Request Demo

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Key Considerations for Crypto fraud detection and risk mitigation in APAC Region

Join the Merkleverse

Cryptocurrency is becoming a key pillar of our financial ecosystem. The growth is visible as more traders and investors are adopting digital assets as the means of investment, payments and value transfers. However, the surge in the crypto industry’s growth has also garnered the interest of bad actors leading to a rise of attacks in the space. One report state that since the start of 2021, over 46,000 people have lost close to $1 Billion in crypto scams. Although some established hedge funds and institutional investors are offering their custodian services for seamless execution of crypto transactions, this in itself is not enough to safeguard the rights of investors. Therefore, the need for robust and efficient cryptocurrency analytics tools that can investigate and track crypto transactions is crucial. This write-up will draw your attention to some key parameters that enable the mitigation and detection of crypto-related risks risk by successfully detecting crypto frauds.

External and Internal Variances of Crypto Risks in Asia-Pacific

Asia-Pacific is the favorite region for digital innovation, with a significant cryptocurrency adoption rate among investors. According to a report by the Global State of Crypto, the Asia-Pacific region has one of the highest crypto adoption rates with Indonesia (41%) ranked number one, and Singapore (30%) and Hong Kong (24%) in the top ten. As a result, various cryptocurrency exchanges based in the Asia-Pacific region can’t handle enormous volumes of crypto and have therefore been targeted by illicit actors including hackers and scammers. These crypto exchanges serve as intermediaries between a buyer and a seller to make money through transaction fees and commissions. Therefore, they draw the focus of hackers. However, in recent times, there has been a huge spike in DeFi crimes in the crypto industry. According to the FBI, DeFi platforms contributed to 30% of crypto thefts.

Other than the external threats, insider threats are also posing a risk to the security of the crypto exchanges. Their risks go beyond external to internal, where investors or traders face potential risks from employees or other insiders. These insiders or employees can exploit flaws or gaps in internal security controls by misappropriating the handling of digital assets . To be truthful, such risks are more vulnerable where access to private keys associated with these tokens is assigned to one or a few individuals.

Asia Pacific Markets' Risk Exposure with Frauds 

Crypto investors and traders are also exposed to several common digital asset  frauds.
 On January 17th 2022, a hacker disabled the two-factor authentication on the Singaporean crypto platform and siphoned off $35 million. In another example, a China-based organization perpetuated a comparable scam that resulted in the misappropriation of cryptocurrency worth an estimated amount of US$1 billion. 

Therefore, manipulation of crypto prices is another kind of fraud that puts the integrity of the crypto market at stake. In one such case, a regressive campaign of manipulative trading activities was started through a Hong Kong-headquartered exchange. This exchange drew allegations for inducing at least half of the increase in the price of Bitcoin and other major cryptocurrencies over the course of 2017.

Crypto investors and traders are also exposed to several common digital asset  frauds.
 On January 17th 2022, a hacker disabled the two-factor authentication on the Singaporean crypto platform and siphoned off $35 million. In another example, a China-based organization perpetuated a comparable scam that resulted in the misappropriation of cryptocurrency worth an estimated amount of US$1 billion. 

Therefore, manipulation of crypto prices is another kind of fraud that puts the integrity of the crypto market at stake. In one such case, a regressive campaign of manipulative trading activities was started through a Hong Kong-headquartered exchange. This exchange drew allegations for inducing at least half of the increase in the price of Bitcoin and other major cryptocurrencies over the course of 2017.

Types of Price Manipulations Noticed During Crypto Investigation  

There are four types of major market manipulations. 

Pump and Dump
This malpractice mostly targets low market cap coins, which are available on limited exchanges. A group of insiders or traders buy an underlined coin early and dump it the moment it gathers enough attention from traders and investors to buy orders. But the crypto currency's market price falls flat immediately after the initial profit booking. This happens because the inflated levels result from inadequate support levels. In recent times, with the presence of social media, this tactic has become quite easy for manipulators. We are sure that even you might have received such Bitcoin-related insights on Reddit, Telegram and Discord communities. 

