Cryptocurrency fraud refers to the abuse of crypto exchanges through activities such as new fake account registration, account takeover, payment fraud, money laundering, and spam. A steady rise in the use of cryptocurrencies and revenues is attracting more users—as well as malicious actors—to the cryptocurrency exchanges. These exchanges, that are under a siege of both automated and human-driven fraud, need a long-term approach to fight cryptocurrency fraud that keeps user experience at the forefront.
Digital disruption is enabling financial institutions to offer innovative products and services. One such service that some of the fintech platforms are offering to their customers is trading in cryptocurrencies. These specialized cryptocurrency exchanges leverage digital verification to make onboarding easier for customers and enable them to trade on-the-go through apps.
With quick, hassle-free onboarding, faster remittance, and an ability to trade anywhere from any device, customers are flocking to these exchanges. As a result, there has been a steady increase in the adoption of cryptocurrencies the world over. In 2019, the market value of cryptocurrency was $1.03 billion. This is estimated to grow to $1.40 billion by 2025.
Introducing the Bankrupting Fraud Virtual Summit 2020
Cryptocurrency fraud is on the rise
As the popularity and the number of users swell, these fintech platforms are being swarmed by attackers looking to abuse the ecosystem for financial gain by way of cryptocurrency fraud. The first five months of 2020 have already witnessed thefts and fraud to the tune of $1.36 billion. 98% of this total amount— which adds up to nearly $1 billion—was lost to abuse, affecting more than 715,000 victims. Theft and abuse are, therefore, a growing challenge for crypto exchanges as the cryptocurrency market is still not adequately regulated.
Bad actors usually resort to account takeover attacks to gain unauthorized access to existing authentic user accounts. They also create new fake accounts and use bots, automated scripts, and malicious human sweatshops to launch large-scale attacks.
Crypto Exchange Security: A New Frontier in Fraud
A global fintech platform was facing challenges fighting cryptocurrency fraud
One of our customers, a global financial services platform, is hugely popular among its users. Individuals, institutions, and entrepreneurs across the globe use this platform to trade, invest, and raise capital in more than 60 cryptocurrencies. It's popularity and scale of operations, however, became the reason for the relentless siege of the platform for cryptocurrency fraud using both automated bots and human-driven attacks.
Attackers used stolen or fake customer details, automated bots, and human sweatshops to perpetrate multiple attacks. These included fake new account registration, account takeover, payment fraud, and money laundering. They also abused the dormant user accounts for cryptocurrency fraud. All these malicious activities caused financial losses to the company apart from increased risk of non-compliance to existing regulations and customer dissatisfaction due to disruption in user experience.
The fintech platform deployed the Arkose Labs solution to help resolve the numerous types of cryptocurrency fraud it was facing. The solution closely scrutinized every login attempt and within a few weeks, the company was able to successfully detect and stop both automated and human-driven account takeover attacks. This also deterred cyber thieves from using stolen credentials to open new fake accounts. Furthermore, good customer throughput increased by 10%.
Arkose Labs' future-ready approach makes fraud economically non-viable
BlockDown 2020: cryptocurrency exchanges must make it more expensive to attack
Arkose Labs adopts a multi-level, integrated approach that uses context-based 3D enforcement challenges to bankrupt the business model of bots. It does not block any user, instead provides each one of them with an opportunity to prove their authenticity. The dynamic risk engine analyzes hundreds of parameters and digital intelligence to assign risk scores to each incoming user. These insights inform the challenge-response mechanism to present context-based Arkose MatchKey challenges according to the risk profile of each user.
It is possible that authentic users may not see the Arkose MatchKey challenges at all; and if they do, they can solve the challenges with no difficulty, whatsoever. Bots and automated scripts fail instantly, as these proprietary 3D challenges are battle-hardened—in the sense that they are trained against the latest machine vision technology to make them resilient to automatic solvers. Malicious human users are presented with incrementally complex Arkose MatchKey challenges that sap time, effort, and resources to make the attack progressively non-viable. To clear the challenges at scale, attackers need to invest more resources. However, when returns are depleted, the attackers abandon the attack and move on.
The company was, therefore, able to use friction judiciously, which helped it prevent the creation of fake new accounts and successfully protected its authentic users from account takeover attempts. Not only was the company able to stop cryptocurrency fraud but has found a long-term solution to reduce abuse and operational costs while delivering a seamless customer experience.
The Arkose Bot Manager Platform, with its multi-level, integrated approach, continues to provide the company with continuous risk assessment that prepares it to fight evolving fraud tactics with confidence. To learn how Arkose Labs helped the company thwart cryptocurrency fraud and online abuse attempts, read the full case study here.