Lacking safeguards, at least for now, fraud is flourishing through stablecoins
As stablecoins enter mainstream use, buoyed by regulatory normalization and a surge of institutional interest by bulge bracket banks, among other entities, this new kind of blockchain-based financial technology may encounter a forceful headwind in the form of fraud. With their one-two punch of rapid transmissibility and predictable fiat-correlated value, stablecoins are perfectly suited for nefarious ends. It’s fairly easy to gain access to consumers’ wallets, and some consumers may even play a role in their defrauding through stablecoin-based money transfers — which criminals can easily convert into the currency of their choosing, or keep parked in a digital currency designed to stay fairly static in its value.
In an interview with Fintech Nexus, Eyal Elazar, VP of Market Intelligence at fraud protection platform Riskified, describes the kinds of fraud tied to these early days of stablecoin use, connects a subset of fraud to stablecoins’ public perceptions and real-world utility (for fraudulent ends), and outlines ways to resolve stablecoin-driven fraud.
The following has been edited for length and clarity.
Has increasing stablecoin adoption at all affected the nature or prevalence of fraud? If so, how?
Stablecoins are very interesting. We’re seeing more adoption as well as regulation; there’s an attempt to portray stablecoins as something a lot safer, but we’re seeing that the data is telling a very different story. With regards to fraud, there are two things that are worth highlighting.
The first stems from digital wallets, which are not just the case for stablecoins. Our team has managed to find some methodologies that fraudsters are using to hack wallets, like WormGPT, which is an LLM developed for fraudsters, who are able to use them as agents to scale scam systems so they’re able to kind of scam things more efficiently and find a way to get into these wallets.
Secondly, what we’re seeing with stablecoins specifically, is that we’re seeing a lot more scams impacting the end consumer. I do relate this back to the rise of AI, because what my team is seeing is that phishing attempts are becoming a lot more personal, impacting people that maybe don’t understand the risk involved. Because stablecoins are labeled as safer, there’s a tendency to use those in order to commit these scams.
What do you mean by that last part, that stablecoins are safer? Do you mean safer for scammers, or for consumers?
We’re seeing several things. First, stablecoins are great for fraudsters as an end product: They aren’t as risky and volatile as other types of coins. But what we’re also seeing — and this is a working assumption — is that, if I were to try to scam you into sending Bitcoin, you might be suspicious, because whenever someone hears, Hey, can you buy some bitcoins and send it to me? that’s an immediate red flag. Meanwhile: Hey, it’s hard for me to get US dollars, but it’s easy for me to use stablecoins, can you do that? It’s like sending money! feels safer.
What data from Riskified’s side is supporting that thesis?
We’re looking at retail, but also at money movement, remittances, and crypto markets. Given the fact that we are also adjusting to the age of AI, we have a lot of internal data that is more behavioral than strictly just data points, because we’re helping a lot of different merchants across verticals. That includes looking, at the moment of purchase, at whether the right mobile device is being used for a purchase, the right operating system, whether a mobile device is plugged into electricity, facing right-side up or upside down, and so forth.
We’re also looking at the data where people are saying, Hey, I got scammed. And we’re looking at uncommon behavior among users, such as buying $100,000 in stablecoins, which doesn’t fit their typical pattern. In the case of the correlation between stablecoins and remittances, we’re also seeing certain IP being connected to procurement, or giving you credentials, conducting money transfers, and sending those stablecoins abroad.
How do you resolve this? It sounds like a game of Whac-a-Mole.
In order to solve this, you need to look at it from two sides: One, scammed customers are purchasing and giving the stablecoins themselves. [Unlike, for example, a credit card number being stolen.] So we’ve developed capabilities to look a lot more at the behavioral aspects. We’re able to monitor online transaction history, so we can correlate activity with what we know about that person.
We’ve talked about some of the solutions here, but it seems like, if these issues continue, people will just keep using the Wises and Remitlys and Moneygrams of the world to avoid stablecoin-related fraud issues.
I think that any new technology comes with risk. The more adoption it gets, it’s easier to detect behavioral anomalies because the sample size gets bigger. And second, merchants learn and they adopt the right solutions. Look at what happened when we introduced e-commerce originally: Some people were very optimistic, while others said it’s too risky, and can’t be monitored or guarded appropriately.
But what happens is, there’s a huge exponential lift in security once you identify loopholes. Today, people can approve 99.8% of their e-commerce transactions, and that’s thanks to technology advancements. So I foresee a bright future for stablecoins. I want to see people buying at Nordstrom with stablecoins, the way we’re seeing more and more with ACH. Alternative payment methods have to happen; but for now, stablecoins cater mainly to two types of populations: early adopters and fraudsters.
