Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Regtech in the era of intermediaries

312 views

Published on

Technology to help regulators and compliance departments has been in development and deployment for several decades. Why do some of the laws exist in the first place? And in the world of anarchic cryptocurrencies, what have market participants done to become compliant or non-compliant with laws surrounding identification and sanctions screening?

This presentation looks at coin intermediaries (commonly called cryptocurrency exchanges) and the various problems and challenges that have occurred over their existence. This includes hacks, insider thefts, exit scams, and facilitating money laundering.

This was first presented at Boston University on April 23, 2019. References are in the speaker notes.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Regtech in the era of intermediaries

  1. 1. Regtech What it is and why it is helpful
  2. 2. Disclaimer ● These slides contain names of specific companies. This is for illustrative purposes only and is not intended to be seen as an endorsement. ● The contents herein does not reflect the views or opinions of anyone else but myself. ● I am not a lawyer. 2
  3. 3. What, why, and who? 3
  4. 4. Common acronyms KYC - Know Your Customer AML - Anti-money Laundering Laws CFT - Countering Financing of Terrorism BSA - Bank Secrecy Act SAR - Suspicious Activity Report PII - Personally Identifiable Information FinCEN - Financial Crimes Enforcement Network 4
  5. 5. A (very) brief history of one example Most of the agencies, bureaus, and departments that monitor and enforce these types of laws, do so because of what has happened in the past For instance, following the terrorist attacks on September 11, 2001, a series of laws were enacted including the PATRIOT Act “Title III of the PATRIOT Act amended the BSA to require financial institutions to establish anti-money-laundering programs by establishing internal policies, procedures, and controls, designating compliance officers, providing ongoing employee training, testing their programs through independent audits.” 5
  6. 6. What does this have to do with cryptocurrencies? 6
  7. 7. Common catch phrases used by promoters “Not your keys, not your coins” “Trusted third parties are security holes” Yet in a given day, the majority of on-chain activity (~80%) is typically movement from one coin intermediary to another 7
  8. 8. 8
  9. 9. 9
  10. 10. Relevant but that’s four years old… … so let’s look at some recent headlines 10
  11. 11. 11
  12. 12. 12
  13. 13. A couple of specific addresses were added due to their role in facilitating the liquidation of bitcoins generated from the SamSam ransomware… … what does that mean for other users in a sanctioned country? 13
  14. 14. 14
  15. 15. Lightning Torch Ziya Sadr—a UK national from Wales—apparently “evaded” sanctions of Iran by using Lightning... and telling everyone on Twitter. Because we can see the unbroken transactions between Sadr and others, there has been speculation that someone may have violated AML/CTF requirements. That someone could even include infrastructure providers who acted as intermediaries (such as Twitter): - the Torch marketing campaign was conducted off-chain via Twitter which does have a ToS (is also prone to bot-driven manipulation campaigns) 15
  16. 16. Bitcoin and all of its clones— in theory— by design have the ability to route around third parties as well, Coinbase even got in trouble for pointing this out in a pitch deck in 2015 16
  17. 17. 17
  18. 18. 18
  19. 19. According to Chainalysis, last year: The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued guidance on cryptocurrencies earlier this year in response to the Petro token. FinCEN issued an advisory on the Iranian regime's illicit activities to exploit the financial system, including the deceptive use of digital currency to bypass sanctions. And in November, OFAC added cryptocurrency addresses linked to individuals to its Specially Designated Nationals (SDN) list for the first time, setting a new precedent requiring cryptocurrency businesses and financial institutions to be prepared to react swiftly to OFAC designations in the future. 19
  20. 20. Speaking of FinCEN... 20
  21. 21. 21
  22. 22. Powers traded ~$5 million bitcoin without filing a SAR or obtaining a MSB license 22
  23. 23. 23
  24. 24. After all these years, why’d LBC make this announcement? Allegedly, walls were closing in them, especially with their role in ransomware liquidation. 24
  25. 25. LBC replaced BTC-e? 25
  26. 26. What happened to BTC-e? 26
  27. 27. 27
  28. 28. Isn’t there adult supervision now? Nope, no widely used SRO (few members in the VCA) SRO: Self-regulating Organization VCA: Virtual Commodity Association 28
  29. 29. 29
  30. 30. And there is a double-edged sword when an un(der)regulated intermediary collects PII 30
  31. 31. 31
  32. 32. 32
  33. 33. 33
  34. 34. Then it turns out the still-living co-founder, Michael Patryn (Omar Dhanani), is an ex-con who got deported from the US for identity theft 34
  35. 35. 35
  36. 36. How many depositors at Quadriga? 92,000 depositors or 115,000 or 350,000... 36
  37. 37. Why do bitcoin holders still deposit their coins with intermediaries even though they know it is a security hazard? 37
  38. 38. A user on HitBTC partaking in self-incrimination... 38
  39. 39. 39
  40. 40. But special interest groups say that hacks are on the decline? Is that true? 40
  41. 41. 41
  42. 42. Okay, and what about tracing hacks? 42
  43. 43. Elementus tracked the CoinBene “hack” Note: CoinBene is alleged to have had ‘fake volume’ prior to large amounts of coins being converted into ETH on Etherdelta 43
  44. 44. 44
  45. 45. 45
  46. 46. Don’t worry, funds are safe… SAFU! 46
  47. 47. 47
  48. 48. 48
  49. 49. Briefly mentioned earlier… … ransomware aka ‘data kidnapping’ 49
  50. 50. 50
  51. 51. 51
  52. 52. According to Coveware The total cost of a ransomware attack can be divided into two main costs: ● First, the recovery cost: ○ These expenses cover forensic reviews and assistance in rebuilding servers and work-stations. If a ransom is paid, then that is also a recovery expense. ● The second, and often more expensive cost of a ransomware attack is the total cost of downtime: ○ Downtime costs are typically 5-10x the actual ransom amount and are measured in lost productivity (slack labor and lost revenue opportunities). 52
  53. 53. 53
  54. 54. ~98% of these payments were paid in bitcoin Remaining via dash or monero 54
  55. 55. What’s a specific example of ransomware? #WannaCry 55
  56. 56. 56
  57. 57. 57
  58. 58. 58
  59. 59. 59
  60. 60. Are you running infrastructure that is used to process proceeds of illicit activity? 60
  61. 61. 61
  62. 62. 62
  63. 63. Guess which US payment processor allegedly liquidated funds from the GRU? 63
  64. 64. 64
  65. 65. 65
  66. 66. 66
  67. 67. 67
  68. 68. Darknet markets (DNMs) 68
  69. 69. 69
  70. 70. Let’s turn back the clock a few years 70
  71. 71. 71
  72. 72. Evolution DNM The previous chart visualizes the time period between January 16, 2014 – March 18, 2015. The average number of transactions per day was 1,004 and average bitcoins per day was 562. However, as shown in the chart above it was not until the fall of 2014 that Evolution hit its stride. 72
  73. 73. 73
  74. 74. Evolution DNM and BitPay Another way of looking at that same trend is the comparison: a log scale measuring the amount of bitcoins that both BitPay (in green) and Evolution (in red) received starting January 16, 2014. The drop off at the end in March 2015 is related to the exit scam that Evolution underwent (and the drop off for BitPay is related to a limitation in WalletExplorer’s data). 74
  75. 75. 75
