After Binance's $4.3B Lesson, Do Rival Crypto Exchanges Risk Running Afoul of U.S. Rules?

11/25/2024 04:55
After Binance's $4.3B Lesson, Do Rival Crypto Exchanges Risk Running Afoul of U.S. Rules?

Bybit, Bitget and OKX combined have 877,000 daily active users in the U.S., data from Sensor Tower shows. It's unclear if they are just checking prices, or trading in violation of the rules.

Bybit, Bitget and OKX combined have 877,000 monthly active users in the U.S., data from Sensor Tower shows. It's unclear if they are just checking prices, or trading in violation of the rules.

Updated Nov 20, 2024, 10:31 p.m. Published Nov 19, 2024, 1:00 p.m.

  • Cryptocurrency exchanges Bybit, Bitget and OKX had nearly a million "monthly active users" in the U.S. in August, data from Sensor Tower shows.
  • That doesn't mean these MAUs were trading in violation of U.S. rules; they could've just been engaging in allowed behavior like checking crypto prices.
  • But with VPNs, it's possible for Americans to circumvent geoblocks, a costly lesson exchange giant Binance recently learned.

At many crypto exchanges around the world, U.S. residents are like visitors to an art museum. They can look, but they're not supposed to touch.

Apparently, a lot of Americans are at least looking. Are any of them touching?

Bybit, Bitget and OKX, three of the largest cryptocurrency exchanges, all prohibit traders from the U.S., where the companies are not licensed. Yet in August, the three exchanges combined had almost a million monthly active users (MAUs) in the U.S., according to research by Sensor Tower obtained by CoinDesk.

To be clear: "active" does not necessarily mean trading. If someone in the U.S. downloads the mobile app from Apple or Google and then does anything with it during a given month, they count as an MAU. Gawk at a price chart, as one might do on CoinDesk's price pages? That exchange would not be abetting rule-breaking behavior. It might be if the American trades, however.

Almost exactly a year ago, Binance, the world's top exchange, was forced to write a more than $4 billion check to the U.S. government to settle allegations that, in part, hinged on improperly allowing Americans to trade on its platform. Since then, the cryptocurrency industry has been on notice: Having customers in the United States can be a costly mistake.

Polymarket might be on a path to learning that, too, amid news that its CEO's home was raided last week — reportedly because people in the U.S., contrary to a 2022 deal with regulators, may have traded on the popular prediction market. (Though who knows if incoming President Donald Trump's Department of Justice will put its weight behind any investigation.)

Read more: Polymarket's Probe Highlights Challenges of Blocking U.S. Users (and Their VPNs)

Even though Bybit, Bitget and OKX warn website visitors with U.S. IP addresses that they are ineligible to trade, users can disguise their locations using virtual private networks, or VPNs. And even though all three exchanges erect another barrier to keep Americans out by requiring some level of customer identification, traders determined to get around such hurdles have been known to obtain fake, stolen or rented credentials.

Flashback to 2021: For $200, You Can Trade Crypto With a Fake ID

VPN and a fake ID

In jurisdictions with stringent cryptocurrency regulations, such as the United States, it is common for individuals to resort to VPNs to access offshore cryptocurrency exchanges, said Daniel Arroche, partner at French crypto law firm d&a partners.

“Although this practice often violates the terms of service of many platforms, it highlights the persistent demand for access to global markets despite regulatory hurdles,” Arroche said.

A spokesperson for Sensor Tower said it's impossible for his company to determine what exchange app users are doing.

“We can neither confirm nor deny if U.S. users are using VPNs to change their location to access trading,” the spokesperson said via email. (The research, which is paywalled, was shared with CoinDesk by a third party.)

A video shared with CoinDesk, whose creator requested it not be published with this story, shows how an American can easily circumvent Bybit’s geofencing.

The video shows a user first visiting whatismyip.com to display their U.S.-based IP address with the VPN disconnected. Next, they connect to a VPN and change their IP address to a country allowed by Bybit's terms of use. The user then opens the Bybit app, logs in and successfully completes know-your-customer checks using a non-U.S. ID belonging to someone else. After that, they add funds and trade crypto on the platform from the U.S. without any issues.

Americans can bypass geoblocking rules by purchasing someone else's know-your-customer (KYC) information for less than $50 worth of crypto. A series of screenshots shared with CoinDesk showed how a U.S. user provided their login credentials to someone they met on X (formerly Twitter). Shortly after, the U.S. user was verified and able to trade freely on the exchange using the identity of a Kenyan.

Read more:Crypto Airdrops Ban U.S. Users, but Americans Are Claiming Tokens Anyway

The crypto exchanges respond

Bybit, an exchange that has risen rapidly in the last year or so to become the second-largest behind Binance by some estimates, seems to host the largest contingent of MAUs in the U.S. — a jurisdiction the firm says is categorically excluded from its platform — with 451,800 such users in August, according to the Sensor Tower data.

The next largest in terms of numbers of U.S. MAUs was Bitget with 281,600, followed by OKX with 144,000, also recorded in August by Sensor Tower, a data provider cited on occasion by the likes of The Wall Street Journal, New York Times and Bloomberg.

A spokesperson for Bybit said the exchange has taken various measures, including KYC procedures and IP address bans, to ensure that its services and products are not available to people from restricted jurisdictions.

“Users who attempt to download the app or access the platform from restricted jurisdictions will not be able to complete the registration process unless the KYC documents they submitted have indicated otherwise. Additionally, Bybit has implemented IP restrictions to block access from those restricted jurisdictions,” the spokesperson said.

Bybit did not respond to follow-up questions about VPNs and rented IDs.

Bitget said it "adheres to global compliance standards by enforcing region-based restrictions including the prohibited access of citizens of the US and various countries" and that "anyone attempting to access the Bitget app from any U.S. IP address will receive notifications indicating that access is restricted."

As for the Sensor Tower data, Bitget said, “one possible explanation … is that users from other countries utilize methods such as VPNs to mask their locations and download crypto exchange apps through app stores. Sensor Tower only tracks the country from which the app was downloaded, without being able to further discern the users' actual nationality.”

OKX initially did not respond to requests for comment. After this article was published, a spokesperson said OKX's app can be used as a non-custodial wallet without trading on the exchange.

"U.S. users can download the OKX app solely for the wallet," the spokesperson said. "Those based in the U.S. have a legitimate reason to use the OKX Wallet for their own self-custody needs, similar to MetaMask, Coinbase Wallet, and other wallet apps."

UPDATE (Nov. 19, 2024, 17:13 UTC): Adds comment from OKX.

Ian Allison

Ian Allison is a senior reporter at CoinDesk, focused on institutional and enterprise adoption of cryptocurrency and blockchain technology. Prior to that, he covered fintech for the International Business Times in London and Newsweek online. He won the State Street Data and Innovation journalist of the year award in 2017, and was runner up the following year. He also earned CoinDesk an honourable mention in the 2020 SABEW Best in Business awards. His November 2022 FTX scoop, which brought down the exchange and its boss Sam Bankman-Fried, won a Polk award, Loeb award and New York Press Club award. Ian graduated from the University of Edinburgh. He holds ETH.

X icon

Ian Allison

Read more --->