Photo: Bloomberg
Photo: Bloomberg

Africrypt scandal: How safe is your crypto?

By Martin Hesse Time of article published Jul 1, 2021

Share this article:

WORDS ON WEALTH

Investing in cryptocurrency is risky. If you are simply buying it and storing it, awaiting a chance to sell it at a profit, that is risky enough, because the prices are so volatile. But if you use a platform with doubtful credentials that uses crypto it has bought on your behalf to trade or invest, that is so risky it is scary. And when such a scheme offers you a cloud-cuckoo-land return of 10% a month, and your greed completely overpowers your common sense, then, I’m sorry to say, you deserve to lose your money.

The Africrypt scam, which has been in the news over the last week or so, follows on the heels of last year’s Mirror Trading International debacle. In both, billions of rands of investors’ money simply vanished into the ether, which is to say the money now lies safely in some crook’s cryptocurrency wallet and is virtually impossible to trace. (That is the allure of crypto for criminals: it can bypass payment systems, foreign exchange controls, tax controls and banking transaction records, making money laundering a synch.)

I believe governments globally are being far too tardy in regulating crypto. Here in South Africa we have made some progress, with the Financial Sector Authority’s (FSCA’s) Intergovernmental Fintech Working Group (IFWG) slowly solidifying a legislative framework.

However, nothing is yet in place, and crypto remains unregulated, which means you have zero protection – zilch! – against crooks who use crypto to separate you from your money.

This is what the FSCA had to say on the Africrypt matter (edited by me):

“The FSCA confirms that it is aware of the concerns regarding investments in Africrypt. We are continuing to investigate complaints for indications of whether or not a financial product or service was offered to the public, which would have required Africrypt to be registered with the authority. At this stage we have only found evidence of crypto-asset transactions. Currently, crypto-assets are not regulated in terms of any financial sector law in South Africa and consequently the FSCA is not in a position to take any regulatory action.

“The authority has warned the public and continues to do so with respect to the high-risk nature of investing in crypto-assets. Besides the underlying concerns around the suitability of crypto-assets as an asset class for investment, due to the lack of an underlying business model and the risk of large fluctuations in the market price in most cases, the authority is concerned over the large number of scams being perpetrated by persons purporting to provide the crypto-asset to the public.

“Many of these entities are often not based in South Africa or have poor security in place to protect the crypto-assets being acquired by the public, and in theory held on behalf of the customer. Often however, they are just fraudulent operators.

“The crypto-asset sector has a number of legitimate players offering a legitimate service (albeit in a product over which we have high concern), but the public must be aware of the very large number of unscrupulous players in this sector.

“To protect the public, the authority is considering declaring crypto-assets as a financial product, which would give the FSCA jurisdiction over these transactions.

“Our preliminary observations concerning Africrypt led us to believe that this entity was offering exceptionally high and unrealistic returns akin to those offered by unlawful investment schemes commonly known as Ponzi schemes.”

In an article “Where to next? The case for crypto-asset regulation just got bigger”, Richard Rattue, managing director of Compli-Serve SA, which provides compliance services for financial advisers, says that in light of the Africrypt scam tighter regulation couldn’t come sooner. He says that the IFWG, through its new position paper (which may now be updated after this latest scandal), puts several principles forward:

  • Crypto-assets must be regulated appropriately.
  • An activities-based perspective must be maintained.
  • A risk-based approach to regulating crypto-assets must be applied.
  • The approach to crypto-asset regulation must be truly collaborative.
  • Digital and financial literacy must increase so that consumers are aware of the inherent risks of crypto-assets.
  • There must be a proactive and dynamic approach to monitoring and maintaining the crypto marketplace, in line with international best practice.

“The paper reiterates that the IFWG does not endorse this asset class. Their goal is to reduce risk through regulation. Their recommendations can be broken down into three key focus areas: anti-money laundering and dealing with the financing of terrorism, cross-border financial flows, and the application of financial sector laws,” Rattue says.