Whale Wall Spoofing 
Spoofing is another common fraudulent practice that is used at less regulated crypto exchanges. Manipulators place several sales and purchase transaction orders for cryptocurrencies but with no execution tendency. Such orders push wrong demand and supply signals into the market. For instance, if manipulators want to drive bearish sentiments, they drive the price down by putting more fake selling orders. This action trick retail investors into panic selling mode and once the selloff occurs, the manipulators remove their sell orders and proceed to buy at discounted levels.

Wash Trading 
Wash trading is just like spoofing, as both feed misleading information to the market. This strategy inflates volumes artificially. A group of traders rapidly start pushing buying and selling orders and creates a demand illusion in the market that distorts the price further. Smaller and unregulated exchanges typically become victims of wash trades quickly and inflate trading volume, generate more commission and entice more users.

Stop Hunting
This manipulation forces several market investors to leave their positions. A group of market manipulators executes multiple sell orders to drive the price down and trigger the stops. This causes volatility in the coin's price and creates an opportunity to re-buy the asset at a lower price.

All the above fraudulent techniques are aimed at influencing the price by exploiting the demand and supply conditions, which creates profit booking and better buying conditions for manipulators.

The Relevance of Regulatory Frameworks in Asia-Pacific  

The trust factor of crypto investors gets affected in tandem with manipulative activities. Therefore, market regulators of the Asia-Pacific region are in favor of implementing and expanding the framework for licensing and regulating crypto security companies. These regulatory frameworks will track crypto transactions, digital asset exchanges and wallet providers and safeguard the rights of investors.

Regulatory frameworks can complement the longstanding securities regimes that may apply to some issuances of digital assets, for example, those undertaken for fund-raising purposes, such as initial coin offerings or digital equity or debt issuances. These regulatory developments intend to align under the guidance issued by the Financial Action Task Force in 2019 on Anti-Money-Laundering and Countering-the-Financing-of-Terrorism (AML/CFT) standards for virtual (Digital) asset service providers.

These regulatory frameworks require service providers, like crypto securities companies, exchanges and wallet providers, to implement effective risk management. These regulators can mitigate the risk and safeguard cybersecurity against external intrusion and other forms of digital fraud. These AML/CFT controls can also serve as an anti-fraud measure, by tracking cryptocurrency transactions for enhanced transparency and traceability.
As China, Hong Kong, Singapore, Japan, Australia, India and South Korea are the key crypto markets in the Asia Pacific Region. Here are the brief regulatory details of selected frameworks of the Asia pacific region.

Singapore's Payment Services Act 2019

This act is commonly known as the PS Act. It regulates and provides licenses to payment service providers.
The significant framework of the PS Act is as below:

  • Account issuance services
  • Domestic money transfer services
  • Merchant acquisition 
  • Electronic money issuance 
  • Digital payment token services  
  • Money-changing services
Regarding crypto and blockchain investigation, cryptocurrency is regulated by the Monetary Authority of Singapore (MAS). The PS Act framework provides special powers to MAS for inspecting digital service token providers doing business overseas and to assist foreign regulatory bodies with crypto investigations.

Hong Kong Securities and Futures Commission

Hong Kong security and Futures Commission published a position paper in November 2019. It stated that crypto exchanges that are eligible for licensing must adhere to essential requirements in relation to protecting user assets, AML/CFT, accounting and audits.

Japan's Legislative Amendments on Cryptocurrency 

Japan passed a recent legislative amendment that can cover crypto custodians and crypto derivatives businesses. The crypto security companies with being regulated along with cryptocurrency exchanges in Japan. The framework will cover areas of cybersecurity, blockchain investigation, crypto transaction tracking for protecting user assets and monies, and AML/CFT.

South Korea's Regulatory Amendment Regulations 

South Korea is one of the top 5 largest crypto markets in the world. In March 2020, South Korea implemented legislative amendments to regulate Virtual Asset Service Providers (VASP), crypto service providers and crypto security companies. The law covers the below-mentioned areas through VASP regulations.

  • Trading Cryptocurrencies
  • Crypto-to-crypto exchanges
  • Cryptocurrency transfers
  • Storage and management of virtual assets

To provide a safe and transparent trading environment in the Asia-Pacific region, different regulatory frameworks rely on various types of cryptocurrency analysis tools. Regulatory bodies use crypto monitoring tools to track crypto transactions and perform crypto and blockchain investigations.

