Addressing risks in Malaysia’s growing cryptocurrency market
CRYPTOCURRENCY adoption in Malaysia has grown over the past year, with about RM21 billion in digital assets traded in the country in 2021, according to the Securities Commission (SC).
Although 55 per cent of the adult population are underbanked and unbanked, 18 per cent of adult Malaysians own cryptocurrencies, ahead of the global ownership average.
It’s not hard to see the popularity of digital assets. For the financially underserved, digital currencies provide them access to the financial and credit services they need.
With only a little capital, an email account and a smartphone, one can easily start crypto trading in a real-time and borderless manner via a crypto exchange or digital wallet.
Such ease of use combined with the promise of outsized gains and more equitable distribution of assets is appealing, not to mention the low fees involved in opening and trading crypto versus maintaining a bank account.
Yet, despite its growing popularity, the high number and value of crypto scams are concerning.
Globally, such scams amounted to US$14 billion last year. In Malaysia, victims are losing increasingly larger sums.
The government remains wary of digital currencies and has stepped in to protect customers, in part due to risks linked with exposure to cyber threats.
While crypto exchanges are largely young players that are innovative, there must be a stronger risk governance culture to identify and assess money laundering and terrorist financing risks before offering new products and technologies.
Firms should assess based on risks of anonymity, the likelihood of usage by criminals for illicit purposes, and volatility and liquidity of the product, which can render it susceptible to market manipulation and fraud.
There is more crypto exchanges can do to protect their customers by ensuring that proper security measures are in place to mitigate cyberattacks.
Protecting the customer
Threats exist across the entire customer journey with crypto exchanges.
While a majority of compliance and focus is on the onboarding phase, where exchanges ensure that individuals go through eKYC (electronic Know Your Customer) to authenticate their identities, there is a need for businesses to invest in KYB (Know Your Business) to verify a business’ legitimacy and avoid fraud, money laundering or other criminal activity. KYT (Know Your Transaction) “chainalysis” monitoring helps tackle the high incidence rate of fraud by reviewing transactions along the blockchain in realtime, detecting suspicious activities, filing such reports and managing probes.
Exchanges are also susceptible to hacking and scams. As crypto exchanges are lucrative targets for hackers, the highest security standards ought to be implemented — be it for the value of the assets traded or reputational risks.
Additional measures that crypto exchanges can implement include multifactor authentication and biometric authentication.
For centralised exchanges, instead of using SMS OTP authentication, which runs the risk of having SMSs diverted, fraudulent transactions performed and is also a weak link for spoofing, exchanges should consider biometric authentication. This is much more robust as it can identify the individual rather than the device.
The use of biometric authentication could be used in conjunction with OTPs and other forms of authentication as not all users have smartphones with biometric authentication capabilities.
Other preventive measures include the ability to store crypto in cold wallets, temporary or permanent account locks when a user fails a number of login attempts, and blocking withdrawals once account details like linked email addresses and phone numbers are changed.
Notifications should be sent whenever funds are withdrawn or deposited to alert users of any suspicious activities.
Potentially, the exchange could allow users to log in and cancel the transaction or suspend the account immediately.
For the methods above, crypto exchanges should involve users in the decision-making process where they have to give their consent and indicate what constitutes a suspicious activity to them.
Cryptocurrency users should be able to decide when they want their accounts to be locked or frozen, what they want to be alerted for, and how much liquidity should be held in their hot wallets.
The future of Malaysia’s crypto market
Crypto’s rapid growth in Malaysia shows no signs of abating.This will draw the attention of regulators and bad actors.
Crypto exchanges must urgently play their part by shoring up their defences to protect themselves and their customers from financial and reputational risk.