According to estimates by the Anti-Phishing Working Group (APWG), which was released on Tuesday, criminals have stolen approximately $1.2 billion in cryptocurrencies since the beginning of 2017.
The estimates were based on the cybercrime group’s research on cryptocurrency that included data on reported and unreported theft.
“One problem that we’re seeing in addition to the criminal activity like drug trafficking and money laundering using cryptocurrencies is the theft of these tokens by bad guys,” Dave Jevans, chief executive officer of CipherTrace, a cryptocurrency security firm, said in an interview.
Jevans is also chairman of APWG.
Jevan estimates that of the $1.2 billion stolen, only 20% or less were recovered. He also added that international law enforcement agencies have their hands full with tracking these criminals down.
Their investigations on criminal activities will probably take a step back as the European Union’s new General Data Protection Regulation (GDPR) takes effect on Friday.
“GDPR will negatively impact the overall security of the Internet and will also inadvertently aid cybercriminals,” said Jevans. “By restricting access to critical information, the new law will significantly hinder investigations into cybercrime, cryptocurrency theft, phishing, ransomware, malware, fraud and crypto-jacking,” he added.
The GDPR, which was passed in 2016, is aimed at simplifying and consolidating rules that companies must abide by in order to protect their data and return control of personal information to citizens and residents in the EU.
The implementation of the GDPR will indicate that most European domain data in WHOIS, the internet’s database of record, won’t be published publicly after May 25.
WHOIS contains information on the names, addresses and emails of those those who register domain names for websites. Jevans said WHOIS data is an important resource for investigators and law enforcement officials working to prevent thefts.