Uncover the story behind the 'Biggest Heist Ever' — a gripping new Netflix documentary! Watch the trailer.

Insights
December 17, 2024

‍California DFPI Releases Comprehensive Data on Crypto ATMs; TRM Analyzes the Data

TRM InsightsInsights
‍California DFPI Releases Comprehensive Data on Crypto ATMs; TRM Analyzes the Data

As crypto regulation continues to solidify across the globe, one of the more significant trends to watch in 2025 is the expanding influence of U.S. state regulators. Among these, the California Department of Financial Protection and Innovation (DFPI) is emerging as a key force, setting the tone for how crypto businesses operate within a robust regulatory framework. 

Today, the DFPI released new data, a comprehensive list of crypto ATMs located in the state, shedding light on the state’s crypto kiosk landscape. 

From DFPI website showing a sample list of crypto kiosks and location

The data

As part of a newly passed California statute, as of January 1, 2024, crypto kiosk operators are required to provide a list of their locations to the DFPI, as well as comply with daily transaction limits (USD 1,000 per day, per customer) and provide receipts to customers for any transaction. 

Notably, the statute also states that the DFPI will make this kiosk location information for each operator available to the public on the department’s website. The dataset in today’s release includes physical addresses for over 4,500 kiosk locations across California, with the largest cities of Los Angeles, San Diego and Sacramento unsurprisngly having the greatest concentrations of kiosks. 

TRM analysis 

TRM conducted an assessment of the data, and associated on-chain risk profiles of over 30 crypto entities that operate these kiosks across the state of California.  Specifically, TRM analyzed the operators’ transactional flows, associated risks and risk scores at the entity level, which on average were significantly higher than average risk scores for crypto exchanges.  

Collectively across all of these operators, approximately 84% of all illicit activity was connected to scams in 2024. Cybercrime Services, Carding and PII Shops, Banned or Controlled Substances, and Darknet Market exposure rounded out the remaining top 5 risks. 

How this compares to previous findings

As TRM reported earlier this year, this new analysis is consistent with a wider assessment we performed which noted that in 2023, 79% of all cash-to-crypto illicit volume went to known scam and fraud addresses. Last year, illicit volumes in the cash-to-crypto industry stood at 1.2% of total volume, double the 0.63% for the overall crypto ecosystem. TRM analysis shows that the vast majority of illicit transactions going through cash-to-crypto services are linked to scams and fraud: 

A TRM analysis of crypto ATM transaction data from over 300 different ATM companies across 56 countries, together with other proprietary sources, revealed a recurring pattern that could be used by authorities and compliance teams to identify suspicious activity: multiple payments sent from different ATM companies—often located in different countries—to a single address. 

One reason this activity raises a red flag is that most ATM companies ask the sender of the funds to be the owner of the destination wallet address. These rules are designed to reinforce the intended use of the machines for personal finance and prevent abuse by unidentified third parties. It’s possible to see when these rules are being violated thanks to a key characteristic of crypto ATMs: Unlike web browsers, transaction location data cannot be spoofed by using a VPN. Thus, if a device is based in a particular country, the transactions from that device can reliably be said to have occurred in that country. When a single address receives multiple deposits from different ATMs in various locations, often within moments of each other, it suggests that user(s) are not complying with these rules. 

TRM graph: A single exchange address receiving funds from 40 different cash-to-crypto services ATMs located all over North America

In the TRM graph shown above, a single exchange address received funds from 40 different cash-to-crypto services ATMs located all over North America. The same address was reported in multiple public reports and investigations as being used by scammers as an aggregator and off-ramp for stolen funds. In this case, the significant number of transfers from multiple cash-to-crypto service locations to the same address served as the trigger for investigators to identify the suspicious destination address.

Accordingly, regulators and law enforcement globally have been concerned about the exploitation of crypto kiosks by perpetrators using romance scams, investment scams, impersonation scams, and others that use these services to enable payments by victims.  To help counter the proliferation of these scams, and enhance the identification and reporting of these illicit actors, TRM recently announced that its established multi-chain scam reporting platform, Chainabuse, was partnering with Operation Shamrock, which provides law enforcement with education and resources to help seize illicit funds and disrupt cybercriminals. 

What’s next for DFPI?

The DFPI’s release of crypto ATM kiosk data represents the continued rise of state-level oversight in the cryptocurrency industry as it takes significant steps toward greater transparency and consumer protection. TRM’s analysis of this data highlights the ongoing risks associated with cash-to-crypto transactions, particularly the prevalence of scams, which underscores the critical need for robust compliance and reporting measures. 

Over the next couple years, DFPI will continue to roll out its implementation of the Digital Financial Assets Law (DFAL), which includes robust licensing and monitoring processes in order to provide the appropriate regulatory framework and consumer protections across the crypto asset ecosystem. Governor Newsom recently signed AB1934 which extended the date of licensure under DFAL from 2025, to July 1, 2026. Once live, digital asset companies must be licensed by the DFPI or have applied for a license with the DFPI in order to operate in California.

This is some text inside of a div block.
Subscribe and stay up to date with our insights
arrow right
August 28, 2024

Rate of Illicit Activity at Crypto ATMs is Double That of Overall Crypto Industry

arrow right
January 23, 2023

Crypto ATM Payments Linked to Known Scam Addresses

arrow right
June 22, 2023

New York state of mind: a look at NY Department of Financial Services' role as one of the most active regulators in the crypto space

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
No items found.
Cork board with mugshots of Heather "Razzlekhan" Morgan and Ilya Lichtenstein, with their names written in handwritten script below their photos, and push pins on the board connected by red string.
DOCUMENTARY
Stream “Biggest Heist Ever” and get a behind-the-scenes peek from the TRM team
CHECK IT OUT →
A light blue two dimensional circle (representing a stablecoin) floating against dark blue and white curved lines (representing waves), with thin dotted blue and white lines overhead to represent wind.
REPORT
Explore the macro trends and jurisdictional developments that shaped the global crypto policy landscape in 2024
READ THE REPORT →
Illustration on a dark blue background showing a bug and exclamation mark (representing illicit activity), a globe with pin points, a coin, and a bar chart.
REPORT
See the countries with the highest rates of crypto adoption — and the highest rates of exposure to illicit activity
READ THE REPORT NOW →
A blue rectangle with geometric shapes in the background and dots connected by thin lines in the foreground, representing connections on the bockchain.
WHITE PAPER
Explore four ways TRM improves compliance in the modern sanctions enforcement era
Download the white paper →
Illustration of a pig butchering chart featuring various cryptocurrency logos in each section, with a bright blue sheriff's badge on top, symbolizing law enforcement's role in combating fraud.
CASE STUDY
See how Deputy District Attorney Erin West and the REACT Task Force are fighting back against pig butchering
WATCH THE VIDEO →
Illustration of an eye, skull and crossbones, and a pie chart on a light blue background, symbolizing the dangers of crypto scams and financial fraud.
REPORT
Explore the key trends that shaped that the illicit crypto economy in 2023
GET THE REPORT →
Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT