Once crypto is gone…it’s gone

Crypto fraud taking off

Crypto.com, one of the most popular crypto exchange marketplaces, made a big splash last Christmas when it usurped Staples Center as the home of the Los Angeles Lakers.

Recently, the company made another splash: a $34 million security breach.

The Crypto.com hack exemplifies the rise in crypto fraud over the past year, which jumped 79% in 2021 due in large part to synthetic identities. Per Pew Research, 86% of Americans are knowledgeable about cryptocurrency, and the amount of crypto users currently sits at around 300 million. With this number expected to go up, crypto apps face a herculean task in protecting their platforms from ATO (account takeover), money laundering, and other fraudster schemes.

Cryptic crypto

Balancing security with a seamless customer experience is a tough balance for companies employing traditional fraud prevention approaches. Unfortunately, most crypto apps lean into seamlessness and are too loosey-goosey at the account creation stage.

The real culprit here is static data — what crypto apps use to verify customer identity — social security numbers, dates of birth, names and addresses that can be purchased on the dark web for peanuts and cobbled into a synthetic identity. IP addresses? Those can be spoofed. And fraudsters can even pay a real person to verify their own identity through legitimate documents, such as a photo ID.

Glaring vulnerability at the account creation stage isn’t the worst part of the crypto fraud problem; it’s the fleeting nature of crypto itself. Cryptocurrency is not insured by the FDIC, so once it’s gone…it’s gone. Victims of the common “rugpull” scam know this all too well: a bad actor convinces them to invest in the newest (fraudulent) coin on the blockchain, only to vanish along with everyone’s funds and the bogus cryptocurrency that never was.

Multi-factor is hardly a factor

Complex passwords, OTPs, 2FA, and MFA can be effective in stopping fraud. But, as with Crypto.com’s 2FA approach, effective isn’t good enough.

For the advanced fraudster and their legion of bots, creating a synthetic identity or credential-stuffing or sim-swapping their way into ATO and money laundering is light work. The security protocols above are a decent start; however, they must be paired with dynamic, real-time insights to be truly impactful.

At Deduce, we are all about living in the here and now. There’s no time like real time when it comes to preventing crypto fraud or identity fraud at large, which is why we’ve built our real-time Identity Network that cross-references more than 450 million anonymized user profiles and 1.4 billion daily user activities across 150,000 websites and apps. It’s an added layer of real-time intelligence that identifies fraudsters and legitimate users with better accuracy and efficiency. It’s a winning trifecta of less fraud, less false positives, and less churn — users will login safely and seamlessly, and crypto apps can avoid a front-page breach.

Want to see how Deduce can fortify your app’s defenses? Drop us a line today and get started in no time.