In her monthly expert column, Selva Ozelli, international tax lawyer and CPA, deals with the interface between new technologies and sustainability and offers the latest tax developments, AML / CFT regulation and regulatory issues affecting cryptocurrencies and blockchain.

Talk about how to end a stellar career at the US Department of Justice with a bang. Michele Korver, the DoJ’s first “crypto king”, has advised prosecutors, federal agents, the Treasury Department’s Financial Stability Oversight Board and the US delegation to the Financial Action Task Force on cryptocurrency matters and has developed cryptocurrency seizure and expiration policies and laws. While she was finishing her last day at work, a subsidiary of the infamous “REvil” gang, best known for extorting $ 11 million in Bitcoin (BTC) from meat processor JBS after an attack on Memorial Day, carried out the largest global ransomware -Attack on recording that will begin on the weekend of July 4th

Connected: Meet the DoJ’s Crypto Czar: Expert Engagement

A ransomware attack on REvil’s supply chain successfully distributed malware to thousands of companies in at least 17 countries who employ their IT departments at Kaseya, a privately held company based in Dublin, Ireland. Thanks to Kaseya’s compromised IT management software VSA, this was done in one fell swoop – resulting in a payday of $ 70 million in Monero (XMR). If REvil is successful, they can launch a second attack on companies that have chosen to pay Mondero’s claim. According to a recent Cybereason report entitled “Ransomware: The Cost of Doing Business,” 80% of companies that choose to pay on demand are attacked a second time. REvil could then decline and illegally launder revenues in dark web markets, as outlined in a report released by Flashpoint and Chainalysis.

Connected: Are crypto ransom payments tax deductible?

Criminals prefer to use cryptocurrency mixing / mixing services or privacy coins like Monero when paying for illegal goods and services to hide traces of the original source of money, emphasizes Korver, who wrote an article entitled “Swimming through the First “Co-authored by Wave of Cryptocurrency Money Laundering” in a journal published by the DoJ. As she writes:

“Criminals share common paths when it comes to placing, overlaying and integrating their ill-fated cryptocurrency. These paths cross several key sectors, including institutional exchanges, P2P exchanges, mixed and sniffing services, and traditional banks. […] Some of these key domains, such as P2P exchanges and mixing services, seem to serve criminals more directly who need to launder cryptocurrencies. “

Korver explains, for example: “To own cryptocurrencies for the first time, criminals have to [including cyberattackers and ransom demanders] Wallet needs to be set up. These wallets can be under your sole control [un-hosted wallets]or it could be custody wallets hosted by a third party provider such as an exchange. Once in the wallet, funds can be sent to blending services or gambling sites to cover up their historical traces. From there, the funds can be converted into fiat currency via exchanges, P2P exchanges or kiosks. Sometimes the funds are then transferred to a bank account or crypto debit card where they can be used to buy things or to pay off debts. While this is the typical way primary domains appear in the PLI process, criminals can use domains in any way they want: wallets can be used to shuffle funds; P2P exchanges can be used to integrate funds; and the kiosks can be used for shifting. Criminals can also repeat steps in the PLI process to further obscure the source of nefarious funds, although adding cost and risk each time they repeat the cycle. “

Connected: US updates AML / CFT law on cryptocurrencies

In the wake of ransomware payments, which have increased by around 500% since the beginning of the COVID-19 pandemic, Korver said that “Victims of ransomware attacks have relied on P2P exchanges. With the advent of ransomware as a standardized criminal company, more and more victims are forced to buy cryptocurrencies on short notice. It is estimated that 9% of Bitcoin transactions are caused by ransomware or some other form of network blackmail. If it takes days or weeks to open a verified account with an institutional exchange, a P2P exchanger can offer instant crypto and sacrifices ready to pay a premium rate. The victim noted that the “turnaround time” [at a registered institutional exchange] way beyond the immediate possibility of a ransom and that a P2P exchange device is a better option for getting crypto in a hurry. “

Before Korver joined the Financial Crimes Enforcement Network, FinCEN authorities proposed a rule aimed at transactions with unsaved crypto wallets, which are usually software installed on computers, phones, or other devices. Cryptocurrencies in a non-storage wallet are controlled by a person who can receive, send and exchange their crypto assets directly with other non-storage wallets or on exchange platforms without revealing their identity – thereby monitoring transactions and for anti-money laundering and compliance risks in counter-terrorism financing.

Connected: The authorities are trying to close the gap on non-storage wallets

These concerns are shared by the Financial Action Task Force (FATF), the intergovernmental body responsible for setting AML standards. The FAFT’s proposed 2019 policy updates add a range of informal crypto companies to the definition of Virtual Asset Service Providers (VASPs), meaning they will be compliant with AML / CFT regulations. Decentralized peer-to-peer exchanges / structures (with the exception of rules that apply to all companies, such as targeted financial sanctions) are still being examined.

As cryptocurrencies – along with ransomware attacks – become increasingly common, Korver will strengthen FinCEN’s leadership role in the digital currency space by working with internal and external partners to provide strategic and innovative solutions to prevent and contain illegal financial and mining activities.