At many crypto exchanges around the world, U.S. residents are like visitors to an art museum. They can look, but they’re not supposed to touch. Apparently, a lot of Americans are at least looking. Are any of them touching? Bybit, Bitget, and OKX, three of the largest cryptocurrency exchanges, all prohibit traders from the U.S., where the companies are not licensed. Yet in August, the three exchanges combined had almost a million monthly active users (MAUs) in the U.S., according to research by Sensor Tower obtained by CoinDesk.
To be clear: “active” does not necessarily mean trading. If someone in the U.S. downloads the mobile app from Apple or Google and then does anything with it during a given month, they count as an MAU. Gawk at a price chart, as one might do on CoinDesk’s price pages? That exchange would not be abetting rule-breaking behavior. It might be if the American trades, however.
Almost exactly a year ago, Binance, the world’s top exchange, was forced to write a more than $4 billion check to the U.S. government to settle allegations that, in part, hinged on improperly allowing Americans to trade on its platform. Since then, the cryptocurrency industry has been on notice: Having customers in the United States can be a costly mistake.
Polymarket might be on a path to learning that, too, amid news that its CEO’s home was raided last week — reportedly because people in the U.S., contrary to a 2022 deal with regulators, may have traded on the popular prediction market. (Though who knows if incoming President Donald Trump’s Department of Justice will put its weight behind any investigation.)
Even though Bybit, Bitget, and OKX warn website visitors with U.S. IP addresses that they are ineligible to trade, users can disguise their locations using virtual private networks, or VPNs. And even though all three exchanges erect another barrier to keep Americans out by requiring some level of customer identification, traders determined to get around such hurdles have been known to obtain fake, stolen, or rented credentials.
In jurisdictions with stringent cryptocurrency regulations, such as the United States, it is common for individuals to resort to VPNs to access offshore cryptocurrency exchanges, said Daniel Arroche, partner at French crypto law firm d&a partners. “Although this practice often violates the terms of service of many platforms, it highlights the persistent demand for access to global markets despite regulatory hurdles,” Arroche said.
A spokesperson for Sensor Tower said it’s impossible for his company to determine what exchange app users are doing. “We can neither confirm nor deny if U.S. users are using VPNs to change their location to access trading,” the spokesperson said via email. (The research, which is paywalled, was shared with CoinDesk by a third party.)
A video shared with CoinDesk, whose creator requested it not be published with this story, shows how an American can easily circumvent Bybit’s geofencing. Americans can bypass geoblocking rules by purchasing someone else’s know-your-customer (KYC) information for less than $50 worth of crypto. A series of screenshots shared with CoinDesk showed how a U.S. user provided their login credentials to someone they met on X (formerly Twitter). Shortly after, the U.S. user was verified and able to trade freely on the exchange using the identity of a Kenyan.
Bybit, an exchange that has risen rapidly in the last year or so to become the second-largest behind Binance by some estimates, seems to host the largest contingent of MAUs in the U.S. — a jurisdiction the firm says is categorically excluded from its platform — with 451,800 such users in August, according to the Sensor Tower data. The next largest in terms of numbers of U.S. MAUs was Bitget with 281,600, followed by OKX with 144,000, also recorded in August by Sensor Tower, a data provider cited on occasion by the likes of The Wall Street Journal, New York Times, and Bloomberg.
Bybit, Bitget, and OKX have all responded to these issues. Bybit said it has taken various measures, including KYC procedures and IP address bans, to ensure that its services and products are not available to people from restricted jurisdictions. Bitget said it “adheres to global compliance standards by enforcing region-based restrictions including the prohibited access of citizens of the US and various countries” and that “anyone attempting to access the Bitget app from any U.S. IP address will receive notifications indicating that access is restricted.” OKX mentioned that its app can be used as a non-custodial wallet without trading on the exchange for U.S. users.
In conclusion, it is clear that despite the restrictions put in place by various cryptocurrency exchanges, U.S. residents are finding ways to bypass these barriers and engage in trading activities. The use of VPNs and fake identification is a common practice among individuals looking to access global markets despite regulatory hurdles. As the cryptocurrency industry continues to evolve, regulatory compliance and enforcement will be crucial in ensuring the integrity of the market and protecting investors from potential risks associated with unauthorized trading activities.
