FinCEN Alert: Why the Agency Is Sounding the Alarm

FinCEN, the U.S. Treasury’s financial crime unit, alerts on a sharp rise in illicit activity involving Convertible Virtual Currency (CVC) kiosks. These machines allow customers to deposit cash in exchange for digital assets like Bitcoin and were designed to increase access to crypto. However, the latest FinCEN warning suggests crypto ATMs have become tools for criminal exploitation and fraud.

The advisory directs banks, credit unions, and money service businesses (MSBs) to apply stricter scrutiny when servicing crypto ATM operators. This is especially critical when those operators are unaffiliated with major exchanges.

Criminal Syndicates and Scams Targeting the Vulnerable

According to FinCEN, they identified transnational crime syndicates and drug cartels increasingly using Bitcoin kiosk scams. These groups launder illicit cash through the kiosks by directing victims to deposit funds into preassigned crypto wallets.

Scams targeting elderly individuals and non-native English speakers have become widespread. Common tactics include impersonating officials, manipulating online relationships, or posing as tech support. In each case, the victim is told to withdraw cash and convert it into crypto at a local ATM.

This mix of money laundering tactics and social engineering has alarmed compliance teams across the banking industry.

>>> Read more: Cryptocurrency ATM Scams On The Rise

Crypto ATM Regulations and Red Flags Financial Institutions Must Monitor

FinCEN highlights that banking partners are not vetting crypto ATM operators thoroughly enough. The lack of cryptocurrency compliance, especially with KYC and transaction monitoring, creates a high risk of abuse.

Red flags listed in the advisory include:

• Use of third-party intermediaries
• Structuring transactions just below reporting thresholds
• Unusual clustering of ATMs with high-volume activity

The alert also urges financial institutions to examine relevant FinCEN reports for suspicious activity trends. It is important that institutions understand who owns and operates the crypto kiosks they serve.

The emergence of crypto ATM fraud as a systemic crime risk raises concerns because money laundering networks successfully exploit the fragmented oversight.

What Financial Institutions Need to Do Now

FinCEN reminds regulated institutions of their obligations under the Bank Secrecy Act. That includes implementing financial institution due diligence tailored to the risks posed by crypto kiosks. Extra scrutiny is expected for kiosk operators, particularly when business models appear opaque or inconsistent with known industry practices.

FinCEN also encourages institutions to review their suspicious activity reporting systems. This ensures that trends involving kiosk-based fraud aren’t overlooked.

A Regulatory Flashpoint for the Crypto Ecosystem

This alert is not just about kiosks. It reflects a broader concern about the weakest links in the crypto ecosystem. With billions in money laundering activity tied to these semi-anonymous crypto terminals, policymakers are likely to push for tighter crypto ATM regulations.

At the same time, enforcement pressure will rise on institutions that fail to respond. Crypto ATMs sit at the crossroads of cash and digital value. This hybrid nature challenges AML frameworks designed for one or the other—but not both.

>>> Read more: New Zealand Bans Crypto ATMs, Enforces $5K Transfer Cap

Conclusion: Crypto ATMs in the Crosshairs

The FinCEN alert marks a turning point in how regulators view crypto kiosks. These machines are no longer niche tools. They are now central to fraud schemes and money laundering operations. Institutions that look the other way could face enforcement actions, or worse, complicity in a multi-billion-dollar wave of crypto ATM fraud.

Closing compliance gaps and tightening oversight may still contain the growing risk of crypto ATM fraud before the next billion is lost.

The post Crypto Kiosks Tied to Cartels, Scams in $3.9B Laundering Surge, Says FinCEN appeared first on CrispyBull.

Understanding the Sonne Finance Hack

The Exploit

The Sonne Finance hack occurred on May 14, 2024, and resulted in the theft of $20 million worth of cryptocurrencies, including Wrapped Ether (WETH), Velo (VELO), soVELO, and Wrapped USDC (USDC.e). Web3 security firm Cyvers first detected the attack around 10:30 PM UTC. When Sonne Finance became aware of the situation 25 minutes later, the hacker had already drained the funds.

Method of Attack

The hacker exploited a well-known vulnerability in the Compound v2 forks used by Sonne Finance. This vulnerability involved manipulating the exchange rates between tokens through a “donation” attack. By donating large amounts of cryptocurrency, the attacker tricked the platform into believing it had more collateral than it did. This allowed them to siphon off funds undetected until it was too late.

