Feb 20, 2024

Ari Redbord, Head of Legal and Government Affairs at TRM Labs, joins "First Mover" to discuss the emerging hacks and exploits in the crypto industry in 2024.

Video transcript

Crypto hack seemed to be a theme of 2024 that's already emerging following a reported $126 million in losses just last month. Joining us now to discuss is a red board TRM Labs, head of Legal and Government Affairs Ari, welcome to the show. Hey, thanks so much for having me. Thanks for being here. Now, this interview is being recorded before a big event for you. You're going to the House Financial Services Committee to talk about hacks in web three. The interview is airing after that talk. So maybe there's some updates, but let's talk about what you're going to be chatting about today on the hill. Sure, absolutely. Um My written testimony is out there, but it's really look, um we understand that there are illicit finance risks within the crypto ecosystems hacks being one of those. Uh but because of the public nature of blockchains, right, the ability to track and trace this on this immutable public ledger allows law enforcement and investigators to actually follow the funds in ways that we never could in traditional world to mitigate those risks. So kind of a lot of discussion on Hey, look, these are the risks in the space, but we also have this unique ability to track and trace funds to build investigations and stop illicit actors. Uh, like North Korea, do you think that lawmakers and regulators understand that piece? That the track ability piece? I, I think so, I think we're sort of starting to have that discussion in a more meaningful way. I'm really looking forward to today's hearing because I think it will be very much sort of on that topic. It was specifically set up to discuss how we use uh blockchains in order to track and trace the flow of, to build investigations, to mitigate risk, to use it for compliance. So hopefully that will be sort of a large part of the conversation today. Um I think that again, like, you know, it's, it's hard to keep saying this, but we are still early and education is such an important piece of the puzzle and we're going to continue to do that. It's interesting you say that, that you think that that is something that's known because often when I hear some of our lawmakers talking about uh cryptocurrencies, it's, it's often uh under a veil of anonymity and uh often I hear them say that it's not trackable, it's not traceable. Uh Why do you think that narrative persists if, if that's known? You know, II, I think the reality is that um we do see sort of scams and fraud and this type of activity in crypto, but we also see it in the traditional financial system. Um And again, it just, you know, and maybe I think that because it's me shouting and a void into a void all the time and I'm just hearing my own voice or something, but I do believe we're making inroads in the conversation. I do believe that policy makers are starting to sort of better understand this narrative. Uh I will say that I think regulators very much understand it and have for some time you talk about the US Treasury Department, you know, they may uh disagree with the balancing, right? There may be too much illicit activity for them uh to be sure, I guess for anybody, but the reality is, I think we're starting to see that that conversation more and more. Um you know, I was a prosecutor for a long time in the Department of Justice and I investigated cases involving networks of shell companies and Hawala and high value art in real estate. And um there was no TRM to track and trace those things, right? Those were in the opaque corners of the traditional financial system, at least in crypto today uh on, on, on flows that happen on blockchains, we can track and trace those and have much more visibility. Now, I mentioned this in my intro, but we've seen a lot of losses already when it comes to hacks and scams in crypto orbit chain lost $81 million after hackers exploited the platform's cross chain bridge last month. Uh We've seen a few more big hacks. I think coins paid was at $7.5 million. This is a lot more than we saw in January of 2023. What do you make of these numbers? Do you think that 2024 is ripe for more hacks and scams more than we've seen in the past? Uh Look, I, I think hacks are a significant problem uh for, for the crypto ecosystem and really continue to be, I will say that in any conversation of this, we're early in the year. Uh So sort of looking back a little bit to 2023 hacks were down by about 50%. Um in 2023 from, from 2022. Um specifically, uh in, um, in 2020 yeah, in 2022 we saw about 3.7 billion in hacks against the crypto ecosystem in 2023. That number was about 1.8 billion again, way, way too much. Um But, uh, yeah, we, we've seen a couple uh major hacks already in 2024 we're going to continue to see hacks. But I also, I still believe that we will see a downward trend from that really all time high in 2022. It sounds kind of like, you know, when the prices are up, the hacks are up because it's