments users and companies, could cut out the middle man. It could allow users to transfer funds directly to exchanges faster, and more safely thanks to SCA, or strong customer authentication methods, possibly with lower fees.

In the meantime, it is worth looking at as many possible payment methods as possible, and weighing the pros and cons of each.

Improve ID-Proofing Without Adding Friction

Onboarding the wrong users is often what creates trouble down the line. If you can stop fraudsters from signing up, you are essentially protecting yourself in the long-run.

But there are a few more challenges here:

• Crypto users don’t like giving away personal data: it goes against the principles of crypto, both for anonymity and decentralization
  
• Too much friction sends users to the competition: the more security hurdles you create for fraudsters, the more likely you are to turn away legitimate users who become frustrated with the signup process.

This is why certain exchanges tend to make it easy to sign up, but it’s harder to buy and transfer your coins. Coinbase, for instance, does require ID verification to withdraw funds, which they claim makes them one of the more trustworthy platforms. 

At this stage, it’s also worth looking at the example of Revolut, the UK challenger bank. Their platform does allow you to purchase cryptocurrencies, but after ongoing a strong authentication process to create your initial account.

They is to create an invisible layer of security, which helps you mitigate risk without affecting user experience. Here is how it works with SEON:

Deploy Data Enrichment Tools

Data enrichment is the process of getting more info about your users, without asking them for it. We have a full guide on data enrichment here, but the key takeaway is that you can use the digital footprint to answer dozens of questions, such as:

• Is the user really in the location they say they are?
• Are they using emulators, VPNs or other suspicious methods for accessing the site that points t to crypto fraud?
• Does the email address use a disposable domain? Is it new?
• Has the user got social media accounts? Do they seem real?
• And a lot more…

At SEON, we provide data enrichment through various modules, which you can enable and disable at will. these include:

• Reverse email lookup: a powerful way to build a risk profile based on an email address only.
• Reverse phone lookup: a tool designed to not only verify if a number is legit or not, but also gather information about connected social media profiles, eSIMs and more.
• Reverse social media lookup: knowing if your customers have social media profiles can greatly help your manual review process, especially for KYC checks.
• Device fingerprinting: this tool allows you to understand how users connect to your platform, so that you may identify risky VPNS, proxies, and spot account takeover attempts.

In short, by using data enrichment, you can start getting a full picture of who users are – as soon as they land on your cryptocurrency exchange website. Only those who appear risky have to go through further authentication like ID check or selfie verification, which can be reviewed manually.

Solutions for Crypto Fraud Detection

The key to good crypto exchange fraud software is that it should help you improve security, while respecting cryptocurrency believers’ ideals of anonymity.

By relying mostly on users’ digital footprint and data enrichment to gauge risk, you can prevent fraudsters from entering your exchange, and monitor and prevent their operations at key points like transaction and withdrawal

In short, you can enable real-time, frictionless fraud prevention at any touchpoint with your users, to ensure your crypto exchange grows safely, and without wasting resources on kicking fraudsters out.

Frequently Asked Questions

You might also be interested in reading about:

• SEON: Fraudster – Anonymous T on Online Money Laundering
• SEON: Payment Fraud Prevention: How to Protect your Business
• SEON: Identity Verification and KYC for Cryptocurrency Exchanges

Learn more about:

Browser Fingerprinting | Device Fingerprinting | Fraud Detection API | Fraud Detection with Machine Learning & AI

Sources used for this article:

1. Coin Telegraph: The Mess That Was Mt. Gox: Four Years On
2. Coin Market Cap: Top Cryptocurrency Spot Exchanges
3. Binance: Buy & Sell Crypto
4. CNBC: Visa to acquire Plaid, the fintech powering Venmo and other banking apps, in $5.3 billion deal