Immediate Response and Damage Control

Pausing Operations

In response to the attack, Sonne Finance quickly paused all markets on the Optimism network to prevent further losses. The Base network, however, remained unaffected. This swift action prevented an additional $6.5 million from being stolen.

Recovery Efforts

Sonne Finance is exploring all possible options to recover the stolen funds. They offered a bug bounty to the hacker, promising not to pursue legal action if he returned the funds. Despite this, the hacker seems uninterested in negotiations. He already moved $7.8 million of the stolen assets to a new wallet address.

Implications for DeFi Security

Recurring Vulnerabilities

The Sonne Finance hack highlights a recurring issue within the DeFi ecosystem: the security of protocols built on inherited codebases. Compound v2 has been widely forked, and its vulnerabilities have been exploited multiple times. Previous attacks on platforms like Hundred Finance and Midas Capital followed similar patterns, underscoring the need for rigorous security measures.

Community Reaction

The DeFi community has expressed frustration and concern over the incident. Critics argue that Sonne Finance should have been more cautious, given the known risks associated with Compound v2 forks. Some even suggest that a deliberate backdoor facilitated the exploit.

Lessons Learned and Future Precautions

In light of the Sonne Finance hack, there are crucial lessons to be gleaned for both developers and users within the blockchain and cryptocurrency space. These lessons underscore the importance of proactive measures to enhance security and mitigate future risks.

Importance of Audits

Regular and comprehensive audits of smart contracts are paramount. Security firms should continuously review code to identify and rectify vulnerabilities before they can be exploited. By conducting thorough audits, developers can proactively address potential weaknesses and bolster the overall security of their protocols.

Strengthening Governance

Governance mechanisms and timelock implementations must be scrutinized and fortified. Protocols must ensure that governance proposals do not inadvertently introduce vulnerabilities. By implementing robust governance frameworks, developers can minimize the risk of malicious exploits and maintain the integrity of their platforms.

Enhancing Community Vigilance

The broader DeFi community must remain vigilant and proactive in identifying and addressing potential threats. Collaboration between projects, security firms, and users is essential for fostering a collective response to emerging risks. By sharing information and best practices, stakeholders can work together to strengthen the security of the ecosystem as a whole.

Robust Incident Response

DeFi protocols should have robust incident response plans in place to effectively manage security breaches. This includes clear procedures for halting operations, communicating with stakeholders, and initiating recovery efforts. By establishing comprehensive incident response protocols, developers can minimize the impact of security incidents and swiftly restore trust in their platforms.

The Sonne Finance hack is a stark reminder of the vulnerabilities that persist in the DeFi space. While the sector continues to innovate, security remains a paramount concern. By prioritizing security, enhancing governance mechanisms, and fostering a culture of continuous improvement, the industry can build a more resilient and secure decentralized financial system. As Sonne Finance works to recover from this setback, the lessons learned must guide future efforts to safeguard the burgeoning world of decentralized finance.

Read more: BlockTower Capital Hacked

The post Who Hacked Sonne Finance? Unraveling the $20 Million Heist appeared first on CrispyBull.

BlockTower Capital: A Target for Cybercrime

On May 15, BlockTower Capital, with $1.7 billion in assets under management, reported a major security breach. Fraudsters partially drained the firm’s primary hedge fund. The exact amount of stolen funds remains undisclosed. The attackers have yet to be captured and the stolen money recovered.

Immediate Response and Investigation

BlockTower Capital acted swiftly by engaging blockchain forensics analysts to investigate the breach. These experts aim to trace the stolen funds and identify the perpetrators. The firm also informed its limited partners about the incident, maintaining transparency despite the sensitive nature of the situation.

Past Security Challenges

This hack is not the first time BlockTower Capital has faced security issues. In February 2023, the firm lost $1.55 million worth of TrueFi tokens in a similar incident. Additionally, the company had to shut down a market-neutral crypto fund managing over $100 million due to dried-up investment opportunities.

Impact on the Cryptocurrency Industry

The BlockTower Capital hack is a stark reminder of the risks associated with digital assets. Despite advances in security measures, the crypto industry continues to be a target for cybercriminals. This incident adds to the list of significant breaches, including attacks on Sonne Finance, Mixin Network, and others.

Industry-Wide Concerns

In 2022, hackers stole $4 billion from various crypto projects, and while the total amount stolen in 2023 decreased to $2 billion, the frequency of attacks rose. Recent reports indicate a 65% reduction in hacking incidents as of April 2024, yet the financial losses remain significant. This trend highlights the need for continuous improvement in cybersecurity protocols.

