Fraud in the history of crypto

In the history of crypto, there have also been resounding episodes of fraud. Whenever it happened, it was given wide media attention and this helped to consolidate the preconception that cryptocurrencies and scams normally go hand in hand. 

The fear of the strong correlation between crypto and fraud

The recent launch on Netflix of Trust No One, documentary on the controversial story of Quadriga CX, a major Canadian exchange in which hundreds of millions of dollars in cryptocurrencies of users of the platform have vanished, following the mysterious death of its founder, Gerald Cotten, puts his finger on an open wound and revives the pain.

You know, fear is a powerful lever, it spreads distrust towards everything that is crypto and this is one of the primary obstacles to the widespread use of cryptocurrencies and the many crypto assets.

Let’s try to reason about the phenomenon with a cold mind, avoiding easy suggestions.

One of the strengths of virtual currencies that rely on a blockchain is that it is virtually inviolable. To be able to force it, it is necessary to have a computational power that can prevail over the calculation capabilities of the blockchain.

On extended blockchains, such as Bitcoin for example, this possibility in practical terms is zero. To “steal” a cryptocurrency, the most viable way is to illegally take possession of private keys. A “physical” theft, for example, or being voluntarily delivered by deception.

Leaving aside the theory, in practice, among the most frequent frauds that somehow have to do with cryptocurrencies or crypto assets are those in which fake exchange platforms collect funds from users to purchase cryptocurrencies, that victims will never be able to withdraw from accounts opened on these ghost platforms. One day, when they fill up, they’ll disappear into thin air.

Not dissimilar in structure, frauds based on fake ICOs, in which, once an adequate amount of cryptocurrency resources is collected, to finance the implementation of a hypothetical technological and entrepreneurial project, simply the promoters run away with the register.

The main fraud schemes

Another recurring scheme: you are contacted by phone or email by someone who presents himself as an employee of some bank, true and authoritative. Of course he is not. With a series of excuses, you are led to invest increasing amounts in cryptocurrencies, making people believe that the investment is maturing very high returns.

Sometimes fake but credible contracts are signed. Then at the moment of withdrawing the fruits of the miraculous investment (perhaps, upon payment of some additional amount to pay alleged taxes to “unlock” the account) everything disappears: cryptocurrencies, or fiat currencies paid.

Another type of fraud, with some novelty features, is the one known as CryptoRom: it is based on dating apps (like Tinder). The scammer hooks the victim and gains their trust, mostly using the romantic lever or that of physical attraction, then convinces them to enter a Ponzi scheme.

Those who fall into this “honeytrap” go on to throw money away until they are convinced that the investment is yielding abundant results, which they will never collect. In the meantime, she will have been induced to pay several tens of thousands of euros, when with the excuse of taxes, or fees to unblock the investment, when pretending situations of urgent need, need or even danger, in short, applying some emotional leverage appropriate to the situation.

The damage caused by these frauds is particularly odious because they affect the savings of small investors and often irreversibly jeopardise their existence.

The ingredients used for these recipes are almost always the same: apart from the obvious emotional component (proposing to the victim something he would like to feel offered, wielding it, leveraging fears and desires) fraud in general does not affect the blockchain in technological terms, but other weaknesses that are, so to speak, superstructural. 

Flaws of the banking system that almost never intervene to block the operations carried out in the course of fraud, or human weaknesses (naivety, infatuations, ignorance, etc.). 

In short, fraud is one or two steps further downstream than the heart of blockchain technology.

Now, even when the fraud moves from a cryptocurrency transfer, sooner or later the latter are converted into fiat currencies and paid into bank accounts at real, regularly authorized banks. Those accounts, however, immediately after the hit disappear and are registered to false identities. And even the phone calls come from clear phone numbers, whose users are not, in fact, traceable. The same applies to emails, which can be traced back to apparently unclear domains, of which, however, the actual owner cannot be identified, and so on.

