Training + ReviewMost Popular

Training + Creation

FinCEN GTO MapLive · Updated weekly

AML Red Flag Library

BSA/AML Audit Simulator

SAR Decision Tree

AML Compliance Checklist

Verify a Certificate

Compliance Resources Hub

Compliance Glossary

Training Portal Login

CRYPTO-KYC-006Critical Risk

cyber/fraud

Red Flag

Customer’s account is accessed after credential stuffing attack, with login from a new device and immediate withdrawal of all funds to an external wallet not previously associated with the account.

Industry

Cryptocurrency Exchanges

Transaction Type

crypto

Customer Type

individual

Category

cyber/fraud

Regulatory Source

Document:FIN-2016-A003 Cyber Events

Type:FinCEN Advisory

CFR Citation:31 CFR §1022.210

SAR Category:Cyber event

FinCEN Key Term:Account Takeover

Last Verified:2026-04-15

View source document

Back to Library

This red flag is provided for informational and educational purposes only. It is not legal, regulatory, or compliance advice. Always consult the official source document and a qualified compliance professional for guidance specific to your situation.