Crypto exchanges have become a tool of choice for would-be crypto “money” launderers. In late January, the AI analytics firm Chainalysis estimated that “cybercriminals have laundered over $33 billion worth of cryptocurrency since 2017, with most of the total over time moving to centralized exchanges.” Chainalysis, DeFi Takes on Bigger Role in Money Laundering But Small Group of Centralized Services Still Dominate (Jan. 26, 2022). The outsized role of crypto exchanges in crypto laundering was recently highlighted in the DOJ’s spectacular announcement that it had seized 94,636 Bitcoin (BTC), at the time worth approximately $4.18 billion, and charged a Manhattan couple with conspiring to launder the stolen BTC through various crypto exchanges. U.S. Department of Justice, Two Arrested for Alleged Conspiracy To Launder $4.5 Billion in Stolen Cryptocurrency (Feb. 8, 2022). Crypto has long been seen as particularly susceptible to money laundering activities due to its anonymity and independence from traditional cash routes and their attendant regulations. As alleged in the DOJ’s complaint and the accompanying statement of facts, the couple deployed various “sophisticated laundering techniques,” including using multiple false identities, opening multiple accounts, and depositing crypto at multiple exchanges on multiple blockchains to break up the fund flow and conceal the transaction history. U.S. v. Lichtenstein, Case No. 22-mj-22 (RMM) (S.D.N.Y. Feb. 7, 2022); Statement of Facts (Dkt. No. 1-1). But crypto exchanges can use the unique features of blockchain technologies to their own ends, including developing effective countermeasures to detect and thwart crypto laundering schemes.

Cross-Platform Know Your Customer (KYC) and Customer Due Diligence (CDD). Obtaining and validating customer information to create accurate customer profiles and conduct customer risk rating is anti-money laundering 101. Crypto exchanges can double the effectiveness of this practice if all services running on the same blockchain (e.g., other exchanges, custodial lending, etc.) use consistent CDD and KYC standards. Traditional KYC information generally includes the user’s name, government-issued ID, and home address. Crypto KYC should also include the user’s registered devices and primary IP address. User’s bank accounts linked to crypto wallets can be used for CDD to corroborate information for identity verification. Higher-risk users, such as those in higher-risk jurisdictions or using higher-risk assets (discussed in part 3, below) should be subject to Enhanced Due Diligence (EDD), such as a live video chat with the user to verify his identity.