At the start of 2021, it was reported that internet businessperson Kevin Rose experienced a phishing fraud in which he lost more than $1 million in nonfungible tokens (NFTs). This article provides more details on the incident.
As traditional banks become involved in Web3, cryptocurrencies, and Non-Fungible Tokens, they take on the responsibility of safeguarding their customers’ investments from malicious actors and ensuring that the funds have not been acquired illegally.
The anti-money laundering (AML) operations within organizations have experienced difficulty because of the crypto industry. Structures such as cross-chain bridges, mixers, and privacy chains have been developed, where fraudsters and crypto robbers can hide assets that have been taken. There are not many technical tools or systems to help in this complicated situation.
Recently, regulators have been strongly enforcing their regulations on some cryptocurrency platforms. This has resulted in centralized exchanges being required to de-list privacy tokens. In August 2022, the Dutch police apprehended Alexey Pertsev – the developer of Tornado Cash – and since then, have been attempting to monitor transactions through the use of mixers.
The Web3 ethos values decentralized governance, yet the pendulum may have to move in the opposite direction to reach a steady balance that safeguards users while maintaining innovation.
Organizations and banks that wish to offer digital asset services to their clients must take on the challenge of mastering the complexities of Web3. To ensure appropriate customer defense, they must have a well-developed AML framework in place.
In order to create an effective AML framework, financial institutions must examine and create the necessary capabilities. This could be done independently or with the help of an external provider.
In the digital asset space, there are a handful of businesses that provide AML frameworks to banks and financial institutions. These vendors include Solidus Labs, Moralis, Cipher Blade, Elliptic, Quantumstamp, TRM Labs, Crystal Chain, and Chainalysis. These companies specialize in offering comprehensive solutions for anti-money laundering.
In order for vendor platforms to offer a comprehensive solution to AML concerning digital assets, there must be multiple inputs. Some of these are provided by the vendor itself, while the rest are obtained from the banking or financial institution they collaborate with.
Sources of Information and Inputs
Data sources and inputs are essential for any project. They provide the basis for the decision-making process and are the foundation of success. It is important to ensure that the data sources and inputs used are reliable and valid. Furthermore, it is important to continually assess the sources and inputs to ensure they are up-to-date and relevant.
In order to accurately pinpoint AML risks, institutions need to have access to a large amount of information from various sources. The quality of a financial institution’s AML processes will depend on the range and level of data available. The following are some of the key inputs necessary for anti-money laundering and fraud prevention.
An illustration showing a person sitting at a desk, with a laptop in front of them, surrounded by a range of different cryptocurrencies is depicted in the image. On their screen is an exchange graph with a variety of digital tokens being traded. The individual is engaged in the activity of cryptocurrency trading.
A wide-ranging definition of what a business should be monitoring is usually encompassed by the AML policy. This is usually divided into regulations and borders that assist in carrying out the policy.
A policy related to anti-money laundering might demand that any digital assets associated with a government that is subject to sanctions, e.g. North Korea, be noted and handled appropriately.
The policy might indicate that any transactions exceeding 10% in value from a wallet address that has been derived from a known asset theft would be identified.
For example, if 1 Bitcoin (BTC) is put into a first-tier bank, and 0.2 BTC originated from a wallet associated with the Mt. Gox hack, even if there have been attempts to hide the origin by running it through 10 or more steps before it reaches the bank, this will still trigger an AML red flag for the bank to recognize the potential danger.
The Metaverse has recently been faced with the question of death, and Web3 is trying to offer new solutions.
In order to label wallets and trace the origin of transactions, AML platforms utilize several approaches. These strategies may involve consulting external data such as sanctions lists or other blacklisted individuals; scraping crypto addresses from the darknet, terror financing websites, and social media; utilizing heuristics to determine if crypto addresses belong to the same individual; and applying machine learning processes like clustering to detect addresses connected to the same person or entity.
The data obtained through these approaches is the cornerstone of the essential capacities that AML divisions of banking and finance organizations must develop to manage digital resources.
