,

Crypto crime and punishment: The basics of blockchain compliance

With more businesses interested in blockchain and crypto-enabled solutions, focusing on security is paramount.

On the Converge podcast, learn how AI management is affecting the C-suite.

As blockchain technology and digital currencies fuel cross-border payments around the world, the burgeoning industry is looking to 2025 with optimism. However, many challenges remain for digital transactions, including a lack of regulations and bad actors.

Ari Redbord — an expert at protecting blockchain systems — from TRM Labs joins the Converge podcast to discuss the evolving cryptocurrency landscape, illicit activities in the crypto space and the regulatory framework surrounding digital assets.

Understanding crypto crime

Redbord’s professional journey to the top of this space started within the US government, where he worked at federal agencies preventing financial crimes, often with an international scope.

“The promise of cryptocurrencies is cross-border value transfer at the speed of the internet. We can now send funds faster and in larger amounts than ever before,” Redbord says with a warning. “Who else likes to send large amounts of funds at the speed of the internet? Bad actors.”

In November 2024, the global cryptocurrency market cap was $3.36 trillion, and cryptocurrency exchanges are a major target for hackers. While distributed ledger technology (DLT) — fundamental to digital currency blockchain’s security — offers tamper-proof capabilities, it also presents vulnerabilities that require robust security measures to protect against cyberattacks.

As the digital currency landscape evolves, so do the methods employed by bad actors. Understanding the nature of crypto crime is essential for anyone involved in the blockchain ecosystem or fintech.

What is crypto crime?

Crypto crime is using digital assets, such as cryptocurrencies and other blockchain-based assets, to facilitate illicit activities. These activities can range from money laundering and terrorist financing to various forms of financial fraud.

The decentralized and often anonymous nature of blockchain networks makes them attractive to criminals looking to exploit these features for illegal purposes. Whether through hacking, phishing attacks or other cyber threats, the misuse of digital assets poses a significant challenge to the integrity of blockchain systems.

Types of crypto crime

Crypto crime manifests in a variety of ways, each with its own set of tactics and consequences:

  • Hacking and phishing attacks: Cybercriminals often use malware or sophisticated phishing schemes to steal blockchain users’ sensitive information, such as private keys or login credentials. These attacks can lead to unauthorized access to digital assets, resulting in significant financial losses.
  • Money laundering: Digital assets can be used to launder money, making it difficult for authorities to trace the origins of illicit funds. This type of crime undermines the financial system’s integrity and can facilitate other illegal activities.
  • Terrorist financing: Terrorist organizations may use digital assets to fund their operations, taking advantage of the speed and anonymity offered by blockchain networks.
  • Ransomware attacks: In these attacks, malware is used to encrypt sensitive data, with attackers demanding payment in digital assets for the decryption key. This disrupts operations and places a significant financial burden on the victims.
  • Smart contract exploits: Vulnerabilities in smart contracts can be exploited to steal digital assets or disrupt the functioning of the blockchain network. These exploits highlight the importance of rigorous security measures in smart contract development.
  • Sybil attacks: Malicious attackers create multiple fake identities (or blockchain network nodes) to gain control over a system and manipulate it to their benefit. Similarly to smart contracts, such attacks compromise the blockchain network’s finality and trustworthiness.
  • 51% attacks: A blockchain network’s mining power is significant in the context of 51% attacks, where a miner or group controls the majority of the network’s mining capabilities. This can lead to double spending and potential fraud, highlighting the importance of security in public versus private blockchains.

In focus: Malicious attacks on blockchain networks

So how safe is our money when it travels through cyberspace? Very safe, Redbord says, but there are grave risks to complacent businesses and governments.

One significant threat to blockchain networks is routing attacks, where attackers can intercept data and manipulate consensus processes to disrupt transactions. These attacks can involve man-in-the-middle tactics and lead to denial-of-service outcomes. To mitigate these risks, strong encryption and network monitoring are essential countermeasures.

“We put out a report last year that said about 0.6% of all activity within the crypto ecosystem is illicit, meaning the vast, vast majority is lawful activity,” he says. “But we still have to work to stop that illicit activity because some of it is very, very serious.”

About $12 billion was lost in scams last year. “Those are real people losing real money and is a huge problem,” Redbord adds.

He notes that North Korea stole almost $4 billion over the past five or six years, which could fund weapons or other global threats.

Protecting digital assets

In the face of these threats, protecting digital assets becomes paramount. Implementing robust security measures can help safeguard these assets and ensure the integrity of the blockchain network.

Competing governments, terrorist organizations and international criminal groups rely on the speed and transparency of blockchain networks to strike where assets are most vulnerable. In 2023, for example, criminals handled over $34 billion worth of cryptocurrencies. Redbord’s work with TRM Labs has been very effective at stopping such bad actors, either by preventing the initial attack or by reclaiming the stolen assets.

