CipherTrace Q3 2019 Cryptocurrency Anti-Money Laundering Report: Two-Thirds of the Top 120 Cryptocurrency Exchanges Have Weak KYC

A Third of Cryptocurrency Exchanges Still Host Privacy Coins Despite Fears of Impending Financial Action Task Force (FATF) Travel Rule

Trend or Anomaly? Lowest Quarterly Crypto Asset Thefts and Scams in Two Years

Snapshot of the key trends:

  • CipherTrace launched a first-ever comprehensive investigation of cryptocurrency exchange Know Your Customer (KYC) compliance and found that two-thirds of the top 120 exchanges have weak policies.
  • Q3 saw an increasing regulatory clampdown on virtual asset transactions as regulators, crypto exchanges, banks and financial institutions prepare for the Financial Action Task Force (FATF) funds Travel Rule to take hold on cryptocurrency businesses.
  • In anticipation of the new FATF AML regulations, many cryptocurrency exchanges have preemptively jettisoned their privacy coins; yet, 32 percent of exchanges, including those determined to have weak KYC, still have privacy coins listed.
  • Although Q3 showed the lowest quarterly cryptocurrency thefts and scams in two years, the total number for 2019 still stands at a whopping $4.4 billion.
  • Terrorists, wise to blockchain forensics, are developing more sophisticated methods of obfuscating cryptocurrency funds flows for financing attacks and operations.


(Graphic: Business Wire)

MENLO PARK, Calif.--()--CipherTrace, the leading cryptocurrency and blockchain intelligence firm, today released its Q3 2019 Cryptocurrency Anti-Money Laundering (AML) Report. Highlights of the report address cryptocurrency regulation, nefarious actors within the ecosystem, impending legislation, international trends and prevailing sentiments. Of particular note, CipherTrace conducted a first-ever comprehensive investigation of cryptocurrency exchange Know Your Customer (KYC) procedures and found that two-thirds (roughly 65 percent) of the top 120 exchanges lack strong KYC policies.

On June 21, 2019, the Financial Action Task Force (FATF), an intergovernmental organization that standardizes global legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats, released “Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers.” In this Q3 Crypto AML Report, CipherTrace reveals that, with only seven months left for nations to pass laws and virtual asset service providers (VASPs) to comply with the guidelines, the majority of exchanges are not equipped to handle basic KYC, let alone comply with the stringent new funds “Travel Rule” included in the updated FATF guidance.

The research results revealed that the lion’s share—more than two-thirds—of exchanges do not have good KYC. The breakdown of the ratings shown in Figure 1 are as follows:

  • Weak – These exchanges allowed CipherTrace researchers to withdraw at least .25 BTC daily with very little to no KYC.
  • Porous – These exchanges require some sort of ID verification process.
  • Good – These exchanges require a very strenuous KYC process, which takes several steps to complete before the researchers were able to make a deposit or withdrawal. They not only require the ID process but also proof of address. Some require a phone call or video chat to complete the KYC process.

The FATF funds Travel Rule requires VASPs to securely transmit (and store) sender and receiver personally identifiable information (PII) with any cryptocurrency transaction valued at or exceeding USD/EUR 1,000. Consequently, stringent KYC is necessary to meet the Travel Rule’s base requirements.

Nations that fail to enforce FATF guidelines are often subject to political ostracization, financial sanctions, and are added to a FATF blacklist, which documents countries that it judges “to be non-cooperative in the global fight against money laundering and terrorist financing.” The U.S. has maintained a similar Travel Rule through the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) since 1996. Recently, Kenneth Blanco, FinCEN Director, explained that his organization “has been conducting examinations that include compliance with the funds’ Travel Rule since 2014.”

“(The Travel Rule) is the most commonly cited violation with regard to money service businesses engaged in virtual currencies,” said Blanco.

The Travel Rule has proven particularly problematic for ‘privacy coins,’ whose primary use case, to obfuscate money transmitter data, seemingly contrasts with the information sharing required for compliance. In expectation of regulatory crackdown, many exchanges have pre-emptively removed privacy coin listings. However, 32 percent of exchanges, including those determined to have weak or porous KYC, still have privacy coins listed.

In its report, CipherTrace explains how exchanges and cryptocurrency developers have grappled with the privacy dilemma. Although the report does punctuate a concern for privacy coins that have no compliance strategy, CipherTrace affirms that recent reports of the death of privacy coins have been greatly exaggerated. In fact, many of the top privacy coin developers have already released statements (outlined in the report) on how they could comply with the Travel Rule.

Other Trends Involving Virtual Assets

Outside of the significant KYC research findings and the Travel Rule, the CipherTrace Q3 CAML report discusses this quarter’s top stories related to cryptocurrency crime. After two years of large, high-profile exchange hacks and exit scams, there has been a significant reduction in cryptocurrency crime. Still, even with the lowest quarterly cryptocurrency thefts and scams in two years, 2019 still experienced a massive spate of crypto crimes—more than $4.4 billion to date.

While CipherTrace has no hard data to explain the Q3 dropoff —except for potentially the anomalous nature of the QuadrigaCX and PlusToken frauds skewing the numbers in previous quarters—one possible explanation is that government regulation of the industry is having a positive impact. CipherTrace had previously speculated that the shift from outright thefts to exit scams and other frauds perpetrated by insiders indicated that crypto exchanges had begun to adequately invest in hardening their IT infrastructures. This is because criminals, as they are wont to do, follow the path of least resistance.

CipherTrace cites maturing and sophisticated terrorist and criminal syndicates as partially responsible for the global regulatory clamp-down on cryptocurrency. Terrorists, other criminal organizations and their supporters and sympathizers are constantly looking for new ways to raise and transfer funds without detection or tracking by law enforcement. As regulators continue to stifle resources for criminal cryptocurrency use, terrorists are using more sophisticated methods to secure funding and launder money for operations and attacks.

For access to the full report, visit:

About CipherTrace

CipherTrace is the leader in blockchain security. CipherTrace’s anti-money laundering, blockchain analytics, and crypto threat intel solutions are powered by advanced cryptocurrency intelligence. Financial investigators and auditors use CipherTrace blockchain analytics to trace virtual asset transactions. Leading exchanges, virtual currency businesses, banks, and regulators themselves use CipherTrace to comply with regulation and to monitor compliance. Its quarterly CipherTrace Cryptocurrency Anti-Money Laundering Report has become an authoritative industry data source. CipherTrace was founded in 2015 by experienced Silicon Valley entrepreneurs with deep expertise in cybersecurity, eCrime, payments, banking, encryption, and virtual currencies. The U.S. Department of Homeland Security Science and Technology (S&T) and DARPA initially funded CipherTrace, and it is backed by leading Silicon Valley venture capital investors.

Visit for more information or follow the company on Twitter @CipherTrace and on LinkedIn.


Ben Noble
Director of Public Relations
t: +1 919-721-3590



Ben Noble
Director of Public Relations
t: +1 919-721-3590