Keeping a vigilant eye on wallets as well as conducting investigations
Financial institutions must engage in proactive observation and analysis of customer wallets, in order to determine whether they have had contact with prohibited persons such as hackers, persons under sanctions, terrorist groups, and mixers.
Illustration of a wallet containing assets that have been categorized and labeled, as shown in the image. The source of the image is Elliptic.
Labeling of wallets triggers the implementation of AML regulations to make certain that the wallet assessment remains within the accepted degree of risk.
Examining Blockchain Technology
An investigation into the uses, capabilities, and potential of blockchain technology is being conducted.
It is essential to undertake an investigation into blockchain technology in order to guarantee that the transactions occurring on the network do not contain any unlawful elements.
A study is conducted concerning blockchain transfers from the original source to the final destination. Platforms providing services enable the capacity to filter by transaction value, number of steps, or even the ability to detect on-off ramp transfers as a part of an inquiry automatically.
A visualization of the Elliptic platform tracing a transaction back to the dark web is illustrated in the image below. The source of the image is Elliptic.
Platforms can provide a visual representation of the route that a digital asset has taken through the network, from its source to its current wallet. Services such as Elliptic have the capability to detect even transactions that originate on the dark web.
Keeping Track of Multiple Assets
Monitoring of numerous assets is an important part of any business. It allows for a better understanding of the current state of the company’s resources and enables the making of informed decisions. This is why multiasset monitoring is such a valuable practice.
AML platforms must be able to monitor risk where a variety of tokens are employed to launder money on the same blockchain. Many layer 1 protocols possess distinct applications that each have their own tokens. It is possible to perform illicit transactions using any of these tokens, so the surveillance must go beyond simply one base token.
Examining Assets Across Different Blockchains
Data analysts and AML professionals have been challenged by the task of monitoring cross-chain transactions for some time now. Of all the activities that require attention, cross-chain asset transfers may just be the most difficult to keep track of. Unlike mixers and dark web transactions, cross-chain asset transfers are legitimate and are becoming more common in order to facilitate interoperability.
Additionally, wallets that store assets that have transacted through mixers and the dark web could be designated and marked as a warning, since these are seen as red flags from an Anti-Money Laundering perspective right away. It would be impracticable to simply mark a cross-chain transaction, as it is an essential component for interoperability.
In the past, AML protocols for cross-chain transfers have been difficult to establish due to the obscure nature of the bridge involved. To tackle this issue, Elliptic has implemented a multi-level methodology.
This diagram shows that a cross-chain transaction between Polygon and Ethereum is identified as being from a crypto mixer, which is an accepted entity. Source: Elliptic
In the most basic circumstances, a bridge can ensure end-to-end visibility across all chains for every transaction, which the AML platform can easily detect from the chains. However, if such traceability is not achievable due to the bridge’s characteristics, AML algorithms rely on time value matching to locate assets that have been transferred from one chain to another. This is done by comparing the time of transfer and the value of the transfer.
In the most difficult of situations, none of the standard techniques can be applied. Take, for example, the transfer of assets to the Bitcoin Lightning Network from Ethereum, which is often obscure. In cases like this, cross-bridge transactions can be compared to those that are done through mixers and the dark web, and the algorithm usually flags it as suspicious due to the lack of visibility.
Examining smart contracts
The vetting process of smart contracts is an essential part of safeguarding users in decentralized finance (DeFi). Such reviews guarantee that no illicit activities are present in the contracts, and institutions should be aware of this.
Hedge funds seeking to partake in liquidity pools in a DeFi context will find this particularly pertinent. Banks, however, presently do not take part in DeFi operations directly, which makes this less essential. Though, if banks were to become engaged in institutional DeFi, then smart contract-level screening would become immensely critical.
Diligent assessment with VASP
Exchanges are designated as Virtual assets service providers (VASPs). Diligence must be exercised in assessing the total amount of exposure the exchange has when it comes to all the addresses related to it.
Vendors of Anti-Money Laundering (AML) systems present the possibility of assessing risk based on the place of incorporation, Know Your Customer regulations and, occasionally, the current status of financial crime prevention measures. Compared to earlier capabilities, VASP checks involve both on-chain and off-chain information.