“If there’s a ransomware payment, the FBI or law enforcement uses us to track and trace those funds hopefully to seize them back,” Redbord says.

What are digital assets?

Digital assets are representations of value in digital form, encompassing a wide range of instruments such as cryptocurrencies, stablecoins and central bank digital currencies. These assets can function as money, securities, commodities or derivatives and are traded across various platforms, including centralized and decentralized finance platforms, as well as peer-to-peer networks.

Blockchain security risk management

Efforts to protect cross-border payments shouldn’t only be reactive to an attack. Redbord strongly encourages fintechs to build their systems with security and compliance in mind.

Establishing a robust blockchain risk management strategy is crucial to mitigate new and evolving risks in blockchain technology.

“If we’re going to enable faster, cheaper payments at the speed of the internet, compliance [and] anti-financial crime [should be] foundational infrastructure,” he says.

Many fintech startups adopt this philosophy but often struggle to maintain strict controls during the growth stages. Skimping on blockchain security, he warns, is a big mistake that will lead to much bigger problems in the long run.

Blockchain identity and access management

Private blockchains — the blockchain of choice for many financial institutions — allow for controlled access, transaction visibility and simpler consensus mechanisms. Unlike anonymous public blockchains, private blockchains require robust identity and access management (IAM) solutions to ensure that only authorized users can access and interact with the network.

More broadly, implementing IAM systems is a crucial security step for financial institutions interested in blockchain technologies. They control access to private blockchain networks by defining user permissions and preventing unauthorized access, which helps safeguard private keys and maintain the integrity of the blockchain ledger.

Stopping crypto crime with crypto compliance

Established fintechs and other companies that utilize digital transactions can use cybersecurity guardrails and partners like TRM Labs as a security and compliance solution.

“We work with the leading fintechs out there to do crypto compliance, to make sure when they are engaging with digital assets, they’re not engaging with terror financiers and ransomware actors and other scammers,” Redbord says. “They want to make sure that bad actors are off their platforms.”

Fortunately, there are tools available to keep transactions safe, and through more innovation and standardization the industry will continue to get better at it, Redbord explains.

“It’s a real issue, but any emerging technology is adopted pretty early by bad actors,” he adds.

Regulating digital assets

Crucially, though, blockchain technologies should be made safer for governments, businesses and investors through regulatory clarity. In the EU, the Markets in Crypto-Assets Regulation (MiCA) is a new regulatory framework for digital assets. Its key provisions cover transparency, disclosure, authorization and supervision of blockchain transactions, covering those issuing and trading crypto assets.

“MiCA is an incredible start to really building a comprehensive framework for digital assets, particularly stablecoins,” Redbord says. “Investors, regulators and policymakers believe that MiCA is a business advantage for Europe today — companies are coming in, they’re building there, […] because there’s regulatory clarity for anti-money laundering, financial crime, compliance and so on.”

Financial transactions redefined

Enterprise-scale financial institutions such as banks, investment funds and insurance companies have traditionally been very protective of their capital — and those efforts need to be renewed for the fintech era.

“Large financial institutions are some of the most conservative businesses in the world,” Redbord explains. “And for them to really lean into this space, it’s going to have to be safe. It’s going to have to be secure, and it’s going to have to be regulated.”

Tactically, there needs to be alignment with emerging technologies, which some financial institutions have been slow to adopt. Redbord adds that the modernization of finance has presented more solutions than risks and that it’s just a matter of prioritizing safety.

“If you’re going to issue any asset today on a blockchain, you need to make sure that you do it safely, securely so it doesn’t get into hands of terrorist financiers and other bad actors,” Redbord says. “If you want crypto to grow and flourish and more blockchains, more assets, we have to stop these bad guys, because no one is going to put their funds on a bridge, on a protocol in an exchange, if they think it’s going to get jacked by North Korea the second they do.”

Want more insights on the topics shaping the future of cross-border payments? Tune in to Converge, with new episodes every Wednesday.

Plus,register for the Daily Market Update to get the latest currency news and FX analysis from our experts directly to your inbox.

Related Articles

Read article: November economic sanctions and trade restrictions update

November economic sanctions and trade restrictions update

From enhanced guidance for Financial Institutions, to an updated Maritime Oil Industry Advisory, uncover the latest sanctions announcements.
December 10, 2024
Read article: Navigating the ISO 20022 transformation

Navigating the ISO 20022 transformation

ISO 20022 adoption is revolutionizing financial messaging, enhancing data quality, transparency, and efficiency. Is your financial institution ready for this transformative shift?
November 19, 2024
Read article: Supporting a sustainable society through ethical finance

Supporting a sustainable society through ethical finance

Algbra and a new app, Shoal, offer a solution to accelerate financial inclusion and ethical investing.
November 6, 2024

Get the latest currency and FX news

Subscribe to receive monthly insights, daily reports, and more — empowering you to navigate global commerce and FX strategy.