Lessons Learned and Future Measures

BlockTower Capital’s experience serves as a crucial lesson for other firms in the industry. The incident emphasizes the importance of investing in advanced security infrastructure and maintaining vigilance against evolving cyber threats. Enhanced risk management strategies and proactive measures are essential to safeguard digital assets.

The hack on BlockTower Capital underscores the ongoing security challenges within the cryptocurrency sector. While the firm works to recover from this setback, the incident is a sobering reminder of the persisting vulnerabilities. Strengthening cybersecurity measures and fostering transparency are crucial steps towards a more secure and resilient digital asset ecosystem.

Read more: How North Korea Steals Crypto

The post BlockTower Capital Hacked appeared first on CrispyBull.

Genesis. Lawsuit Update

After investigation and legal proceedings over several months the New York Attorney General’s office recently settled with Genesis, a subsidiary of DCG. The settlement requires Genesis to cease operations in New York. This development takes place amidst increased scrutiny of the Gemini Earn program, which was a collaborative effort between Gemini and Genesis. However, with this settlement reached, the Attorney General’s office has expanded its lawsuit against Gemini, Genesis, and DCG. It presented additional evidence of investor losses exceeding $3 billion.

Fraud. Impact on Investors

The main focus of the lawsuit centers around claims that Gemini, Genesis, and DCG misled investors regarding the safety and profitability of the Gemini Earn program. Investors were promised returns on their cryptocurrency deposits but faced substantial losses when the program failed to deliver as promised. According to the Attorney general’s office, this alleged fraud affected over 230,000 investors. It demonstrates the far-reaching consequences of deceptive practices within the crypto industry.

Implications for the Cryptocurrency Community

The amended lawsuit and settlement with Genesis highlight a pressing need for increased regulatory oversight. Measures are needed to safeguard investors in the cryptocurrency market. As digital assets gain mainstream acceptance, regulatory authorities are intensifying their scrutiny of industry players. This is to ensure compliance with existing laws and regulations. The outcome of this lawsuit could establish a precedent for legal actions against companies operating in the crypto space. This would shape the regulatory landscape for years to come.

In conclusion, the updated lawsuit filed by the New York Attorney General against Gemini, Genesis, and DCG represents a pivotal moment in the ongoing legal battle surrounding alleged fraud within the cryptocurrency industry.
The Genesis settlement is a step towards holding people accountable. The expanded lawsuit emphasizes just how much investors have lost and why we need stronger regulations. As this legal situation continues, those involved in the community will be paying close attention to how it will impact the future of digital asset regulation.

Read more: Genesis Global Capital sues exchange platform Gemini

The post New York Attorney General Amends Lawsuit Against Gemini, Genesis and DCG appeared first on CrispyBull.

OKX’s Verification Policy and Procedures

OKX, a cryptocurrency exchange, requires users to complete the identity verification process to meet the Know Your Customer (KYC) requirements. This is done to ensure the safety of their accounts and assets. During the verification process, users must provide their personal information like name, nationality, date of birth, and address. Additionally, they must upload a photo or video of a government-issued ID and a selfie. OKX claims that it uses advanced technology and third-party service providers to verify the authenticity and validity of the documents and the identity of the users.

Cox found a way to bypass the verification process by using synthetic identities. Underground vendors create these identities by combining real and fake information, such as names, photos, and documents. He obtained these synthetic identities from illicit sellers, peddling them on internet forums and Telegram for as low as $150. He then used these identities to register and verify accounts on various crypto platforms, including OKX, Binance US, Kraken, and Coinbase Pro.

According to Cox’s experiment, OKX’s verification policy and procedures are insufficient in preventing identity fraud. The exchange becomes vulnerable to money laundering, terrorist financing, tax evasion, and other illicit activities facilitated through the use of fake or stolen identities.

Similar Cases of Identity Fraud on Crypto Platforms

OKX is not the only crypto platform exposed to identity fraud. CipherTrace, a blockchain analytics firm, conducted a study in 2020. It revealed that 56% of crypto exchanges have either weak KYC processes or no KYC measures in place at all. Additionally, a report from CoinDesk, a prominent media outlet for crypto news, showed a thriving black market for “verified” accounts on major exchanges such as Coinbase Pro and Binance US. Fraudsters create these accounts using other people’s identities or fabricated names.

Identity fraud cases in the crypto industry are a major concern. They erode the trust and confidence of users, investors, and regulators. Additionally, they leave platforms and their customers vulnerable to legal and financial liability and reputational damage in the event of fraud, theft, or hacking incidents.

