Cryptocurrency has gone from an obscure hobby to a household name in just more than a decade — a meteoric rise by any standard. The number of cryptocurrencies on the market has risen from 66 in 2013 to 7,557 in 2021, with individuals transacting from their phones, personal computers or the nearly 34,000 cryptocurrency ATMs scattered around the world.
A-list celebrities, including Matt Damon, LeBron James and Larry David, are paid millions to pitch global cryptocurrency exchanges, and 80 million individuals worldwide now have blockchain wallets to buy and sell their favorite cryptocurrencies.
The growing enthusiasm for cryptocurrency can downplay the serious security concerns that still exist in the field, however. The United Kingdom saw more than £146 million ($192 million) lost to cryptocurrency fraud in 2021, a 30% jump from 2020. Swindlers are growing bolder in their schemes as well, with five of the 10 largest cryptocurrency thefts of all time occurring in the past 12 months, including the largest attack in history, which stole more than $600 million.
Cryptocurrency exchanges are not blind to these fraud risks, but many of their security measures, including document verification, have proven ineffective. The following PYMNTS Intelligence explores the scope of the cryptocurrency fraud threat and why a new security approach could better protect users.
Fraud Threats and Security Weaknesses
Bad actors have stolen more than $7.6 billion worth of cryptocurrencies since 2011, with $2.8 billion of this total pilfered through security breaches and $4.8 billion stolen through scams. There were more than 400,000 cryptocurrency scam incidents in 2020, up 40% from 2019, and fraudsters stole more than $14 billion in cryptocurrency in 2021.
One of the single largest thefts on record occurred in 2018 when fraudsters stole $534 million in NEM coins from the cryptocurrency exchange Coincheck. More than 260,000 Coincheck customers were affected by the theft, and the thieves quickly unloaded the currency at a fraction of its price on dark web marketplaces.
These thefts are nearly impossible to reverse after the fact due to the nature of cryptocurrency and the blockchain, making the thieves’ capture and the victims’ compensation unlikely at best.
Cryptocurrency exchanges are aware of fraud risks, but their existing security measures can fail to stop bad actors and may impede legitimate customers attempting to transact. Document verification is one common method for onboarding users, but this technique has weaknesses, including vulnerability to fake IDs. It can also hinder customers when they onboard, particularly if they plan to hold cryptocurrency as an investment rather than transacting with it.
Many customers who sign up for cryptocurrency exchange accounts never transact with them at all, making this verification step unnecessary. This obstruction, combined with false positives, lengthy manual reviews and low accuracy, has led to customer approval ratings falling below 80%.
Cryptocurrency exchanges have several options available that promise to streamline the verification process and provide a more secure environment for their users.
Improving User Verification
One effective method of verifying cryptocurrency users is to move the document verification step to the time of purchase, rather than having it at sign-up. This shift will limit the verification friction for many users by requiring authentication only when there is a risk of malfeasance, which naturally occurs when funds are moved around.
Companies can also streamline and improve the document verification process: Socure’s know your customer (KYC) solution, for example, leverages algorithmic name and date-of-birth matching in its document verification protocols, allowing it to achieve automatic customer approval rates of up to 98%.
There are other verification techniques available to cryptocurrency exchanges that can seamlessly verify users and limit the risk of cybercrime. One emerging technique is biometrics, which come in various different forms, such as face and fingerprint scans. Crypto.com, the largest exchange currently operating in the United States, recently implemented biometric login on its mobile app to verify customers.
Most cryptocurrency exchanges are happy with the status quo, however. Studies have found that 56% of exchanges worldwide have no KYC solutions in place. Any step to ensure the veracity of their customers could go a long way toward improving cybersecurity. While some methods are more effective than others, something needs to be in place to ensure that cybercrime does not run rampant.