  76. 76. According to Soska and Christin 2015 In Figure 5 and the discussion involved, prior to Operation Olympus, six large dark net marketplaces collectively accounted for more than $600,000 in sales per day. It is unclear how much of that activity was expressly illegal, although the paper does attempt to break down the amount of illicit drugs being sold on the same sites. During the same time frame (most of 2014), volume at payment processors such as BitPay and Coinbase were relatively flat with a few outliers during days with speculative and media frenzies as well as ‘Bitcoin Black Friday.’ 76
  77. 77. That’s a few years old, what does it look like in April 2019? 77
  78. 78. 78
  79. 79. What other ways can transfers be visualized? 79
  80. 80. 80
  81. 81. ‘Backwards looking’ into 2015 According to Chainalysis, by hiding all the intermediate steps we can begin to learn how most of the Bitcoin ecosystem is put together (e.g., can it be split into sub systems?, is there a dark and a lit economy?, and what is bitcoin actually used for?). Legend: ● Blue: virtual currency exchanges ● Red: darknet markets ● Pink: coin mixers ● Green: mining pools ● Yellow: payment processors Altogether there are 14 major exchanges tracked in blue including (in alphabetical order): Bitfinex, Bitreserve (now Uphold), Bitstamp, BitVC (subsidiary of Huobi), BTCC (formerly BTC China), BTC-e, Circle, Coinbase (most), Huobi, itBit, Kraken, LocalBitcoins, OKCoin and Xapo. 81
  82. 82. Mt Gox from 2011-2014 (according to WizSec) 82
  83. 83. 83
  84. 84. 84
  85. 85. 85
  86. 86. The Craig Wright and David Kleinman estate claims 86
  87. 87. According to WizSec: 12hRmmSda9qSSEH656zBaKEbeisH6ZhdTm: ~335,000 BTC (exhibit 10) Claimed to be owned by Wright and supposedly used to lend Kleiman 50,000 BTC as part of a software development licensing and financing agreement. However, this is actually an internal MtGox address, descending directly from Mark Karpelès' famous 424,424.42424242 proof-of-solvency transaction in 2011 87
  88. 88. 88
  89. 89. WizSec cont’d: 12C9c9VQLMrLi4Ffzq2wDvwrKnUPaAaNFp: 250,000 BTC (exhibit 10) Same as above, claimed to be owned by Wright and supposedly used for a 250,000 BTC loan. However, this address actually belongs to original MtGox founder Jed McCaleb 89
  90. 90. 90
  91. 91. SIM swapping 91
  92. 92. 92
  93. 93. 93
  94. 94. Why are (anarchic) cryptocurrencies used? From NY Post: Crypto’s signature qualities appeal to privacy advocates and thieves alike. Theft, said Brian Krebs, owner of the cyber-news site KrebsOnSecurity, is “irreversible.” What you lose, he said, you can’t get back. 94
  95. 95. Real-time monitoring? 95
  96. 96. 96
  97. 97. 97
  98. 98. A (brief) anatomy of a hack The first 10 blocks that included transactions from the August 2016 Bitfinex hack were included in blocks by the following pools (listed chronologically): • BTCC Pool (mined the first block of the hack) • AntPool • ViaBTC • AntPool • BTCC Pool • BW Pool • Bitfury • ViaBTC • F2Pool • F2Pool 98
  99. 99. Sometimes service providers are a risk too 99
  100. 100. 100
  101. 101. 101
  102. 102. Jumio cont’d Why is this a big deal? According to one industry source: “These guys are huge, they’re in every crypto exchange. Sounds like a single point of failure. If you outsource your KYC on retail you might be getting dogsh*t. They probably just crawl a couple publicly available databases and perhaps do a query in a paid one like Lexis Nexis and that's it. Who would check anyway? KYC is risk-based so it's not like there's one true way of doing it.” 102
  103. 103. Didn’t even touch on: - ICOs / STOs - “stablecoins” that aren’t stable - Gambling / casino games (Satoshi Dice, POWH, FOMO3D) - PTK (ultimate comedy gold) 103
  104. 104. But we can turn these lemons into lemonade… … on the horizon is a socially useful invention 104
  105. 105. Central bank digital currency (CBDC) Note: there are many different proposals and models 105
  106. 106. 106
  107. 107. Questions / comments? tim@postoaklabs.com @ofnumbers 107

×