CRYPTOCURRENCY adoption in Malaysia has undeniably grown over the past year, with about RM21 billion in digital assets traded in the country in 2021, according to the Securities Commission (SC).
Although 55 per cent of the country's adult population is still underbanked and unbanked, 18 per cent of adult Malaysians own cryptocurrencies, ahead of the global ownership average.
It's not hard to see the popularity of digital assets, especially among the more tech-savvy. For the financially underserved, digital currencies provide them access to the financial and credit services they need.
With only a little capital, an email account and smartphone, one can easily start crypto trading in a real-time and borderless manner via a crypto exchange or digital wallet.
Such ease-of-use combined with the promise of outsized gains and a more equitable distribution of assets is very appealing, not to mention the low fees involved in opening and trading crypto versus maintaining a bank account.
Yet, despite its rapidly growing popularity, the high number and value of crypto scams are a growing cause for concern.
Globally, crypto scams amounted to US$14 billion in 2021, and in Malaysia, victims are losing increasingly larger sums.
Understandably, Malaysia's government remains wary about digital currencies and has stepped in to protect customers, in part due to risks associated from exposure to cyber threats.
While crypto exchanges are largely young players who are innovative, there needs to be a stronger risk governance culture to identify and assess money laundering and terrorist financing risks before offering new products and technologies.
Firms should assess based on risks of anonymity, likelihood of usage by criminals for illicit purposes, and volatility and liquidity of the product which can render it susceptible to market manipulation and fraud.
Clearly, there is more that crypto exchanges can do to protect their customers by ensuring that proper security measures are in place to mitigate cyber attacks.
Protecting the customer
Threats exist across the entire customer journey with crypto exchanges, including onboarding, transactions and identity recovery.
While the majority of compliance and focus is on the onboarding phase, where exchanges ensure that individuals go through eKYC (electronic Know Your Customer) to authenticate their identities, there is also a need for businesses to invest in KYB (Know Your Business) to verify business' legitimacy and avoid fraud, money laundering or other criminal activity. KYT (Know Your Transaction) chainalysis monitoring also helps tackle the high incidence rate of fraud by reviewing transactions along the blockchain real time, detecting any suspicious activities such as money laundering or terrorism financing, filing such reports as well as managing investigations.
Besides threats in the customer journey, exchanges are also susceptible to hacking and scams that can drain accounts in minutes.
As crypto exchanges are lucrative targets for hackers, the highest security standards ought to be implemented – be it for the value of the assets traded or reputational risks.
Additional measures that crypto exchanges can implement include multi-factor authentication and biometric authentication.
For centralised exchanges, instead of using SMS OTP authentication, which runs the risk of having SMSes diverted, fraudulent transactions performed and is also a weak link for spoofing, exchanges should consider biometric authentication. This method is much more robust as it is able to identify the individual rather than the device.
With solutions like liveness detection that verifies live users by checking their facial movements, identity theft is less likely to occur.
Taking it a step further, the use of biometric authentication could be used in conjunction with OTPs and other forms of authentication as not all users have access to smartphones with biometric authentication capabilities.
While biometric solutions should be robust enough most of the time, these services should still be accessible to less digitally native consumers who do not know how to enable camera/fingerprint functions or have concerns about digital security measures.
Other preventive measures include the ability to store crypto in cold wallets, temporary or permanent account locks when a user fails a number of login attempts, and blocking withdrawals once account details like linked email addresses and phone numbers are changed.
Notification should be sent whenever funds are withdrawn or deposited to alert users of any suspicious activities.
Potentially, the exchange could also allow users to log in and cancel the transaction or suspend the account immediately.
For the methods above, crypto exchanges should involve users in the decision-making process whereby they have to give their consent and indicate what constitutes a suspicious activity to them.
Cryptocurrency users should also be able to decide when they want their accounts to be locked or frozen, what they want to be alerted for, and how much liquidity should be held in their hot wallets.
The future of Malaysia's crypto market
Crypto's rapid growth in Malaysia shows no signs of abating, especially among the young and digitally savvy. This will further draw the attention of both regulators as well as bad actors, who are ready to penetrate lax security infrastructure or customer lapses.
Crypto exchanges must urgently play their part by shoring up their defences in order to protect themselves and their customers from financial and reputational risk.
* The writer is director of growth markets at ADVANCE.AI