According to the FBI’s annual Internet Crime Complaint Center report, cybercrime created a $6.9 billion hole in the US economy last year, and with large-scale hacking events hitting some high-level crypto projects in recent months, the issue of cybersecurity has always been in the headlines. — and Cayman is not immune.
In August last year, the Securities and Exchange Commission (SEC) in the United States issued its first charges against operators of Blockchain Credit Partners, based in the Cayman Islands, for unregistered sales of more than $30 million. of titles. The SEC found that two executives at Blockchain Credit Partners were using the Ethereum blockchain to sell cryptocurrencies to investors while misleading them about the company’s profitability.
Ian Thornton Trump, Information Security Manager at Cyjax UK Ltd have been observing such developments for years. With over 25 years of experience in the field of computer security and information technology, having previously served in the Canadian Forces Military Intelligence Branch, Military Police and Royal Canadian Mounted Police.
In front of the 5e Annual Cayman Islands Digital Economy Conference (CYDEC) in Grand Cayman, where Mr. Thornton-Trump is among the speakers, he discusses some of the key issues dominating the cybersecurity space from the perspective of the cryptocurrency industry.
Cayman Loop: How would you characterize the cybercrime environment in 2022?
Ian Thornton Trump: What we see in cyber today is a situation where traditional bank fraud has been weaponized by cyber criminals, combined with a fair amount of investment complexity with the financial instruments involved, due to a lack understanding of some investors. For legitimate cryptocurrency businesses in this environment, the biggest problem is their reputation and the volatility of the crypto industry. If a cyberattack is directed against a bank in the UK, for example, it will not negatively impact the value of the pound, but if a cyberattack takes place against a crypto exchange, the impact on the value of its digital tokens will be dramatic. With the vast flows of institutional funds into this area and the sudden destabilization of some stablecoins that we’ve seen recently, all in the absence of effective regulation, when you mix it all up you have what I would describe as the environment richest target ever created for insiders or malicious actors to exploit.
What I see now is a hyper-awareness issue for crypto investors and essentially a galaxy-sized attack zone. You can go back to the old question of why do people rob banks? Of course, that’s because that’s where the money was, but it’s not there anymore. It’s all online – and now we’re seeing these ransomware attacks, including state-sponsored attacks from places like Iran and North Korea targeting cryptocurrency holders and exchanges – in fact the entire industry ecosystem.
Cayman Loop: How big is the cybercrime problem?
Ian Thornton Trump: The scale of the problem is staggering considering that in 2020 the amount defrauded in the crypto space was over $12 billion and despite best efforts, around 98% of cases go unsolved. That’s such a big number and if you think about it, if there had been a $12 billion bank robbery you’d expect the FBI to break down every door to get it back, but it’s really a new frontier.
Cybercriminals do not make surveys, so it is to some extent difficult to know the exact extent of the loss. What we do know, however, is that Bitcoin is the currency of choice for large-scale industrial ransomware gangs. Bitcoin has a reputation problem but it would have to be said that the US dollar would be the number one choice for drug dealers so there is a large amount of criminal use of the US dollar but with crypto there is a reputation issue and it’s a lot “Buyer beware.”
Cayman Loop: How sophisticated are some of these cyberattacks?
Ian Thornton Trump: Really, we are seeing both sophisticated and simple attacks and this really highlights the lack of understanding among investors. We have all heard of these “get rich quick” schemes and just as some people have made a lot of money from crypto, a lot of people have lost a huge amount. Again, the level of understanding of the crypto sector is easily exploitable considering, according to Cardify research, that regardless of investors’ experience in the sector, most still have moderate to low levels. of cryptocurrency knowledge, making them vulnerable to social engineering attacks.
Cybercriminals are exploiting weaknesses at the intersection of finance and digitalization. The wormhole attack earlier this year was one of the most sophisticated attacks we’ve seen recently. This saw $326 million stolen from the DeFi platform, after an attacker found a bug in the code where the site did not properly validate input accounts, allowing the attacker to spoof signatures guardians. We have seen several cases where a weakness in the code has been exploited by different types of highly sophisticated actors.
At the other end of the scale, there are those simple “double your bitcoin” scams, where you have people hack into Twitter accounts and impersonate them, promising that if you send them an amount of bitcoin, they’ll send you double that. Again, it’s so telling that investors aren’t aware of the risks and when you have exchanges and creators that don’t follow best practices, you really have what I call a perfect fraud storm.
Cayman Loop: What is important to change from a cybersecurity perspective – and can the industry keep up with how quickly this space is changing?
Ian Thornton Trump: An important point to consider is anonymity in crypto and the fact that there are no real rules on KYC but that’s something the EU is talking about now and I think we’re going to see a change transformer. Earlier this year, the Economic and Monetary Affairs Committee (ECON) and Civil Liberties Committee (LIBE) voted to introduce a bill to remove the privacy aspects of crypto transactions. This would mean extending the AML requirements that apply to traditional payments over 1000 EUR to even the smallest crypto payments, requiring the identification of payers and recipients. This matters because as things stand, even properly-intentioned KYC and AML practices have done little to prevent billions from flowing through the traditional financial system.
In terms of tracking cybercriminals, it looks like this giant garden hose, similar to the fight against terrorism after 9/11. We are really on a war footing in financial services and the industry has no incentive to make efforts to educate law enforcement, which is really focused on traditional criminals. Moreover, the accusations made by the SEC in this area, for example, are only the tip of the iceberg. What needs to change is AML teams and cyber teams need to work together and adopt the FEMA model, which I mean requires plans for each type of threat and being able to tailor a response to a security incident – physical or cyber.
CYDEC 2022 – Reshaping the future
This year’s Cayman Islands digital economy conference, ‘Reshaping the Future’, will take place on June 21 at The Westin, Grand Cayman. Ian Thornton-Trump will present a session on “NFTs Just a fad?” Or here to stay? A discussion of the future of NFTs and what they mean for the Cayman Islands”. For more information on CYDEC 2022 and to register, visit www.cydec.ky