A new class of cyber-enabled financial crime is reshaping the risk landscape for U.S. brokerages and trading platforms, as account takeovers increasingly serve as the entry point for coordinated market manipulation. This trend, driven by the intersection of cyber intrusion and financial exploitation, is no longer confined to isolated fraud or credential theft. Instead, it represents a broader convergence of cybersecurity risk and market abuse—one that challenges the boundaries of traditional compliance and surveillance frameworks.
According to the recent report from Solidus Labs “Account Takeover Meets Market Abuse: The Rise of Cyber-Enabled Financial Crime,” threat actors are using compromised brokerage accounts not to steal funds directly, but to influence asset prices through unauthorized trading. These attacks typically target less liquid securities—such as microcap stocks or certain digital assets—where limited market depth allows for greater price impact. Once the attackers have moved prices using the hacked accounts, they exit pre-established positions in their own external accounts at a profit, often without triggering conventional fraud or AML alerts.
This manipulation strategy has been observed in several U.S. enforcement actions. In one SEC enforcement case, 18 individuals used more than 30 hijacked retail accounts to inflate the value of Good Gaming Inc. and Lotus Bio-Technology Development Corp., generating over $1.3 million in illicit profits. Similarly, the Wilner Case saw over 100 accounts compromised to create artificial demand for illiquid assets. In both cases, the attackers didn’t withdraw stolen funds—they manipulated the market structure itself, all while bypassing fragmented compliance defenses.
What makes these incidents especially hard to detect is the siloed nature of legacy monitoring systems. “Historically, trade surveillance looked only at trades, cyber only at intrusions, and AML only at transactions,” said Chen Arad, co-founder of Solidus Labs. “But today’s threat actors exploit the seams between those functions. That architecture is outdated for how fast and interconnected today’s markets—and risks—have become,” he told Traders Magazine.
Indeed, the report emphasizes how disjointed oversight is being exploited by organized crime groups and state-linked entities, often enhanced by generative AI capabilities such as deepfakes, phishing sites, and social engineering bots. These tools allow attackers to scale rapidly—targeting self-directed platforms with margin access and fast trade execution, where compromised accounts can be used not just to access funds but to move markets.
Emerging solutions suggest a path forward. Integrated risk platforms—capable of analyzing surveillance, transaction monitoring, and cyber signals together—are showing promise. Detection models that monitor rapid changes to client data (Frequent Changes to Client Data, or FC), or link accounts through shared devices (Multi-Client Device Match, or MCDM), are increasingly critical. So are real-time behavioral algorithms capable of flagging synchronized or anomalous trading.
However, as Arad explained, tech alone isn’t enough—it must be the right kind of tech. “Firms shouldn’t just check the box on having surveillance tools. They need solutions that are fit-for-purpose, future-proof, and designed for holistic, cross-functional risk detection,” he noted. “It’s not a failure of effort or prioritization—it’s a failure of architecture.”
That architectural shift is also being echoed by regulators, who are pushing for unified frameworks. The UK’s Financial Conduct Authority (FCA), in a January 2025 advisory on Money Laundering Through Markets (MLTM), encouraged firms to connect the dots across disciplines: “Compliance teams are more able to identify suspicious behaviour that corresponded to risk typologies if they consider TM and TS alerts alongside customer information, business risks and recent risk indicators.”
According to Arad, this kind of regulatory shift is part of a broader trend: “We’re seeing increasing openness from regulators—not just in the UK, but in the US, Europe, and APAC—to embrace unified monitoring strategies and even advanced AI. The guidance is catching up with the crime.”
Another key development is the role of artificial intelligence. With compliance teams already spending as much as 60% of their time reviewing false positives, AI-driven tools can dramatically reduce noise and accelerate signal. “The combination of AI with integrated surveillance isn’t just about efficiency—it’s about empowering human analysts to focus where it actually matters,” said Arad. “AI agents can detect anomalies dozens of times faster, but only if they have access to the right, connected data.”
In a market environment where liquidity, volatility, and access continue to expand, the sophistication of attackers is keeping pace. The financial industry’s defense mechanisms must do the same. The ability to identify compromised accounts is no longer enough. Firms must recognize when those accounts are being used not just to steal—but to manipulate.
“Capital markets are changing fast, and financial crime is evolving even faster,” Arad concluded. “The good news is, so are the technologies that can help. The institutions that embrace modern, unified surveillance now will be the ones who stay ahead.”
