CoinLoan's partnership with Elliptic: Investing in trust and security

Crypto investment is booming, but so is cybercrime. Last year, the market attracted seven times more venture capital than in 2020, while ransomware and cryptocurrency theft saw more activity, including the two biggest cryptocurrency hacks to date taking place within eight months of each other.

As new innovations are transforming the crypto space positively, providing alternative mechanisms to engage with cryptoassets, they also introduce new risks, and cybercriminals are devising new schemes that leave users with no recourse to get their funds back. In the US alone, victims have reported losing over $1 billion in crypto since January 2021.

2022 could become the biggest year for crypto fraud, and businesses need all-encompassing measures to thwart attacks. Advanced blockchain analytics not only helps safeguard market participants — it is also part and parcel of an effective compliance program. Thanks to Elliptic, crypto platforms are able to prevent unwitting participation in scams and other financial crimes. This comprehensive solution is part of CoinLoan’s security arsenal.

Crypto fraud statistics since 2018. Adapted from the FTC report
Crypto fraud statistics since 2018. Adapted from the FTC report

According to Microsoft researchers, malware and other techniques are becoming more insidious. In the past, crypto was mainly used as a means to an end – for instance, in ransomware campaigns, which required manual transfers. Meanwhile, the success of cryptojacker malware largely depended on the capabilities of the victim’s hardware.

Enter cryware

The advent of information stealers signifies a shift in cybercrime. This cryware contains patterns used for private keys, seed phrases, or wallet addresses. It lets attackers exfiltrate data from noncustodial wallets directly and automatically.

The techniques include clipping and switching. In this type of attack, when a victim copies a wallet address to their clipboard, cryware replaces it with the attacker’s address. This happens completely unbeknownst to the user. Once the funds are transferred, there is no reversal — all blockchain transactions are final.

Clipping and switching. Adapted from Microsoft.com
Clipping and switching. Adapted from Microsoft.com

Beware of social engineering

Common scams leverage social engineering to lure victims into parting with their money. For instance, they may be taken in by fake celebrity endorsement videos. Such clips promise easy money to those who send crypto to sham projects. Aside from greed, social engineers often exploit fear, including FOMO. They use subconscious cues and invoke a sense of urgency or curiosity, so the victim rushes into action without forethought.

Social media scams abound

Social engineers are the most active on social networks and messengers – namely, Instagram, Facebook, WhatsApp, and Telegram. For example, social media content creators are tricked into downloading and executing nefarious files. Scammers email fake promotional offers and partnership contracts with malicious links or attachments. For example, cryware may be disguised as a video or document.

Investment fraud

Scams disguised as business opportunities account for over half of all crypto fraud losses reported to the FTC since January 2021. The majority of victims were lured in through an ad, post, or message on social media. This category includes stocks and commodity futures trading, art, gems, rare coins, advice, and other variations.

Romance scams

This type of fraud, which is similar to investment scams, came second. The perpetrators hunt for victims on dating sites or apps and sweet-talk them into sending money. In one case, the victim thought he was investing $300,000 in Bitcoin options.

Top-4 crypto scams by reported losses between January 2021 and March 2022. Adapted from the FTC Report. Note: Business and government imposters used crypto ATMs
Top-4 crypto scams by reported losses between January 2021 and March 2022. Adapted from the FTC Report. Note: Business and government imposters used crypto ATMs

Since 2018, social media crypto scams have grown fourfold. Moreover, the FTC’s estimations include only the 46,000 users that have reported their losses to the agency. Fortunately, however elaborate the crimes, transfers of cryptoassets to fraudsters’ crypto addresses are preventable thanks to companies like Elliptic.

Elliptic as part of CoinLoan’s security and compliance

A trusted provider and the first crypto platform licensed in the EU, CoinLoan keeps abreast of the compliance landscape. As a safeguard for its clients, Elliptic complements other mechanisms, such as 2FA. CoinLoan gives users confidence as it protects their assets and combats the abounding crypto scams.

To analyze blockchains for nefarious activities, Elliptic uses machine learning and a proprietary cybercrime database. It detects patterns and keeps track of the addresses and transactions associated with shady entities. These range from non-compliant crypto exchanges to darknet markets.

Blockchain analytics is an important part of AML compliance, and Elliptic lets crypto platforms take immediate action. It alerts them to addresses involved in fraud, from ransomware to clipping and switching. Suspicious transactions are halted and marked for additional manual review and investigation.

Without automation, compliance requires immense in-house resources. Crypto users are spread across the world, and their number can soon reach 1 billion. Keeping up with the blacklists, AML/CFT and sanction regulations manually is a tall order. The sheer time and manpower required make it virtually insurmountable.

Reasons for choosing Elliptic

Blockchain analytics firms are not created equal. According to Max Sapelov, CoinLoan’s CTO, “Elliptic offers an optimal combination of recognition, trustworthiness, and coverage of blockchains and digital assets.”

Currently, 66% of the crypto volume runs through exchanges using Elliptic. It covers over 98% of the global trading volume, providing actionable insights for 500+ cryptoassets and 100 billion+ data points. Crypto service providers, financial institutions, and even regulators depend on it to combat fraud and monitor risk.

What benefits does Elliptic bring to CoinLoan?

As the crypto market grows, so do the frauds that plague its participants. Halting transfers to compromised wallets is a matter of compliance and user protection, but it stems from a broader vision. Blockchain analytics helps CoinLoan grow, drive the industry forward, and bolster trust in digital assets.

CoinLoan’s emphasis on compliance is an important competitive strength. As Max Sapelov explained, “Playing by the rules from day one has allowed us to offer convenient fiat gateways and give users peace of mind.” With Elliptic, CoinLoan enhances its proactive approach to risk management.

Sketchy crypto businesses not only jeopardize clients’ assets. They are unable to offer smooth transfers to/from bank accounts and cards or have to impose exorbitant commissions. No reputable bank will open a business account without an audit of internal procedures. As a result, shady platforms deal exclusively with crypto or look for questionable alternatives.

Wallet screening via Elliptic. Adapted from Elliptic.co
Wallet screening via Elliptic. Adapted from Elliptic.co

Benefits for CoinLoaners

From a user’s perspective, Elliptic ensures safe withdrawals and unhindered transfers. First, it signals to other platforms that CoinLoan is a trustworthy source, a fully compliant business with high AML and KYC standards. In layman’s terms, users can be sure their withdrawals to legit addresses won't get blocked.

Secondly, this system halts transfers to scammy wallets like the ones pasted by clipboard hijacking malware. It is equally effective against social engineering fraud. CoinLoaners do not have to double-check every recipient’s address. If it raises suspicion, Elliptic alerts the CoinLoan team, and it launches an investigation to protect the user.

How it works

All CoinLoaners enjoy advanced protection regardless of the services used. Whether they grow their crypto in an interest account, take out loans, or exchange funds, all transfers from the platform are protected to the highest standards.

When CoinLoan receives a request for an outbound transaction, it sends a query to the Elliptic API. Elliptic checks every address against its blacklist to protect the users from a wide spectrum of attacks and scams. Suspicious transactions are halted automatically and escalated to a manual review when necessary.

Thanks to Elliptic, CoinLoan has already averted a number of withdrawals to scammy addresses. If these transactions had been successful, the senders would have no opportunity to recover their funds.

Compliance experts’ perspective

To better understand how compliance and risk management professionals are responding to the challenges and risks presented by cryptoassets, earlier this year Elliptic polled around 100 risk and compliance professionals across the crypto and financial sectors.

Of the respondents, over half (56%) said they face “significant” or “moderate” financial crime risk from cryptoassets. Meanwhile, confidence in their ability to detect crypto-related financial crime to a high degree of accuracy was split 50/50 between confident and less confident.

Although blockchain analytics and screening tools like Elliptic are becoming more common, the biggest challenge for a respondent’s business in detecting financial crime in cryptoassets remains “identifying transactions that show characteristics of structuring or other money laundering behaviors.” So, it is, therefore, more important than ever for governance, risk, and compliance professionals to understand the evolving nature of illicit behaviors and financial crime typologies in the cryptoasset space.