Black market for ‘verified’ crypto trading accounts highlights KYC/ AML flaws in crypto space
By Vanessa Malone
This week a CoinDesk investigation shed light on a robust black market for “verified” accounts to be used on popular cryptocurrency exchanges like Coinbase Pro, Kraken Binance U.S.¹
The investigation found that criminals could browse Telegram or other internet forums and secure a ready-to-use account on a cryptocurrency exchange for as little as $150.
This isn’t on a small scale either. An operator for this type of “verified account service” told CoinDesk that they were producing around 1500 to 2000 synthetic verified accounts each month. These accounts are made using a combination of sensitive information hacked from real individuals and fake accounts that have passed through a cryptocurrency exchange’s KYC/AML checks.
The findings from CoinDesk’s investigation raises big questions about the current Know Your Customer “KYC” and anti-money-laundering ”AML” standards in place as well as the implications for upcoming regulation.
It’s clear that regulators have cryptocurrency markets and the greater blockchain space on their radar. The U.S. Department of Justice “DOJ”, Securities and Exchange Commission “SEC” and the Commodity Futures Trading Commission “CFTC” have all made announcements expressing their intent to bring more regulations and enforcement action to the crypto market.
On October 6, Deputy Attorney General Lisa Monaco announced the launch of the National Cryptocurrency Enforcement Team “NCET” to focus on the misuse of cryptocurrency. The NCET will focus on cryptocurrency exchanges, money laundering infrastructure providers, and other entities that may aid bad actors in utilizing cryptocurrency to commit crimes.
Recently SEC Chair Gary Gensler gave a speech before the Aspen Security Forum calling for more authority to police cryptocurrency trading, lending, and other blockchain trading platforms.²
“This asset class is rife with fraud, scams and abuse in certain applications. We need additional congressional authorities to prevent transactions, products and platforms from falling between regulatory cracks.”
— SEC Chair Gary Gensler
The CFTC has brought several enforcement actions surrounding price manipulation or Ponzi schemes involving cryptocurrencies. On September 28, 2021, the CFTC announced that it was levying a $1.25 million penalty against cryptocurrency exchange Kraken for failing to register as a futures commission merchant (“FCM”). This is one in a series of enforcement actions brought on cryptocurrency exchanges.
On January 1, 2021, Congress passed the Anti-Money Laundering Act of 2020 as part of the National Defense Authorization Act, with the biggest changes to the Bank Secrecy Act (BSA) in two decades. The AML Act also extends the scope of the BSA to crypto exchanges, maintaining that virtual currency businesses are money services businesses, and therefore, subject to BSA requirements.
New KYC/AML standards
Blockchain technology has proven to move much faster than regulation. As regulation catches up, forward-thinking exchanges and entities are going to have to make some changes to their current systems to maintain compliance.
Until recently many cryptocurrency exchanges didn’t require KYC/AML. Some still don’t require it for users, require just a light touch KYC check, or use a third party solution that could put sensitive information at risk.
Because KYC/AML regulation didn’t originally apply to these exchanges and entities, it was up to each individual organization to decide how in depth their processes would be.
There is also a careful line to consider as far as userfriendliness. As explained in CoinDesk’s investigation, the demand for synthetic accounts could also be coming from individuals in places where crypto trading is restricted or prohibited. This is something regulators would need to keep in mind as new KYC/AML requirements are added. If it becomes too complex, it could push more users to take this black market route in order to trade crypto.
When building Horizon’s KYC/AML technology, many of the above hurdles were addressed. We built our blockchain technology to comply and continually adapt to increasing regulatory demands.
For example on Upstream, a next generation stock exchange and trading app for digital securities powered by Horizon, KYC/AML is addressed in the onboarding process, keeping a streamlined check as users create an account.
KYC data submissions are kept in memory in an auto expiring cache. Data is never saved to a disk on our servers and never outsourced to third parties.
Further, to protect sensitive information, traders control their shares directly on their smartphones. Upstream never has access to a trader’s private key. Most cryptocurrency exchanges today are centralized, which means sensitive private key data is stored with the exchange. As mentioned in the CoinDesk investigation, it’s critical to keep sensitive information protected.
KYC technology on Upstream also requires all transactions to be biometrically verified, to ensure a trader is who they say they are throughout their trading journey.
As bad actors get more sophisticated, so do the companies in the digital asset spaces systems need to be. What CoinDesk’s investigation shows is that there needs to be some meaningful changes to help combat fraud.
Horizon is a fintech company that builds and powers global securities exchanges with an integrated suite of software for compliant issuance, management, and secondary trading of securities. Our in-house solutions combine Wall Street and Silicon Valley to power the next generation of securities offerings and trading in the U.S. and globally. Learn more at https://www.horizonfintex.com/.
Upstream, a MERJ Exchange Market, is a fully regulated global stock exchange for digital securities. Powered by Horizon’s proprietary matching engine technology, the exchange will enable investors to trade shares in IPOs, crowdfunded companies, US & Int’l. equities, SPACs and celebrity ventures directly from the app https://upstream.exchange. Interested issuers can reach the team at email@example.com.
THIS BLOG SHALL NOT CONSTITUTE AN OFFER TO SELL SECURITIES OR THE SOLICITATION OF AN OFFER TO BUY SECURITIES IN ANY JURISDICTION WHERE SUCH OFFER OR SOLICITATION IS NOT PERMITTED. US INVESTORS ARE NOT PERMITTED TO TRADE IN UPSTREAM LISTED SECURITIES.