Regulatory Impacts of Identity Fraud on Crypto Platforms

Identity fraud on crypto platforms is becoming more common, raising concerns among regulators. They worry about the harm this could cause to consumers and the financial system. To address this trend, regulators worldwide are working to establish rules and standards to govern crypto assets and their providers. The primary objective is to enhance transparency, accountability, and consumer protection.

Global Standards and Regional Regulations

In 2019, the Financial Action Task Force (FATF), an intergovernmental organization tasked with establishing worldwide standards to combat money laundering and terrorist financing, issued new guidance. These regulations require cryptocurrency platforms or virtual asset service providers (VASPs) to comply with the same KYC (Know Your Customer) and AML (Anti-Money Laundering) obligations as traditional financial institutions. This means that VASPs have to verify the identity of their customers and the origin of their funds. They are obliged to report any suspicious transactions to the authorities.

In 2018, the European Union introduced the Fifth Anti-Money Laundering Directive (AMLD5). It expanded the coverage of the existing AML regulations to include crypto platforms and custodian wallet providers. The directive mandates these entities to register with their national authorities. They must perform due diligence on their customers and collaborate with law enforcement agencies.

In 2019, the Financial Crimes Enforcement Network (FinCEN), a bureau of the Treasury Department in the United States, issued guidance to clarify that cryptocurrency platforms are bound to the same regulatory framework as money transmitters for enforcing Anti-Money Laundering (AML) laws. This implies that these platforms must register with FinCEN and implement AML programs. They must file currency transaction reports and suspicious activity reports to comply with the law.

Challenges and Opportunities for the Crypto Industry

Authorities implemented regulatory measures to create a secure and legal environment for crypto innovation while safeguarding the public interest and financial stability. Nevertheless, these measures can be a significant challenge and expense for crypto platforms, particularly those operating across various jurisdictions. Additionally, they may not be adequate to prevent or identify identity fraud. Some fraudsters may use advanced techniques or exploit regulatory loopholes or inconsistencies.

To ensure the security and compliance of crypto platforms, they must adopt more robust and effective verification methods and technologies such as biometric authentication, artificial intelligence, and blockchain analysis. Additionally, regulators must collaborate with one another, the industry, and civil society. They should develop and enforce harmonized and proportionate rules and standards for the crypto sector.

Read more: Crypto Crime 2023 – Chainalysis Report

The post How Easy Is It to Trade Crypto with a Fake ID? appeared first on CrispyBull.

Allegations of Preferential Transfers Shake the Crypto Realm

The legal complaint, filed on November 21, 2023, accuses Gemini of orchestrating withdrawals exceeding $689 million within the 90 days leading up to Genesis’ Chapter 11 bankruptcy proceedings. Genesis contends that these transactions were preferential and detrimental to the broader creditor base, further intensifying the ongoing legal battle within the cryptocurrency realm.

These allegations come at a time of significant market instability, persisting since 2022, and complicate the financial dynamics at play. Genesis Global Capital’s legal strategy aims to utilize provisions of the Bankruptcy Code to rectify what it perceives as an inequitable situation. The ultimate goal is to recover the withdrawn funds and restore balance among creditors.

Source: nypost.com

Navigating the Turbulent Waters of Cryptocurrency

The crypto sector, known for its inherent volatility, has become a focal point of increased regulatory scrutiny and legal challenges. Genesis Global Capital’s decision to pursue legal action against Gemini underscores the complexities within the industry, especially during times of heightened market uncertainty.

As values of cryptocurrencies continue to fluctuate, and regulatory bodies closely monitor the space, the Genesis-Gemini clash adds another layer of intrigue to an already dynamic landscape. Investors and industry observers find themselves grappling with the implications of preferential transfers in an ecosystem that prides itself on decentralization.

The Path Ahead: Balancing Act in Cryptocurrency Litigation

Genesis Global Capital’s legal move not only concentrates on the monetary aspect but also emphasizes the principles of fairness and equitable treatment in bankruptcy proceedings. As the case unfolds, the cryptocurrency community eagerly awaits the outcome that could potentially set a precedent for future legal disputes within the industry.

In the ever-evolving world of crypto exchanges, Bitcoin, and blockchain technology, legal battles like the one between Genesis and Gemini serve as a stark reminder of the challenges faced by participants in this burgeoning market. The $689 million lawsuit adds fuel to the ongoing debate about the need for regulatory frameworks and ethical considerations in the crypto space.

The post Genesis Global Capital Sues Exchange Platform Gemini in $689M Crypto Dispute appeared first on CrispyBull.