Here are some mitigation measures

With rapid technological development, the required risk-mitigation measures need to adapt and evolve continuously. They drive the design of digital assets. The infrastructure within which they are held and transacted means that the attendant fraud risks and the required risk-mitigation measures need to be built-in. There are various approaches that can potentially mitigate fraud risks related to cryptocurrency and other digital assets. They differ for each user and service provider.

A robust risk and compliance framework designed to counter fraud risks for a crypto exchange service provider should include:

  • Assets Protection: It is important to store user assets securely. Service providers should consider insurance or appoint third-party custodians to safeguard these assets. They should ensure user assets can be recognized at all times and are not commingled with other assets.
  • Risk Management: Keeping IT security measures up-to-date such as firewalls, anti-phishing software and other techniques that can prevent hacking and other forms of intrusion are a must. Ensure administrative accounts maintained by both parties are secure and subject to multi-factor authentication.
  • Customer Monitoring: It is crucial to do customer due diligence and ongoing monitoring to keep track of fraud and impersonation risks, especially where users are serviced on a virtual basis.
  • Robust Framework: A proper documented governance framework ensures the authority to access and use private keys associated with cryptocurrencies and other digital assets is not limited to a connected group of individuals. Ensure a multi-line defense system against fraud to maintain an independent compliance function and audit arrangements.
  • Price Manipulation: Identify manipulative or abusive trading through close surveillance of user activities. Address the risk of wash trading and suspend any such user account.
The users of cryptocurrency in the corporate world may apply a combination of the above-mentioned measures for protection from internal and external frauds.

Inspecting crypto fraud cases

When a Crypto holder - service provider or user - suspects that he is a victim of misappropriation or manipulation, the instant response should be to investigate all the circumstances of the suspected fraud and verify the sequence of events behind it. Going through an internal investigation allows the crypto holders to make quick and informed decisions about which remedy they need to pursue or what regulatory enforcement authority to contact.
Reconstituting the timeline of events will require careful consideration of available documentary and electronic evidence, and interviews with the individuals involved. The conduct of internal investigations must be balanced with other relevant considerations. This includes regulatory requirements to report suspicious transactions to authorities, responding to information requests from those authorities or disclosure requests from aggrieved parties. In case an insider is suspected of being involved, care must be taken to ensure that the investigation does not result in the individual being tipped off about possibly colluding with other parties.
Tracing and identifying electronic and digital data required to corroborate the fact pattern may require the assistance of a specialist forensics firm, under the supervision of appropriate legal counsel to preserve and maintain privilege. Relevant factors for suspected crypto or digital asset fraud include:

Cryptocurrency features and typology: The manner in which transactions are executed and recorded varies across different classes of cryptocurrency. While transactions in cryptocurrencies such as Bitcoin and Ether are recorded on their native blockchain, this is not the case for all types of digital assets. For example, stable coins pegged to or denominated in fiat currency or a commodity are often subject to centralized governance mechanisms. Records of transactions in these assets may be kept by the issuer. Similarly, transactions in digital securities including tokenized equity or debt may be registered on a blockchain. They may also be recorded in and reconciled against a register kept by the issuer.

The ecosystem for storing and transacting cryptocurrency: To get a clear-cut idea of a fraudulent transaction, you need to have information about the parties or people involved in such transactions. These can include brokers, custodians, cryptocurrency exchanges or digital wallet holders. Such information can help you gauge the nature and scope of fund and asset misappropriation by the fraudsters. That’s not all, you also require knowledge of the relevant cryptocurrency or digital asset. Take for example stablecoins. Stablecoins are usually tied to a reserve asset. If an illicit transaction involves stable coins, you need information from the custodians responsible for safeguarding and supervising the reserve.

Data trails that track fraudulent activities: Apart from recording cryptocurrency transactions on blockchain, you also require other information to demystify fraudulent activities. For example, there are cryptocurrency agencies that deploy advanced security tools and intelligence to trace the source of suspicious transactions. These transactions can result from unethical methods like spoofing, stop hunting and “pump and dump” trading. Sometimes, in order to discuss their scheming activities, parties utilize electronic mediums like messaging apps and other online platforms. These electronic platforms can leave data trails.

It is ideal for every crypto firm to maintain documentation of the investigation. Such records can assist the investigation agency to assess fact patterns, claims or complaints made by third parties. It can also help in sharing details or information regarding the investigation with any other regulatory authority.