Over the past 6 years, approximately 60 billion dollars have flowed through identified cryptocurrency addresses associated with illicit activities (proceeds from darknet platforms, ransomware, fraud, terrorism, etc.). Some of these funds underwent a ‘cleaning’ process through exchanges, mixers, and ordinary users’ accounts.
Everyday users, like you and me, sometimes may not even realize that the funds received from an exchange or another party could have a ‘dark’ origin and may face account freezes on an exchange or other services later on. To mitigate these risks, it is crucial to know the history of the origin of funds in your crypto wallet and also understand the risk score for each of your counterparts. This approach is mandated by AML regulations.
AML (Anti-Money Laundering) procedures are a set of measures taken by financial and other market participants, including in the world of cryptocurrencies, to detect and prevent attempts to acquire and legitimize funds derived from illegal activities.
Understanding the existing risks, the importance of AML transaction checks and crypto wallets, and adhering to security recommendations will help you protect your own assets.
This article is based on materials from the Kotelov digital finance podcast, in which cybersecurity expert and co-founder of AML Crypto, Vladimir Lazarev, shares his experience
What is cryptocurrency AML verification?
At present, the cryptocurrency market boasts impressive numbers – 425 million users and a total token market capitalization exceeding 1 trillion dollars.
Governments of many countries can no longer stay on the sidelines of such a significant market. They recognize the importance of determining the legal status of cryptocurrencies, addressing taxation issues, creating a favorable climate to attract blockchain experts, fostering the growth of companies in this industry, and ultimately securing digital sovereignty for their country.
Along with the opportunities offered by blockchain technologies and cryptocurrencies, there are also certain risks. For instance, cryptocurrencies can be used as a means to launder illegally obtained funds. The appeal of cryptocurrencies to wrongdoers often lies in their relative anonymity.
Regular users are strongly advised to conduct AML checks on their counterparts and incoming transactions for potential ties to illegal activities. Services designed for this purpose exist, such as Btrace, AML bot, and GetBlock. By doing so, you not only exercise vigilance, reducing the risk of your assets being frozen or coming under suspicion but also prevent the laundering of illicit funds through your account.
AML verification involves analyzing the sources of funds entering a crypto address and assessing the risk score. The risk score is a percentage rating of risk, ranging from 0 to 100. It takes into account the history of funds entering the cryptocurrency address, the likelihood of its connection to illegal activities, user behavioral patterns, and available information about the address itself, its associated clusters, and owner.
Let’s illustrate this with an example. Before sending cryptocurrency to an unfamiliar user, it is recommended to check their crypto address. If the analysis shows an elevated risk (with a risk score ranging from 70 to 100) or significant ties to sanctioned exchanges and mixers, it’s advisable to reconsider the decision to proceed with the transaction. This can help prevent contact with scammers and save you from potential future account freezes on exchanges that adhere to AML procedures.
The principles of AML in cryptocurrencies
In the world, there is an intergovernmental organization called FATF (Financial Action Task Force), which combats money laundering. It has released the ‘Travel Rule’ document for crypto companies. There are also other international and local directives, such as 6AMLD, AML/CFT, and so on, that professionals in the market must adhere to.
Essentially, these recommendations boil down to two principles:
KYC is an abbreviation of the English phrase ‘know your customer/client.’ The essence of this principle is that before providing any services, an exchange or cryptocurrency platform must establish the identity of those interacting with them through the platform.
KYT stands for ‘know your transaction.’ Companies must know how money arrived on a particular wallet. This is the only way to ensure that the cryptocurrency is not associated with illegal activities.”
How criminals launder ‘dirty’ cryptocurrency
There are numerous methods for laundering questionable cryptocurrency, and with each passing year, these methods become more sophisticated. Here are some of the most popular ones:
Utilizing mixers* and anonymity tools. Questionable funds are introduced into mixers or wallets that employ technologies such as CoinJoin, for instance, Tornado Cash, Wasabi, and Samourai. Subsequently, funds are withdrawn from the common pool, making it challenging to definitively link them to the initial user. As a result, the funds are partially ‘cleaned,’ making them easier to legitimize.”
Using transit addresses and exchange accounts set up under drop identities. Scammers create multiple intermediary addresses and perform numerous transactions to make tracking difficult. This is often combined with transferring tokens from one network to another through decentralized exchanges (DEX). Subsequently, the funds are funneled into exchange accounts established under drop identities.
Withdrawing through cryptocurrency exchanges without KYC and KYT. Despite stricter regulations, some cryptocurrency exchanges still do not adhere to AML standards. Scammers identify such platforms and convert funds through them, shifting all responsibility onto the exchanges.
Pledging operations through smart contracts. Smart contracts are software codes that contain all the terms of a transaction. For example, you deposit Bitcoin and receive USDT or any other cryptocurrency according to the agreement. In the case of financial misconduct: you deposit illicit assets and receive clean money that can be used without concern. Naturally, there’s no returning from the collateral.
