“Virtual currencies, perhaps most notably Bitcoin, have captured the imagination of some, struck fear among others and confused the heck out of the rest of us — including me.” – Senator Tom Carper, chair of the Senate Homeland Security and Governmental Affairs Committee, November 2013
Today is day 2 of our Fraud Awareness Week series, Fraud Stories and Lessons Learned, and we want to highlight the rapidly emerging problem of cryptocurrency fraud. Brad Moody, EVP of Operations for Lowers & Associates, points out the rapid increase in crypto-related fraud noting that in 2016 there were only 340 active fraud cases of such fraud and by 2020, there were more than 80,000 cases in the U.S. alone.
In this fraud story, Brad explains how current schemes to capture victim organizations’ cryptocurrency are amplifying the need for effective internal controls, anti-fraud training, and third-party penetration testing.
Listen to the story here:
Interestingly, one of the best ways organizations can protect themselves from cryptocurrency fraud is through the same tried and true practices used to prevent social engineering, phishing, and other related attacks. Employees are increasingly subject to scams through email and link-sharing, so it’s important to look at how to detect and block such activity but also to train employees on how to recognize and avoid becoming victims to such scams.
David Gardiner, Senior Vice President of Lowers Forensics International, offers further advice: “Crypto based currencies are now becoming a professionally acceptable form of tender. Now more than ever, corporations need to proactively mitigate their risk and exposure. This can be done through a myriad of operating procedures including the process of facilitating not only their outbound, but even incoming payments. Strict rules of engagement, much like the protocols already used in wire transfers (verbal confirmation, dual signature authentication, etc.) should be followed here as well.”
Stay tuned tomorrow for another fraud story from the front lines of Lowers & Associates.
Cryptocurrency, a form of digital payment that can be spent or traded online for goods and services, is still a relatively new concept. As such, it’s perceived value as both a medium for financial exchange and a potential investment changes frequently. But with the often-astounding value a single token or cryptocurrency exchange can have, keeping cryptocurrency secure remains a static concern for security professionals monitoring its maturation.
For most traditional businesses, the COVID pandemic has impacted operations significantly, the most relevant example in the crypto discussion being banks and other financial institutions. However, we’ve also seen online and ecommerce businesses like Amazon benefit greatly. Crypto occupies a unique place in the economy because, while a digital currency, its handling often remains a protected physical asset.
During COVID, our team has seen an increase in marketplace awareness about Crypto. And while the data is still murky on an increase in usage, every security professional is acutely aware that with an increase in awareness comes an increase in the potential for theft or fraud. We had a chance to speak with Brad Moody, Executive Vice President of Operations for Lowers & Associates, about the current state of Crypto in 2020, including how companies are securing Crypto exchanges during COVID, the adaptations they’ve made, as well as some current trends.
“Interesting enough, there’s a growing appetite for the working from home aspect,” he said. “Normally, it’s almost like a boiler room type of thing, but now these companies are trying to get out of real estate to be very minimal while also still be able to perform the same transactions at a very high level maintaining security. We’re starting to see that quite a bit. When you start with a highly secure location, though, what happens when that goes away?”
In today’s Coffee Break, Brad explains why it’s important to understand what companies can do to maintain that integrity from the outside in.
Carbon Black estimates that more than $1 billion in cryptocurrency was stolen in the first half of 2018 alone. And though cryptocurrency custodians must wrestle with some of the same security risks as traditional financial markets do, the crypto environment presents some unique challenges.
The digital environment needs fortification, of course, via a secure network, encryption technologies, and other anti-hacking defenses. But the other, not so obvious, risk area is protecting the cryptocurrency assets held in cold storage. With cold storage, private crypto keys are physically stored offline or on a computer that is isolated from the network. In many ways, it’s considered a safer alternative to hot storage, in which private keys are stored online.
To protect these small, but highly valuable assets, custodians must identify and mitigate the risk exposure associated with storage and transportation of the private keys. Those risks include the size of the devices, identity management, access control, physical and operational risks, and the potential for violence.
In the infographic that follows, we explore each of these risks in more detail and highlight why cryptocurrency fraud prevention requires special consideration.
It is no secret that cryptocurrency is captivating audiences and opportunists on a global scale. By utilizing the cryptocurrency model of block chain technology, users can perform transactions more quickly and anonymously. As such, many believe cryptocurrency was initially created to facilitate illicit activity such as human trafficking and narcotics. That impression has since been replaced as more and more people discover the ability to purchase goods and services without bank fees and potentially a higher gain on the amount of currency invested in the blockchain system.
Still, many risks remain. And the crypto exchanges are looking for new ways to mitigate these risks, which include:
Spreading risk is a widely accepted way to succeed in the financial market. But the complex way in which certain risks are dispersed across anonymous networks or computers in a crypto exchange makes is difficult to pinpoint the exact source of a threat or risk in the system.
The anonymous, digital nature of cryptocurrency transactions means there is a natural lack of control and physical security. This allows new opportunities for someone with malicious intent.
Lack of Control:
Typically, network administrators and advanced computer engineers can develop robust controls to ensure the cryptocurrency is able to be stored and used as appropriate. But what happens if the device is stored on a thumb drive and is stolen or damaged? What happens if someone performs a tiger kidnap and forces transactions to take place?
Potential for Significant Loss:
Unlike in a vault robbery where millions of dollars in bulky and heavy currency takes multiple trips to remove from a vault, the same amount can be removed in seconds with a thumb drive into an anonymous sea of computers.
These and many other areas of risk are driving the cryptocurrency exchanges to invest in insurance. Insurance syndicates and others are responding by addressing how to validate the actual quantum of the currency and how to define the policies and exclusions that will protect these growing networks.
Meanwhile, the cryptocurrency exchanges will continue their efforts to identify and mitigate current and future threats to the trust and safety of their networks.
Demand is on the rise for cold storage vault services for cryptocurrency. As CIT and vault providers work to meet the demand, they are facing risks that are at once similar and very different from those they encounter with their cash services.
As a vault or transport provider, how well do you understand the risks of cold storage?
Our latest slideshow highlights 7 components of a risk assessment for cold storage providers of cryptocurrency. It looks at the following: