Cyber Intel Report  |  April  2021

Australia & New Zealand
Finance and Insurance Industry Threat Report

Crypto in Crosshairs

Cryptocurrency exchanges and platforms are increasingly targeted by financially motivated threat actors for direct financial theft amongst other cyber operations. Conversely, these services are also relied upon by cyber criminals for laundering money obtained from other criminal endeavours such as ransomware and Business Email Compromise (BEC). As cryptocurrencies are much more difficult to track in comparison to conventional money networks, the targeting and use of cryptocurrency exchanges may make the laundering and cash-out of stolen funds simpler for the threat actor. In addition, the security budgets of cryptocurrency entities do not come close to those of traditional financial institutions, making them easier targets that can still hold large amounts of liquid assets.

As Decentralised Finance (DeFi) platforms have been gaining attention in the cryptocurrency community, they have also been piquing criminal interest as potential marks and laundering mechanisms. DeFi platforms enable users to swap one type of cryptocurrency for another and directly transfer between wallets without being subject to know-your-customer checks and transaction recording, as would be the case on a standard cryptocurrency exchange.¹ Though there can be legitimate uses for DeFi, it can also be used illicitly for chain hopping, where adversaries can switch between types of cryptocurrencies in quick succession or through automation to make it extremely difficult to track sources and destinations of money. Several DeFi platforms have suffered cyber attacks in recent months.

Regulating cryptocurrencies

The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2017 is Australia’s most pointed piece of legislation with regards to cryptocurrencies. Since 2018 when the amended Act came into effect, all cryptocurrency exchanges operating in Australia have been required to register with Australian Transaction Reports and Analysis Centre (AUSTRAC), conduct user identity verification checks, maintain records and comply with AUSTRAC reporting obligations.2 Aside from this, the Australian government has taken a “principles-based” and “technology-neutral” approach,3 however the industry vertical has evolved at a faster rate than the regulatory response.4 The National Blockchain Roadmap was released in February 2020 to address regulatory issues, research and development, investment and opportunities.5

Cryptocurrency legislation remains a hot yet contested topic around the world. For example, India is close to banning investment in private cryptocurrencies through both foreign and domestic exchanges.6 Meanwhile in the US, President Biden has recently frozen a proposal for cryptocurrency regulation (amongst other proposals) to give the new administration time to review all potential regulatory changes.7

1 https://blog.chainalysis.com/reports/kucoin-hack-2020-defi-uniswap
2 https://www.austrac.gov.au/new-australian-laws-regulate-cryptocurrency-providers
3 https://www.industry.gov.au/sites/default/files/2020-02/national-blockchain-roadmap.pdf
4 https://www.globallegalinsights.com/practice-areas/blockchain-laws-and-regulations/australia
5 https://www.industry.gov.au/sites/default/files/2020-02/national-blockchain-roadmap.pdf
6 https://www.financemagnates.com/cryptocurrency/news/the-end-of-crypto-in-india-proposed-crypto-ban-has-big-implications/
7 https://themarketherald.com.au/biden-administration-freezes-crypto-regulation-changes-pending-review-2021-01-22/