Financial Advisory

Cubits, an online cryptocurrency trading platform, faced significant challenges when it became insolvent following a major security breach. The company, which operated primarily in Germany and Malta while being incorporated in the UK, aimed to expand its to Chinese customers. To facilitate transactions in China, Cubits partnered with an intermediary payment service provider, Pay Secure Online (PaySec). However, on February 5, 2018, the accounts of three Chinese customers were allegedly hacked, leading to a loss of Bitcoin (BTC) valued at approximately €29 million. This incident left Cubits unable to recover the funds owed for the BTC purchased by these customers, resulting in PaySec owing Cubits a total of around €35 million, which included €6.9 million from earlier transactions. The forensic investigations into this case revealed critical shortcomings in Cubits operational protocols. Key areas identified for improvement included the necessity of thorough due diligence on PaySec, which could have uncovered its connections to organized crime, thereby preventing any engagement with the company. Additionally, the absence of robust security policies and procedures left Cubits vulnerable; there were no mechanisms to detect unusual trading activities or to monitor transactions effectively. Furthermore, despite advertising that customer funds were held in cold storage, Cubits did not implement this practice, which would have safeguarded the €29 million in BTC from being transferred to the compromised accounts. In response to these issues, new regulations under The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 were introduced, requiring cryptocurrency service providers in the UK to register with the FCA and adhere to anti-money laundering (AML) rules. These regulations aim to enhance the security of cryptocurrency exchanges and mitigate the risk of money laundering. However, for Cubits, the new regulations did not address the existing challenges related to supplier relationships, indicating a need for further strategic solutions to prevent similar incidents in the future.