Anomalous trades on FTX
LINK Trading Volumes Deviations on Huobi
Crypto in the FinCEN Leak
October Spike in Crypto Scam Activity — Finland
Anomalous trades on FTX
FTX demonstrates a noticeable leading digit spike, possibly indicating non-standard trading activity on the exchange. Recent order distribution sizes for COMP (Compound) deviate from other markets and contradict Benford’s law.
Application of Benford’s Law to Fraud Detection
The ACFE published an article on how to discern naturally occurring statistical deviations from fraud using Nigrini’s tests. Evidence based on Benford’s law has been used in federal and state criminal and regulatory cases.
LINK Trading Volumes Deviations on Huobi
Typically, frequency distributions for logged trade volumes have an near linear relationship with a negative slope, and a long tail (at the high end of trade size). As an example, in comparing LINK trading activity, the distribution on Huobi stands out when compared to other high-liquidity exchanges.
Exchanges or token creators can use trading algorithms that increase trading volumes to create an impression of a more active market. Many of the more simplistic and standardized methods of anomaly detection, such as aggregate raw trade-size distribution analysis, can be rendered ineffectual by more sophisticated wash trading schemes. Significant deviations from the theoretical power-law distribution in published trade volumes may be a reason for closer inspection.
Crypto in the FinCEN Leak
Our investigations team went through the FinCEN leak and found a few suspiciously similar transactions on Bitcoin blockchain. By looking at the transaction sizes and timestamps, Inca’s solution matches senders (originator banks) and receivers (beneficiary banks) mentioned in Suspicious Activity Reports (SARs) to specific blockchain addresses and business entities:
More cases with corroborating evidence, indicating that the flagged participants are likely using Bitcoin, can be found in the recent Inca Investigation Team post. The results highlight the importance of publicly available data and systems capable of correlating large datasets when performing fraud analysis.
October Spike in Crypto Scam Activity — Finland
Traditionally, the United States and Russia lead in reported crypto scam activity. However, there was a recent spike in scams targeting Finland.
Such a spike may be explained by the recent data leak of 50,000 patients of Finnish mental health services provider Vastaamo. The data breach was discovered after many patients received messages threatening to publish personal data unless a bitcoin ransom is paid. Vastaamo admitted to losing their patients’ data 2 weeks ago. This resulted in thousands of fraud reports submitted to bitcoinabuse.com and at least 6 ransom transactions totaling 0.467 BTC paid to the scammers.
Many of these reports are associated with a coordinated effort. Ransom attacks were conducted via the email “[email protected]” which threatened to release patient records, therapy notes, and personal data. Blackmailer(s) sent Finnish emails demanding a payment of “200 euros during the first 24 hours or 500 euros during 48 hours in order to destroy our data.”