maybe more enticing for criminals out there and when prices are down, maybe hacks are down. Is there a correlation there? That, that may be true. I mean, we're seeing a correlation there and I don't know if it's because of the price of Bitcoin and other crypto assets, um, or just because other factors, you know, I honestly, I point to factors to include better cybersecurity. I think we've seen better cyber controls at Cryptocurrency, businesses, financial institutions, um where uh that are the targets of these type of exploits. Um I think we've seen law enforcement get much, much better at incident response uh using tools like TRM to track and trace the flow of funds. It's becoming noticeably harder for cyber criminals, particularly North Korea to find those off ramps today to move funds from crypto into more usable fiat currencies because compliance controls have gotten better at the large exchanges and law enforcement has gotten better adding friction to the money laundering process using tools like TRM. I also think the industry has gotten much more focused on this issue really coming together for from an information sharing perspective from an incident response perspective, TRM is involved with a website called chain abuse, which is basically a ways for crypto fraud and scams, right? You can report in real time and have other people sort of see those reports, report to law enforcement, etcetera. So I think we're seeing a combination of factors. Um the price of Bitcoin likely being one of those. Uh, but I think actually less of a factor than those others. I just went through on the topic of North Korea. I know TRM Labs is out with a new report outlining how much hackers tied to North Korea stole in crypto in 2023. Talk to us about some of the highlights there. Yeah, I know, uh, really important to kind of understand North Korea and the role it plays in the crypto ecosystem today. You know, I mentioned hacks being a huge problem. Hacks are even greater problem when they involve North Korea, right? Because North Korea is not, uh you know, a, a white hat hacker, right? They are using those funds for weapons proliferation and other types of destabilizing activity. So North Korea, you have the added uh national security threat there. Uh We saw about 700 million uh stolen last year from the crypto ecosystem by North Korea in particular, that is down significantly from 2022. Uh for, for, for, in my view, for all the reasons I mentioned earlier. Um you know, better law enforcement response, better cyber security controls and um, and better uh industry cooper operation. But it's still way, way too much. We've seen about 1.5 billion in the last two years, 3 billion from 2017. And that is a very significant haul for a country that has absolutely no, uh econo, you know, economy whatsoever. It's a criminal, it's a criminal enterprise. Um I will say it's always important to point out that this is as much a cybersecurity issue or more a cybersecurity issue than a crypto issue per se. Crypto is just the value that's being stolen and laundered. It's the, the, the critical importance for every Cryptocurrency business. From the smallest DFI protocol to the largest exchange to build cyber security as critical infrastructure to stop these attacks from happening in the first place. We've gotten very good at following the money, you know, using tools like TRM uh working with law enforcement. But the reality is we have to stop them from happening in the first place and that really becomes a cyber issue very quickly. Before we go last year, you were named the vice chair of the New CFTC Technology Advisory Committee. Talk to me a little bit about what your focus has been there and what your priorities are moving into 2024. Yeah, so, so proud of the work of the technology advisory committee and Christy Goldsmith Romero, who's the commissioner from the CFTC that, that sponsors it. Uh Carol House is the chair of the committee and uh did an extraordinary work on producing a defi report. Um Really what I would say is sort of the most comprehensive uh regulatory discussion of that sort of intersection between decentralized finance and regulation. Um really talks about the importance of uh government agencies. Um really sort of capacity building around understanding the technology and working to find ways to uh potentially regulate it. The biggest challenge that we have today, as I see, it is the the importance of balancing the need for lawful users, right to have some degree of privacy in a open financial system. And at the same time securing it for from a consumer protection standpoint, from an illicit finance standpoint. And this report really, really digs in, I think in a, in a much more in depth way than we've seen before on, on what that could potentially look like. Ari Thanks so much for joining the show. Hey, my pleasure. Great to join you. That was TM Lab's Head of Legal and Government Affairs, Ari red Board.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to coindesk.consensus.com to register and buy your pass now.