Fraud and transaction problems were leading factors in a surge of US consumer complaints related to cryptocurrencies and other digital assets over the last two years, according to a new government report
The report from the US Consumer Financial Protection Bureau (CFPB) comes as the high-profile failure of the FTX crypto exchange has seized the attention of regulators and shaken the crypto industry. “Our analysis of consumer complaints suggests that bad actors are leveraging crypto-assets to perpetrate fraud on the public,” said CFPB Director Rohit Chopra.
Even before the collapse of FTX, complaints from consumers who were hit by other types of digital currency losses have been rising at an alarming rate, the CFPB reported. The CFPB report said the crypto market has become a magnet for fraudsters who see little chance that their schemes will be detected due to the absence of investor protection and the opaque nature of the market.
Crypto firms hiding behind “terms & conditions”
The fledgling crypto industry’s $2 trillion market, made up of complex and illiquid digital assets, lacks controls and account management operations to handle customers’ problems, the CFPB report suggested. The firms often “hide behind terms and conditions” to delay transactions when customers try to claim their crypto assets.
The report found that despite marketing claims that they offered “immediate access” to funds, some crypto firms have often delayed or denied redemptions based on “identity verification issues, security holds, or technical issues.” Many customers also reported the transactions were settled at prices far below quoted levels when unexpected or unexplained fees were tacked on. Some firms cited “market spreads” that led to payouts far below quoted prices. Further, the transaction concerns were most often handled in some form, the CFPB report said, even if they were settled on disadvantageous terms for consumers.
The largest complaint category, representing about 40% of complaints, involved fraud-related matters, and sometimes included use of social media by digital currency participants in a potent mix of deception and opaque fund movement. The CFPB reported that in many instances of fraud reports from customers, the transaction provider declined to accept responsibility or to help in recovering funds, arguing that since they act as intermediaries they are not contractually required to act. In some cases, they required customers to submit to “mandatory arbitration” and clauses that prohibited them from joining class actions.
US regulators have said that since the crypto firms operate from offshore domiciles, they have only limited powers to intercede when fraud surfaces. The CFPB itself said its “complaint bulletin” was meant as a risk warning, but the agency went no further in committing its own enforcement division to pursuing wrongdoing.
Enforcing crypto fraud “time-consuming”
The CFPB, with its own packed rulemaking and enforcement agenda, suggested that pursuing bad actors would be a drain on agency resources since the anonymity of crypto “makes tracing crypto-assets stolen by fraudsters more time consuming for regulators and law enforcement.” The agency said it would continue to log complaints and follow up with efforts to recover funds from crypto firms it could reach; however, in most cases, it said it would refer complaints to the Federal Trade Commission or other law enforcement authorities.
In its bulletin, the CFPB said the fraud complaints ranged from sophisticated “nation-state” level operations to the types of social engineering scams or cyber breaches seen in ransomware attacks by bad actors seeking payments in hard-to-trace cryptocurrencies. Among the leading scam methods the CFPB noted were: i) playing on a victim’s emotions to extract money or posing as customer service representatives to gain access to customer accounts; ii) using social media posts or targeting different communities in affinity attacks aimed at younger populations, Black and Latino communities, older consumers, and service members; and iii) impersonating crypto-asset developers, founders of major websites such as YouTube, or the official accounts of governments to solicit crypto-asset donations to help the people of Ukraine.
The CFPB also described various tactics that crypto firms used to evade or delay regulations or returning assets to customers, including: i) patterning transactions by using many small transactions to evade money laundering and fraud controls; ii) freezing consumer assets immediately prior to entering bankruptcy or using decentralized finance (DeFi) as part of the crypto-asset ecosystem; and iii) using hacked SIM cards and mobile phone numbers to activate and take control of users’ credentials, or linking transactions and a crypto address with a consumer’s identity on their other transactions.
While the CFPB’s bulletin was intended as a warning to consumers, it cited one area in which it might take direct action — the use of deceptive claims of government savings account insurance, which is guaranteed by the Federal Deposit Insurance Corporation (FDIC). In a May announcement, the CFPB said it could bring action under the Consumer Financial Protection Act, which prohibits any fraud involving deceptive claims around FDIC insurance.
“Our analysis of consumer complaints suggests that bad actors are leveraging crypto-assets to perpetrate fraud on the public,” said the CFPB’s Chopra. “Americans are also reporting transaction problems, frozen accounts, and lost savings when it comes to crypto assets. We will continue our work to keep the payments system safe from fraudsters targeting Americans.”