If you cannot wait for regulatory protection, he says, the rules of old apply. “Understanding and noting the risks and not simply focusing on the potential reward can be the first step to avoiding a crypto scam. Undertaking an appropriate due diligence remains the best start to a good crypto-asset investment decision,” Rattue says.

WHAT TO LOOK OUT FOR

Personal Finance asked Marius Reitz, general manager in Africa for international cryptocurrency exchange Luno, what investors need to do to ensure their cryptocurrency is safe.

PF: Please clarify for readers the difference between a cryptocurrency exchange where one can legitimately buy and store crypto, and a cryptocurrency investment/trading platform such as Africrypt.

MR: A legitimate cryptocurrency exchange does not trade on anyone’s behalf, nor does it offer trading tips or advice. Luno, for example, allows you to easily and safely buy, sell and learn about cryptocurrency. We are focused on making it safe and really easy for people to buy cryptocurrencies such as Bitcoin with their local currency, such as rands.

Africrypt was a cryptocurrency investment scheme founded in 2019 that promised clients returns of around 10% per month. It was not a crypto exchange. It said it used artificial intelligence software to achieve returns for investors.

Any guarantee of earnings should be viewed with suspicion, as returns cannot be guaranteed when it comes to cryptocurrencies. Many financial fraud schemes talk about “bots” that trade on your behalf and present fake testimonials as proof of guaranteed or outsized returns. If something sounds too good to be true, it probably is.

Price volatility has been the ongoing theme for crypto, and we’ve been through at least 15 price rallies and pullbacks, which makes predictable outcomes almost impossible.

To identify credible platforms, look for those with a good reputation. How many customers and wallets does it have? How easy is it to find information about the platform? What does the media have to say about it? Research whether there are proven and stringent safety and security measures in place to keep your money safe.

PF: What do legitimate exchanges do to give the buyer the security that his/her crypto is safe?

MR: There are several layers of security. Luno performs KYC (know your customer) and conducts sanctions screening on customers, similar to banks and other financial institutions. A legitimate exchange will do this to protect customers on its platform.

The platform should be registered with the Financial Intelligence Centre to report on suspicious activity. Legitimate exchanges such as Luno not only support regulation, but actively interact with regulators to bring regulations to the market.

When a new account is opened, Luno disables crypto sends for all customers by default. To enable crypto sending, customers need to go to their security settings to change the default. Should they click on ‘enable send’, customers are again warned about scams and that crypto payments cannot be reversed. They need to acknowledge the warning in order to proceed to send crypto to another wallet.

All web services and communication happens over SSL-secured (https) channels. Wallets are stored using PGP encryption. No individual has direct access to customer Bitcoin funds and regular auditing — both financial and security auditing — ensures that funds are always safe and fully accounted for. All our employees pass a background check, receive security training and are required to adhere to the company security policy.

All personally identifiable information, such as ID numbers, names and identity document scans, are encrypted and securely stored. Access to this information is logged and strictly controlled on a need-to-know basis.

PF: One can store crypto in a personal so-called "cold wallet". Do legitimate exchanges like Luno allow you to do this?

MR: Yes. A cold wallet is a preferred choice for people who want to have more control over their cryptocurrency. It offers a higher level of security from digital threats, as the cryptocurrency is kept offline.

At Luno, the majority of customer crypto funds are kept in what we call “deep freeze” storage. These are multi-signature wallets, with private keys stored in different bank vaults. Spending any Bitcoins from deep-freeze storage requires a coordinated effort with multiple layers of encryption and security checks. Wallet backups are also stored in encrypted form.

We maintain a multi-signature hot wallet to facilitate instant Bitcoin withdrawals. We control one of the keys and the other is held by the multi-signature custodian leader BitGo.

Splitting control of the keys between two companies makes the wallet much more secure, because an attacker would have to compromise both the Luno and BitGo systems in order to steal the keys.

PERSONAL FINANCE

Share this article: