Crypto Recovery in the UK for Financial Institutions: the Most Common Reasons for Losing Assets

The rise of cryptocurrency in the UK financial sector brings almost as many risks with it as opportunities. The issue is, of course, that crypto is still new to us and best practices are still being discovered and iterated on.

It’s particularly important for issuers and financial companies to understand why assets can go missing, so they can better safeguard. By recognising the common causes of asset loss, crypto asset recovery efforts can be improved upon too.

This article explores the main reasons for losing crypto assets.

Technological Failures 

Technological failures are a major cause of asset loss. Again, it’s in part a growing pain because these systems are still fairly new.

System glitches and software bugs can disrupt transactions, leading to inaccuracies and missing funds. One example might be a coding error in the transaction processing system resulting in incorrect balances or lost transactions. It highlights the need for rigorous and ongoing testing and validation of all systems handling crypto assets.

Cybersecurity breaches and hacking incidents also pose significant risks. There have been billions stolen through hacking and infiltrated systems so far. Financial institutions must invest in robust cybersecurity measures to stay ahead of the curve. At the very least, encryption and multi-factor authentication can help add layers of protection to assets and accounts. Regular security audits are of course needed.

Inadequate backup and recovery solutions further compound the problem. Without proper backup systems, institutions risk losing data during system failures. The lack of a comprehensive backup strategy (which has regular data backups and disaster recovery plans) is critical. Downtime is inevitable, it’s just a matter of minimising it and preventing permanent loss.

Human Error 

Human error is another common cause of asset loss in the crypto sector. Mistakes in transaction processing can lead to financial losses. For instance, an employee might input the wrong recipient address, resulting in funds being sent to an unintended party. In this sense, blockchain can be less forgiving, and so your own layers of data validation are needed. Ensuring accuracy in transaction processing is difficult, and it’s difficult to prevent users from doing so too.

Mismanagement of private keys is a common problem. Private keys are needed for accessing and controlling crypto assets, and so if an employee loses or mishandles a private key, the associated assets can become inaccessible. From an institutional point of view, there needs to be strict protocols for key management. There should also be education to customers about best practices for keeping these safe, and recommendations against storing them in insecure, plain-text locations.

Insufficient training and awareness among staff is one of the biggest culprits of human error. Employees in every department need to have a good grasp of cryptocurrency handling, and delegation of authority also needs to be taken seriously. Regular training sessions and educational programmes can equip staff with up-to-date knowledge. Topics should include transaction processes, key management and of course, the evergreen ability to recognise phishing attempts.

Clear procedures and guidelines should be established for all crypto-related activities, but they shouldn’t be static. Standard operating procedures (SOPs) can help standardise processes and reduce the likelihood of errors, but they need to be reflected on each year to see if best practices have since moved on (because it’s likely they have). By creating a culture of diligence, financial institutions can significantly reduce the risk of asset loss due to human error.

Regulatory and Compliance Issues 

Compliance issues are another red flag when it comes to the management of crypto assets. Misinterpretation of evolving regulations can lead to significant asset loss, and this is common because of how frequently they’re being updated. 

Institutions must stay informed about regulatory changes and ensure they understand the implications. Customers should also remain aware of these so they can spot firms that are not compliant, which in and of itself is a self-policing aid to prevent losses. Failing to comply with new regulations results in fines and the loss of assets, but it also results in damaged reputations.

Anti-money laundering (AML) laws are perhaps the most poignant. AML laws require institutions to monitor and report suspicious activities, of which, crypto can often attract them due to their semi-anonymous nature. In the crypto space, this involves tracking large or unusual transactions that may indicate money laundering. Failure to do so can actually result in asset seizures.

Challenges in adhering to know-your-customer (KYC) requirements further complicate efforts. KYC regulations mandate that institutions verify the identity of their clients. In the context of cryptocurrencies, this means collecting and verifying personal information from users, which is often resisted due to many people’s ideologies surrounding blockchain. Implementing thorough KYC procedures helps prevent fraud though, and it goes hand-in-hand with AML. 

One thing to focus on is the implications of cross-border transactions. Different countries have varying regulations regarding cryptocurrency. Institutions involved in international transactions must stay on top of various regulatory environments to avoid legal issues and potential asset loss. Establishing a dedicated compliance team can help manage these challenges, but it’s costly and very demanding. Thankfully the UK is somewhat internationally aligned most of the time.

Fraud and Scams 

Fraud and scams are rife in the crypto space. Phishing attacks and social engineering are common tactics used by fraudsters. In phishing attacks, scammers trick employees into revealing sensitive information, such as private keys or login credentials.

Ponzi schemes and fraudulent initial coin offerings (ICOs) are two prevalent and devastating scams. In a Ponzi scheme, scammers promise high returns to investors but use new investors’ funds to pay earlier investors, eventually collapsing when no new investments come in. 

Fraudulent ICOs, on the other hand, involve creating fake projects to attract investments and then disappearing with the funds. It’s not just civilians that get caught up in these, but entire institutions that invest in projects without thorough due diligence. This means reviewing the whitepaper closely and verifying the legitimacy of the project—and whether they’re FCA-authorised.

Insider collusion also poses risks, where employees with access to sensitive information might engage in fraudulent activities. This is much more prevalent within crypto-related institutions because of the anonymity and its immutability. So, institutions must be wary of counterfeit or compromised wallets and monitor their own staff behaviour.

Market Volatility and Liquidity

Market volatility is another consideration in crypto asset management. Sudden market downturns can drastically affect the value of assets, which is particularly easy to happen for coins with low market cap and/or high volume.

This may become a particular problem for a stablecoin. If there is a mass sellout, the provider may struggle to fulfil its promises of the reserve asset because it may not be truly 1:1, or it may be in less liquid forms (i.e. other assets or other cryptos). Financial institutions must implement strategies to manage this risk, just as customers should. Diversification of crypto portfolios can help mitigate the impact of market swings, as well as refrain from overpromising the level of stability a coin has.

Liquidity issues from low trading volumes are also a concern, as it makes it difficult to buy or sell large amounts without affecting the market price. Institutions should assess the liquidity of assets before investing, and keep updated about any changes to this. Engaging in assets with higher liquidity ensures easier entry and exit from positions (faster and smaller spread), reducing the potential for adverse price movements during large transactions.

This leads us to market manipulation, which is a particular risk associated with crypto assets that have low volume or market cap. 

Whales—individuals or entities holding large amounts of cryptocurrency—can influence market prices by buying or selling significant quantities. This means that institutions should perform due diligence on the ownership of the coins they’re handling, because artificial price movements may occur. It’s also important to distinguish between a true whale and simply a big pool. Detecting unusual trading patterns can help anticipate and respond to manipulation attempts.

Beyond due diligence, institutions should employ hedging strategies to manage these kinds of risks. Derivative instruments, such as futures and options, can be used to hedge against adverse price movements. These instruments allow institutions to lock in prices or limit potential losses, providing a level of ongoing stability.

Counterparty Risk 

Counterparty risk is another big consideration for financial institutions managing crypto assets. The failure of exchanges and custodians can lead to significant asset losses and has done many times in the past. 

Exchanges are platforms where cryptocurrencies are bought and sold, while custodians store these assets securely. Institutions must conduct thorough due diligence when selecting these service providers, though it can be difficult (it will get easier as the regulatory demands increase). 

Assessing the financial stability, security measures and reputation of exchanges and custodians can help mitigate counterparty risk. While hindsight is easy, FTX did show many red flags, such as frequent criticism regarding a lack of transparency. It was also closely connected to Alameda Research, which was a trading firm founded by Sam Bankman-Fried, which was another warning sign because the two lacked clear separation. Finally, a quickly growing firm with a lot of leverage is always going to be risky, because it’s not yet proven to have sustainable success. These are the kinds of lessons that we need to learn from.

Insolvency of counterparties is the key risk of course, because if an exchange becomes insolvent it may be unable to return the assets held in custody. So beyond due diligence, diversifying between institutions is also important so assets are spread across multiple exchanges.

Decentralised finance (DeFi) protocols may also introduce additional counterparty risks. DeFi platforms operate without traditional intermediaries. So, they rely on smart contracts to facilitate transactions. This may have its advantages in theory, but smart contracts can contain vulnerabilities that hackers might exploit. Institutions must thoroughly vet DeFi protocols before engaging with them, even more so if they are a DeFi provider themselves. This includes reviewing the code and understanding the governance structure.

Institutions can also consider purchasing insurance to cover potential counterparty failures. Some insurers offer policies specifically designed for crypto assets, providing a level of financial safety net. This can be cheaper than performing rigorous due diligence, but it nevertheless cannot ever fully replace it. 

Conclusion 

The key reasons for losing crypto assets are from a broad range of areas, from the people and technology involved all the way to fraud and counterparty risk. Financial institutions need to adopt robust risk management practices that go above and beyond the basic level of compliance, thus implementing modern and stringent security measures. 

Of course, institutions needn’t go at this alone. Insurance is a quick way to reduce one’s risk, and so is using third-party experts for help with due diligence; get in touch with us today to see how we can help. Beyond managing risk, it’s important to manage recovery, which includes crypto asset recovery and reimbursement.