27 Aug Crypto-assets: What can go wrong
These new forms of assets have certainly caused disruption in the world of private wealth managers, as they are accessible for investors who no longer need to pay middlemen, and even small financial businesses can invest in them, often on behalf of richer clients and families. But, sometimes things go wrong!
The supposedly safe world of crypto currency has certainly been anything but for many people. There have been difficulties arising from initial coin offerings (ICO) that turned out to be hoaxes, exchanges have been hacked into and customer wallets emptied in the process. Those charged with regulating and inspecting this asset class have found it hard enough to understand and even harder to actually regulate effectively.
You may have noticed that the term used here is ‘asset’ and not currency. This is a considered description, as it has quickly become apparent that crypto-assets are not really currencies in their traditional sense, even if at first that is what they purported to be. They are not being used as a method of exchange, but as an asset class which can be traded -even at the risk of some significant volatility.
Cryptos disruption and investigation
As mentioned in the introduction, the disruptive element of crypto-assets is firstly that they can be accessed easily, and individuals, small businesses and even perhaps trusts may be investing in them, either for their own benefit or as agents for high net worth individuals. Indeed, it is now becoming clear that there are cases where ICOs are being used to raise capital, often secured from HNW clients in the first place.
When problems occur with such assets, the need for investigation arises. This may be conducted by the ICO companies, the exchanges concerned, those businesses which operate using payments in digital assets or a FinTech business itself. Specialised investigative companies also conduct investigations on behalf of receivers or sometimes the courts, and these can involve trying to trace and investigate transactions involving crypto-assets. As these investigations take place, new ideas and discoveries are certainly coming to light.
The initial challenge for investigators is to identify and try to take some control of the assets involved. Individuals, families and businesses hold these assets in e-wallets that have private keys and are heavily encrypted. Being able to gain entry into these wallets and then exercise control over them at an early stage in the investigation is often very difficult but nonetheless essential. When fraud is involved the challenge is heightened.
As a result of the construction of these crypto-assets, through blockchain, once operators have managed to gain access, it is possible to reconstruct the flow of funds through the chain. Tracing the transactions from their beginning through each subsequent activity can be achieved through the permanent incontrovertible and exact record kept by the technology. Blockchain also means that recordkeeping that is fraudulent and any public wrongdoing which has been carried out are noticeable. With the appropriate IT resources, internal books and records can be cross-checked against the chain and it is possible to identify transactions that have been recorded internally but are not in the blockchain. Fraud can therefore be quantified and measured.
Sheltered banks, it seems, do not maintain e-wallets on behalf of their clients and many security-minded individuals and agencies simply keep their wallets offline and therefore inaccessible. Offline Bitcoin reserves are held in secure locations in Switzerland, where millionaire and family offices are able to maintain their extensive resource of crypto-assets hidden from view. Equally secretive are those HNWs and others who keep their assets in crypto-exchanges.
When such assets are not held in secretive bunkers, they can become a major point of focus for criminals. By obtaining the correct key, anyone can access the e-wallet, ascertaining how much it contains and potentially removing the funds. Typically, the owner of the fund does not find out that there is anything suspicious going on until they are blocked from accessing their wallet or find that everything has been removed from it. It may even be the case that members of family offices have turned criminal and are involved in the process too.
Using a range of IT forensic processes, one company discovered unusual patterns of activity on a series of accounts. By analysing the form of this activity and relating it to the wider customer base on an exchange it was possible to link the seemingly unrelated and unusual incidents together and then perceive that their was a connected between the all the attacks. Clues derived from IP addresses and the like were linked to find out that a ‘test’ account had been established and used to find out the level of defences that an exchange possessed. From this point it was easy to target other accounts.
The real world links
By leaving the digital world behind us it is sometimes possible to find real people and trace real issues. The European Union reported that the exchange investigated had conducted the process of CDD, customer due diligence, by drawing together information about its customer. However, a further independent investigation revealed that the individual had connections with various people who had previous convictions for organised criminal offences and was also known by one of the customers of the exchange who had had their accounts ‘hacked into’.
By pursuing the idea that there were real concerns, it was then possible to uncover some facts and trace the movement of money through the crypto-assets into a range of other accounts and then see them dispersed further. Using the particular features of blockchain, it was possible to find out where the funds had been sent and to gain access to the tracing data by issuing a ‘Norwich Pharmacal Order’ rather than asking a civil court to compel the financial institution to disclose information.
Going ex parte
Using the civil court to grant a Norwich Pharmacal Order to investigators means that if they are considering legal proceedings against someone and there is a third party with information that may help, a civil disclosure order may be granted to allow access to a bank, social media platform, internet service provider or possibly a telecoms provider. Investigators typically go ex parte, meaning that a motion, hearing or order is granted for the benefit of one party only, going against the basic rule of most courts that both parties should be present in any argument and be party to all information. In addition to this order, investigators can ask for a gagging order to prevent the organisation where the information source is based from informing the customer under investigation about the request.
Just as in the real world of crime, criminals in the virtual, crypto world help each other with professional services such as money laundering. In the process described above, criminals will channel crypto-assets through ‘mixers’ to launder it. Where there are effective regulators operating in a country, it is possible to recover funds, although many of the issues that face normal investigators in the global banking system are also apparent here. Where the regime is much weaker, it is extremely difficult to recover all of the funds, as they will generally have been converted into traditional currency and fanned out to other locations through payment processors. These payment processors link e-commerce businesses with the normal banking system. PayPal is an example of this, in that it connects the payment process with an account belonging to the vendor.
Blockchain, just like any other technology, can work for good and bad. When there is a weakness in the regulatory system of a financial market, criminals will find it and use it to their own ends, and this is undoubtedly the case with the crypto-environment. There is a growing awareness of the risks in this segment, both on behalf of financial organisations and those enforcing the law and this probably explains why governments are reticent to move ahead too rapidly in allowing crypto-systems to become part of everyday life. The understanding of the mechanisms involved and the potential for criminal activity are still at an early stage, but there is certainly evidence of growing successes in this important area.
EIMF offers a variety of training activities for individuals and businesses that want to be educated and become certified in Blockchain. Amongst EIMF’s specialised portfolio of training courses, professionals will appreciate the value that has been added in the region with EIMF’s exclusive partnership with the Blockchain Training Alliance (BTA). Their joint know-how allows EIMF’s regional associates to obtain online the below prestigious and recognised Certifications:
- Certified Blockchain Business Foundations (CBBF)
- Certified Blockchain Solutions Architect (CBSA)
- Certified Blockchain Developer – Ethereum (CBDE)
- Certified Blockchain Developer – Hyperledger Fabric (CBDH)
- Certified Blockchain Security Professional (CBSP)
- Hyperledger Fabric v1.4: Architecting, Designing and Deploying a Network
- Emerging Technologies
- Corda Distributed Ledger Architecture
- Data Science and Blockchain
- Blockchain for Healthcare
Furthermore, EIMF will be offering classroom-led training activities in various subjects on Blockchain. For additional details on EIMF’s Blockchain professional education, please view our calendar of scheduled educational programmes found here, or speak with an expert learning and development adviser at EIMF at +357-22274470 or firstname.lastname@example.org.