In an in-depth interview with Gurvais Grigg of Chainalysis, we examine how the growth in the use of digital currency also has led to a growth in the incident of fraud involving such assets
For those not fully invested in the digital currency world, it may be tough to completely understand its scope. Although digital assets only began to be traded in 2009, the current worldwide market cap for digital currencies sits at around $1 trillion dollars, according to CoinMarketCap, and nearly $400 billion of that is Bitcoin alone.
As digital currencies have become more prominent, however, so has fraud involving crypto. In fact, scammers captured $14 billion in digital currency in 2021, according to blockchain analysis company Chainalysis.
Those numbers can be eyepopping for compliance professionals tasked with tracking financial transactions and identifying potential fraud. Those numbers certainly captured Gurvais Grigg’s attention. Grigg, Chainalysis’s Global Public Sector Chief Technology Officer, moved to the private sector in April 2021 by joining Chainalysis after 23 years at the Federal Bureau of Investigation (FBI), most recently as Assistant Director of the FBI Laboratory. An eight-year-old startup, Chainalysis provides software that tracks blockchain transactions, providing the government and financial institution risk managers with both the tools and education around digital transactions and where money is flowing in this emerging ecosystem.
The past year-plus tracking digital currency transactions and fraud have only strengthened the belief that financial institutions and those with whom they work need to begin planning for digital asset risks now. Recently, the Thomson Reuters Institute caught up with Grigg to discuss why he views the blockchain and digital asset transactions as inherently transparent, emerging risks that fraud managers need to know, and what the future of digital asset transactions portends from here.
Thomson Reuters Institute: You’ve written that blockchain can actually increase transparency rather than lessen it. What about the technology makes it trackable?
Gurvais Grigg: It’s a common misconception that crypto is anonymous and untraceable. In fact, it’s quite the opposite: Cryptocurrencies operate on public, immutable ledgers known as blockchains, and anyone can look up the entire history of transactions of cryptocurrencies that use public blockchains like Bitcoin. Cryptocurrencies are more transparent than most traditional forms of value transfer.
Because the blockchain is permanent and immutable, investigators or consumers are able to see transactions in real-time or access them years later with confidence that the records have not been altered. The same is not always the case with traditional fiat investigations and other asset types. Blockchain analytics and data can significantly reduce investigation time and provide this unparalleled transparency for investigators, regulators, and compliance officers now and into the future.
Thomson Reuters Institute: Digital currency in particular has had a reputation for being where people can go to hide money or transactions. Is this reputation changing? And should it?
Gurvais Grigg: Criminals often embrace new technologies, and cryptocurrency is no exception. The early adoption of cryptocurrency by some criminals helped shape its initial reputation. And crypto remains appealing for criminals, primarily due to its pseudonymous nature and the ease with which it allows users to instantly send funds anywhere in the world, despite its transparent and traceable design. Criminals and nation state actors are turning to digital assets for many of the same reasons so many legitimate consumers: Crypto is a low cost, high speed, and secure way to transfer value.
Over time, however, both law enforcement successes and global regulations are helping to put the myth of crypto’s opacity to bed. For example, almost all of the money seized by the IRS’s Criminal Investigation (IRS-CI) last year was in cryptocurrency. The IRS-CI seized $3.5 billion in cryptocurrency in non-tax investigations over the past fiscal year, representing 93% percent of the total value of its seizures.
Internationally, the Financial Action Task Force, the inter-governmental body that sets global standards relating to anti-money laundering and combating the financing of terrorism and is comprising of more than 200 jurisdictions, issued recommendations for the regulation of virtual assets in 2019, which have since been refined. These are now being implemented and applied around the world. While clarity is continuing to be rolled out regarding specific aspects of the cryptocurrency space, there is an existing regulatory environment.
Thomson Reuters Institute: What are some emerging risks you’re starting to see within digital currencies that organizations should be on the lookout for over the next 6 to 12 months?
Gurvais Grigg: The crypto crime story of 2022 is the stunning rise in funds stolen from DeFi [decentralized finance] protocols, a trend that began in 2021. DeFi protocols to date have been shown to be uniquely vulnerable to hacking, as their open source code can be studied ad nauseum by cybercriminals looking for vulnerabilities. And although this can also be helpful for security too, as it allows for auditing of the code, it’s possible that protocols’ incentives to reach the market and grow quickly have led to lapses in security best practices. Further, much of the value stolen from DeFi protocols can be attributed to bad actors affiliated with North Korea, especially elite hacking units like the Lazarus Group. So far in 2022, North Korea-affiliated groups have stolen approximately $1 billion of digital assets from DeFi protocols, according to our own estimates.
Thomson Reuters Institute: As the number of digital currency transactions is likely to grow in coming years, what’s one thing risk managers can do now to begin tracking and ensuring compliance within the space?
Gurvais Grigg: The first step for banks that want to accommodate digital assets for their customers is to train staff on the industry landscape so that they understand with which asset businesses their customers are most likely to interact and the varying amounts of risk those businesses would introduce.
Banks can also tap into a huge opportunity by taking on digital asset businesses as clients, but only if they do it safely. Luckily, risk assessment in digital assets is actually easier than in most other industries due to the inherent transparency of most blockchain-based assets. With the right tools, banks can monitor digital asset businesses’ transactions and accurately size their exposure to illicit activity, ensuring that every client they take on fits into their desired risk profile.
The 21st century economy requires organizations to respond and move at the speed of new money and collaborate with partners in real-time to share information and thwart today’s threats.
Digital assets aren’t just a cybercrime issue or something to be relegated to the few highly trained investigators who work complex financial fraud matters. It’s a global phenomenon and more and more criminals of all types are incorporating digital assets into their activities.
It’s essential to increase digital asset literacy in both the public sector and industry, because those who don’t become savvy may soon find themselves losing the upper hand to criminals and threat actors who do.