Cryptocurrencies

Let's Admit It: To Ward Off Crypto Scams, KYC is a Must

By Pedro Anderson, Founder and COO of Winding Tree 

Critics routinely attribute cryptocurrency's crashes to Elon Musk’s Twitter-happy fingers. While the sway influential figures like Musk, or any other celebrity, really have over crypto prices is up for debate, headlines insinuating they do forge associations in people’s minds. And these associations can sometimes be leveraged to work against us by malicious actors.

In fact, many crypto scammers rely upon these celebrities’ relationships with crypto in order to dupe their targets. Social engineering in phishing scams is nothing new, and the media buzz has only made it easier for bad actors to fool the vulnerable. In a cryptoverse which, in all honesty, isn’t as anonymous as advertised, a refined approach to identity verification will be our biggest weapon against it. 

Reported losses to crypto scams run rampant with scammers posing as good Samaritans offering purportedly solid investment advice, having even leveraged dating sites to appear credible. Worryingly, the Q1 2021 figure makes for a 1000-percent increase against that of late 2019. In late 2020, the U.S. Federal Trading Commission reported Americans were duped into transferring about $2 million in crypto over a six-month period to an organized scam posing as Tesla’s eccentric CEO.

Overall, the bounty hauled in by cryptocurrency theft, including both hacks and scams, stood at $513 million in 2020, Statista reports. This figure is projected to rise by 74 percent by the end of 2021, according to Bolster

But these schemes are not confined to just the U.S. In March 2021, a German lost 10 bitcoins to yet another scam wallet leveraging Musk’s crypto fame, where he was misled by news seemingly from the mogul’s official account—including a link to a “professional-looking website, where the Bitcoin giveaway looked to be in full swing.” Alarming as it might be, the incident pales in comparison to the discovery of a crypto fraudster network which deceived hundreds of Europeans into parting with an estimated €30 million. According to Europol, the scammers posed as seasoned brokers and investment advisors, running their own call center and multiple fraudulent investment platforms. In the UK, crypto scams accounted for almost half of the $87 million lost by nationals to fraudsters in 2020.

The hand that holds the wallet

Such attacks didn't take place in a vacuum. Today’s crypto scammers rely on a perfect storm of media buzz, influential voices, and general interest in emerging technologies for their social engineering schemes to dupe people effectively. By utilizing various off-chain platforms to outwit its victims, be it Twitter or a dating site, they are able to manufacture convincing facades that can, be difficult to see through for those unfamiliar.

The problem fundamentally comes down to the foundations of the cryptoverse. In itself, the distributed ledger exists as a paragon of transparency, in that every transaction goes on record and is visible to everyone. At the same time, users are unwitting regarding who holds a specific wallet, because a wallet can have multiple addresses.

While ostensibly private, the system does not guarantee a user ironclad anonymity, as has become clear with the advent of blockchain analysis and attribution tools. By following on- and off-chain trails, such services can link specific addresses with wallets, and wallets with real-world entities.

A case for responsible KYC in crypto

Attribution services are helpful, but everyday crypto investors aren’t likely to utilize them for every purchase. Additionally, it will be hard to expect Main Street to have the same resources and capacity as the FBI, which recently managed to reverse a major crypto ransom payment to hackers by, most likely, getting hold of a key wallet associated with the hacker crew.

The cryptoverse needs to develop its own responsible KYC system to pave the way for more Main Street investor and businesses adoption. Being able to verify the counterparty will make potential investors more willing to trust the ecosystem and support promising projects backed by individuals with a record of legitimacy.

To adhere to the inherently free-spirited approach of crypto, signing up with the system can and should be optional. This approach could be fused with real-word verification systems, such as formal ID documents issued by state governments and business registries. Legal documents reviewed by a trusted third party could be the first pipeline laid down towards a scalable KYC solution. A system incorporating enough trusted verification entities will be able to function without a central body, instead powered on the same decentralized consensus as the blockchain.

With cryptocurrency going increasingly mainstream and so many bad actors in the space, crypto theft has done anything but slow down in 2021. It's therefore vitally important for the industry to develop its own brand of identity verification. An open and accessible KYC mechanism would allow the cryptoverse to maintain its core features, such as decentralization and privacy, while becoming more secure and accessible to those still perched upon the proverbial fence.

About Pedro Anderson

Pedro leads Winding Tree’s Corporate Partnerships. He has been instrumental in driving adoption of ORGiD for enterprise, a dynamic solution to the growing dangers of identity theft and impersonation. He also founded Firefly, a non-profit organization focused on training and preparing orphans for careers in the hospitality industry.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.