It seems incredible that, despite these steps being traced and made clear, it is so difficult for the victims of these frauds to obtain protection from the law. The fact is that investigations into these types of crimes are complex and costly. Police forces often do not have the resources to prosecute criminals.

These frauds, then, often have a transnational scope because transfers end up in foreign accounts. This implies the need for the cooperation of the police and investigative authorities of that country, which complicates and slows down the investigations. Especially in cases where fraud affects a multiplicity of individuals for relatively small individual amounts, this leads to the inescapable result of stalling investigations and prosecutions.

The rules guaranteeing this type of fraud

Those accounts, however, immediately after the hit disappear and are registered to false identities. There are traditional forms of crime, such as fraud, but there are also a number of dedicated forms of crime, such as unauthorised access to computer systems or the improper use of credit cards (provided for by art. 493 ter of the Italian Criminal Code of recent introduction), which also affects the improper use of any means of payment other than cash. 

Not to mention the figure of crime of computer fraud, provided for by art. 640 ter c.p., which provides a specific aggravating circumstance when the fact involves a transfer of money or virtual currency (paragraph 2). The latter are introduced with regulations that deal with anti-money laundering, such as the recent D.Lgs. no. 184 of 8 November 2021, transposing Directive 2019/713/EU.

The fact that, despite the existence of these rules, it is rarely the case that this type of criminal can be punished and thus protect the victims, is clearly a major problem. 

We talked about it with Paolo Dal Checco, one of the best known and accredited Digital Forenser in Italy, university professor, CTU for courts and tribunals, and consultant for investigative law enforcement agents. Paolo Dal Checco states that:

“The identification and therefore the punishability of these subjects is closely linked to the investigative potential of the context in which they have moved. In the crypto field, obviously with a minimum of knowledge, criminals are able to become anonymous and escape any type of tracking, unless they make mistakes that sometimes lead investigators to obtain information that can then lead to the identity of the criminals. In banking, on the other hand, anti-money laundering rules work until criminals take advantage of unsuspecting victims to violate the rules themselves, for example by making the accounts to borrowers or persons whose identity has been stolen, or attacking web banking profiles of subjects who in turn, without their knowledge, become vectors for scams.   This last case, among other things, begins to be quite frequent and involve subjects who are blamed for having perpetrated a fraud of which they themselves are victims. Other times, much more simply, through social engineering, fraudsters manage to convince victims to collaborate in money laundering activities, with their current accounts duly registered. These are the so-called “money mules”: a way to overcome the obstacles posed by the anti-money laundering rules and evade investigations by exploiting as points of support legitimate accounts the subjects who often unknowingly (but sometimes even consciously)They create an anonymization bridge between the final victim and the criminal. All these cases suggest that anti-money laundering rules often end up acting as a deterrent and generate disproportionate complications (even if only on the simple management of an account or a credit/debit card) to the detriment of “normal” people that is, those users who most likely do not intend to commit crimes do not simply use their accounts for their daily activity. Unfortunately, however, they are largely surmountable by criminals who have now learned how to circumvent them. This obviously does not mean that they are useless, but they should certainly be balanced in order to create more harm to criminals and fewer obstacles for ordinary users who do nothing criminal.”

The picture that emerges makes us reflect. The widespread system of the anti-money laundering legislation (especially the Italian one, more expensive than the European directives require it) often ends up limiting the operation of users and companies

In addition, it offers those banking institutions that are particularly hostile towards transactions that deal with cryptocurrencies many excuses to avoid carrying out this type of transaction. It is the case of Unicredit that has come to block the crypto operations of some customers and threats brandishing the anti-money laundering legislation, except for reversing when the case has become public knowledge.

But then what use are these massive data collections, the hypertrophy of sanctions and bureaucratic and identifying obligations, the heavy limitations on the common user, if the system in practice allows criminals to operate and remain quietly in the shadows and finally get away with it?