Hacked Exchange Cryptopia Was in Breach of AML Requirements
Things go from bad to worse for users of hacked New Zealand-based cryptocurrency exchange Cryptopia. Its liquidators Grant Thornton have today revealed that the exchange failed to meet its AML obligations when creating new user accounts.
Cryptopia Breached AML Laws Before the Hack
Cryptotopia liquidators have had an uphill battle all the way when it comes to recovering users’ assets. The shady practices of the hacked-then-liquidated exchange included pooling users’ assets into a co-mingled wallet.
Now, according to the New Zealand Herald, Grant Thornton told a High Court at Christchurch on Tuesday that the company had breached its AML requirements when onboarding new customers. Liquidators Malcolm Moore and David Ruscoe’s affidavit said:
[We] have given careful consideration to the limited personal identification information available because, in our view, it raises various issues including anti-money laundering compliance.
Ruscoe has been working closely with the New Zealand Department of Internal Affairs as well as the Police regarding the company’s AML compliance policies. But their efforts have been hampered by a dearth of user information. In fact, for some 933,000 active accounts, there is no more to go on than a username and email address.
The Seedy Inner Workings of Cryptopia
Grant Thorton has so far uncovered that at least 100 customers that wanted to trade to a limit of $500,000 had sent proof of their identification. This included a selfie holding their national ID document along with a statement that explained the source of their funds. Their address was then apparently verified by Cryptopia using Google Maps.
But that’s a very small drop in the bucket for Cryptopia’s 2.2 million accounts with next to no information at all, most of which were based offshore. The bulk of Cryptopia users resided in the US, the UK, the Netherlands, Russia, Brazil, and South Korea. Cryptotopia had less than 10 thousand users in its native New Zealand.
Worse still, as many as 44,000 early customers holding $23 million were never verified nor had any type of trading limit imposed.
Adding further insult to injury is the fact that “thousands of accounts” holding over $3 million have been traced to remote islands near Australia that are uninhabited. Thousands more could not be traced to any location at all.
Traders Must Provide More Info to Reclaim Assets
After the infamous hack of January 2019, in which some $24 million in crypto assets was reportedly stolen, the struggling exchange attempted to open its trading doors again. Unsurprisingly, it failed to regain the trust of its users and was forced into liquidation in May of the same year.
Its liquidator’s affidavit states that the theft involved many cryptocurrencies including bitcoin, ether, and litecoin. These assets were being held in a data center in Arizona to which the liquidators had to travel to retrieve customer information.
A four-day hearing was to begin this Tuesday at the Christchurch High Court to determine ownership of the partially recovered crypto-assets (now reported to be worth as much as $250 million), in order to transfer them back to traders.
However, Cryptopia liquidators are still painstakingly trying to identify individual accounts as the funds were pooled together in a merged wallet. Moreover, the latest evidence of the exchange’s AML breach throws yet another wrench in the works.
Before assets can be returned to traders, its liquidators stated that they would need to provide additional identification information to comply with anti-money laundering laws.
According to its second report in Dec 2019, Granth Thornton had recovered some $5 million in assets from a third-party account and had some $7 million on hand to fund the liquidation.
What do you make of these latest Cryptopia developments? Add your thoughts below!
Images via Shutterstock