Issuing NFTs. A wrongdoer creates NFTs and purchases them with their own ‘dirty’ cryptocurrency. Through this process, they end up with clean profits. If law enforcement authorities inquire about this individual, they can calmly claim that they earned ‘dirty’ crypto from selling their NFT collection. They won’t be able to provide information on the source of the funds.
*Mixers are services designed to enhance the anonymity of transactions by mixing cryptocurrencies from different users, making it difficult to trace the origin of funds. The concept is rooted in the desire to provide greater confidentiality and privacy for users, considering that many cryptocurrency transactions are public and transparent to all. With the rising popularity of mixers, regulators have started paying them more attention. Many
governments and law enforcement agencies view them as tools for money laundering and other illicit activities. Some mixers have been shut down, and their operators have been arrested
**DEX – Decentralized Exchanges, are platforms that enable people to exchange cryptocurrencies with each other without the need to trust a centralized entity or intermediary. Their operation is based on smart contracts.
Is there AML on DEX?
By their very nature, decentralized exchanges (DEX) enable users to conduct transactions without intermediaries and centralized control. However, due to increasing concerns about money laundering and terrorism financing, several countries have begun considering the possibility of applying AML rules to DEX.
By default, DEXs do not require users to undergo KYC (Know Your Customer) procedures and do not have centralized control over who uses their platform. This makes the direct implementation of traditional AML procedures challenging or impossible.
Some countries are considering introducing regulatory requirements for DEXs to align with AML standards. However, the implementation of such regulation is complicated due to the decentralized nature of these platforms. AML in DEXs is a subject of discussion and consideration in the context of global cryptocurrency regulation.
It’s important to understand that in the process of legitimizing ‘dirty’ cryptocurrency, wrongdoers do not view DEXs as the final destination. Unlike centralized exchanges (CEX) and peer-to-peer (P2P) transactions, DEXs do not allow cryptocurrency to be exchanged for fiat. For wrongdoers, they serve merely as tools for obfuscating traces.
How to minimize the risks associated with interacting with ‘dirty’ cryptocurrency
Always verify the cryptocurrency addresses of your counterparts, whether they are senders or receivers. Before conducting transactions, check the address with AML services based on the risk score.
If you don’t have the means to verify the cryptocurrency address of your counterpart, apply a cautious approach: accept funds to a new, previously unused address. After receiving the funds, analyze their origin. If the funds appear clean, confidently transfer them to your primary cryptocurrency address or an exchange. When dealing with a high-risk score, gather all the details of the transaction to be able to explain the source of funds.
It is recommended to regularly change your cryptocurrency address. The risk score of your previous counterparts may change, which, in turn, could have a negative impact on your own risk score
I’ve had my funds stolen. What should I do?
First and foremost, try to remain calm. Emotional reactions rarely lead to rational decisions.
Next, organize all the information about the incident: the culprits’ contacts, associated resources, your correspondence, and cryptocurrency transaction details.
Then, conduct blockchain analysis. You can use blockchain explorers on your own or seek assistance from specialized companies. The main goal is to trace the path of your funds. If the money was transferred to an exchange, contact their representatives and request to freeze the funds, providing the information you’ve gathered.
Afterward, contact law enforcement agencies. Depending on the circumstances, this could be the agency in your place of residence, the jurisdiction of the exchange, or the suspected location of the wrongdoer. Note that some agencies may require you to file a complaint in person.
When dealing with law enforcement, provide information in the clearest and most straightforward language possible. Not all officers are familiar with the nuances of blockchain and the specific terminology of the cryptocurrency sphere. Terms like ‘swap,’ ‘farming,’ or ‘staking’ might be unfamiliar to them.
To locate stolen cryptocurrency and the wrongdoer, law enforcement agencies require digital traces. Even the smallest details can be helpful in the search. For example, communication channels, sent files, domains.
This can allow them to:
- Analyze which Telegram groups the wrongdoer is part of.
- Analyze possible metadata in files.
- Query the domain name registrar for information on who registered the domain and the payment details.
- Determine the IP addresses from which the account was accessed.
Indeed, step by step, law enforcement agencies can follow the trail to locate the wrongdoer.
Wrongdoers are humans too and can make mistakes in the smallest details, as illustrated by this interesting case.
Around $450,000 was stolen from an individual. The wrongdoer meticulously planned every detail, including erasing all communication with the victim, registering messengers with virtual numbers, using remote workstations, utilizing numerous transit addresses, and even selectively employing a mixer. He took his time, laundering the funds gradually. However, due to oversight, laziness, or perhaps overconfidence in his methods, he decided to withdraw only $150 to an exchange that required KYC procedures, thereby revealing his personal information.
AI and AML
Artificial intelligence has made its mark in almost every sphere, and AML is no exception. How do neural networks use their capabilities to detect fraudsters? What are behavioral patterns, and why are they important to know? We discussed these topics in two episodes of the Kotelov digital finance podcast: here and here.
The cryptocurrency market is not a game of chance. To be successful, you need knowledge: blockchain, wallets, addresses, types of exchanges, ways to earn, and security.
In Valeriy Kotelov’s podcast, channel guests don’t just explain the basics of the crypto industry. They delve into complex subjects, share nuances, and provide their unique insights that you won’t find in open sources.