VPN providers market their products to crypto traders as a way to enhance data security and privacy. But the reality is much different – VPNs are primarily used to spoof location, hide identity and circumvent geographical restrictions. As a result, VPNs are starting to attract the attention of crypto regulators who, in the face of increased money laundering, terrorist financing and other financial crimes, are tightening up KYC/AML/sanctions compliance rules in order to detect bad actors and combat crypto fraud.
For example, United Nations experts found that North Korea launched cyber attacks to help modernize its nuclear weapons, stealing more than $316 million in virtual assets from 2019 to November 2020. According to the Associated Press, North Korea still “continues to generate illegal revenue by exploiting freelance information technology platforms using the same methods it does to access the global financial system – false identification, use of virtual private network services, and establishing front companies in Hong Kong.” (1)
And U.S. and European law enforcement shut down a VPN that ransomware groups and other bad actors used to hide their identities. (2) The service provider offered “bulletproof hosting services,” which law enforcement says “is intentionally designed to provide web hosting or VPN services for criminal activity.” (3)
Are Bad Actors Using VPNs to Access Your Platform? You Need To Read Our Cryptocurrency White Paper!
4 Reasons Why Hiding Behind VPNs Signals Trouble
As the above examples illustrate, faking location through a VPN or other anonymizing tool is a necessary step that bad actors use to hide their online identity in order to commit cybercrime.
VPNs and other anonymizers cause trouble for cryptocurrency regulators by:
- Allowing for “uninterrupted” cyber-crime. Bad actors can “do business” while evading detection by law enforcement.
- Masking IP addresses and preventing device tracking. This lowers the quality of data available for reporting and for ensuring the integrity of transactions.
- Enabling sanctions violations. VPNs enable users to bypass geographic restrictions and conduct transactions from sanctioned regions.
- Not logging user data, which obfuscates reporting, oversight and investigative capabilities.
Regulators are becoming increasingly willing to crack down on the misuse of technology to perpetrate cybercrime. “While the Department of Justice and its partners are committed to supporting the advancement of legitimate cryptocurrency technologies and uses, we will not hesitate to enforce the laws that govern these technologies when necessary to protect the public,” said Brian Rabbitt, the former acting Assistant Attorney General for the DoJ’s Criminal Division. (4)
The Future of Cryptocurrency Regulations
Regulators are now monitoring the increasing number of VPN providers that market their products specifically to crypto traders that enable them to hide their location and remain anonymous. In response, lawmakers will be tightening up KYC/AML cryptocurrency regulations to require more accurate location data than what’s provided by an easily spoofed IP address.
In fact, key regulators have already noted the importance of geolocation data. The Financial Action Task Force (FATF), in its 2020 Guidance on Digital Identity, specifically identified multi-source geolocation data (e.g., Wi-Fi, GPS, GSM/cell tower triangulation, HTML5, etc.) as a necessary part of digital identity and KYC verification. And the UK’s Financial Conduct Authority (FCA) was one of the first financial regulators to distinguish between geolocation data and an IP address within identity verification expectations. (5)
Don’t wait for regulators to “red flag” your platform by allowing users to hide their true location using a VPN or other anonymizing tool. Discover how to de-risk your platform with advanced geolocation data that keeps bad actors out – and invites good users in!
Download our white paper, “Geolocation Data: Crypto Exchanges’ Secret Weapon to Slash Regulatory Risk and Fight Financial Crime.”
(1) See Associated Press, UN experts: North Korea using cyber attacks to update nukes, Feb. 9, 2021.
(2) See CNET.com, FBI and European law enforcement shut down VPN used by ransomware groups, Dec. 23, 2020.
(3) See Justice.gov, U.S. Law Enforcement Joins International Partners to Disrupt a VPN Service Used to Facilitate Criminal Activity, Dec. 22, 2020.
(4) See Justice.gov, Attorney General William P. Barr Announces Publication of Cryptocurrency Enforcement Framework, Oct. 8, 2020.
(5) See fca.org.uk, Financial crime systems and controls during coronavirus situation, Updated Jan. 8, 2021.