Cryptocurrency theft, scam and other misadventures: what …

On 15 July 2020, Twitter accounts belonging to Bill Gates, Barack Obama, Joe Biden and other public figures were subject to coordinated social engineering attacks. According to Twitter, the attackers successfully targeted some of [the companys] employees with access to internal systems and tools. The compromised accounts swiftly set in motion a large-scale cryptocurrency fraud scheme, inviting Twitter users to send Bitcoins to an unverified wallet, with the promise of a 2:1 return on every transaction. The tweets were prefaced by the message I am giving back to the community, in an apparent attempt to capitalize on the current political momentum in the US.

This was the second large-scale cryptocurrency scam executed on Twitter this year. In January, verified Twitter accounts were taken over by scammers and transformed into identical copies of Elon Musks official account, inviting Twitter users to a crypto party.

While the above incidents may be attributed to security flaws, internal protocol breaches or carelessness in the administration and storage of credentials by individual Twitter account holders, they are largely enabled, inspired, and ultimately prompted by the characteristics of pseudonymity, immutability and decentralization, which lie at the core of blockchain technology. Indeed, these very characteristics have rendered cryptocurrencies increasingly attractive and accessible, thereby broadening the pool of potential targets for online scammers, while enabling the latter to conceal their identities behind cryptocurrency keys.

Systemic and consumer-related risks associated with cryptocurrencies

As cryptocurrencies are seen by an increasing number of international financial actors as the perfect hedge against the recessionary effects of the COVID-19 pandemic, and as their circulation continues to transcend national jurisdictions, there is growing international concern about their systemic and consumer-related risks. In this light, must cryptocurrencies be subject to some form of international regulation, harmonization or coordination? Seeing as their risks are inherently transboundary, the answer should be in the affirmative.

In particular, as regards systemic risks, blockchain pseudonymity has facilitated the use of cryptocurrencies for cross-border money-laundering, tax avoidance and illicit financing. Further, so-called stablecoins, i.e. cryptocurrencies pegged to baskets of safe assets (such as government bonds), are capable of affecting exchange rates and cross-border financial stability.

The transboundary element is also heavy on the consumer risk side. Besides scams, a significant risk of this type pertains to the loss or theft of private wallet keys, resulting in the irretrievability of stored coins due to the immutable nature of blockchain technology. Another consumer risk pertains to the fact that the platforms on which cryptocurrency transactions take place, i.e. exchange websites or apps, may fall prey to hackers, who may be able to extract cryptocurrencies kept therein (and not safely stored in a wallet). Relatedly, users may incur significant capital losses due to limited information about the volatility of their investments. These risks are indeed inherently transboundary, as they revolve around cross-border payments or data transfers and engage the liability of corporations with multinational presence or activities (such as cryptocurrency exchange platforms).

The shortcomings of domestically-oriented regulatory models

Could such risks, notwithstanding their cross-border nature, be mitigated through actions undertaken at the national level alone? Insofar as systemic risks are concerned, national attempts would run into a collective action problem. The spill-over effects of fluctuations in exchange rates and financial instability are, by definition, externally induced, primarily arising as a result of incomplete regulation in foreign jurisdictions. The latter may indeed have a high tolerance for cryptocurrency-related systemic risks, thus being unwilling to impose meaningful regulatory constraints on cryptocurrencies, unless motivated by a certain sense of international consensus. Similar considerations may apply to illicit money flows and tax avoidance, activities which are largely propelled by regulatory mismatches between different jurisdictions.

As it pertains to consumer risks, in an increasingly cashless and fintech-driven global economy, a robust regulatory framework for cryptocurrencies, imposing know-your-customer rules and mandatory permits, inter alia, might discourage inbound investment by (or in) fintech companies. Able to benefit from light regulation in alternative financial markets, such companies may simply find it too inconvenient or unprofitable to pursue activities in risk-averse jurisdictions. The latter may therefore find themselves in a catch-22 scenario, forced to select between a solid regulatory framework that might discourage fintech, or a cryptocurrency-friendly framework providing limited consumer protection. As past experiences from international banking and taxation indicate, in such a scenario, many countries are in fact likely to succumb to a race to the bottom as opposed to improving their regulatory standards.

Regulatory divergence and lack of international consensus

Considering the transboundary nature of the aforesaid risks, international regulation, harmonization or cooperation would appear desirable. Yet, since the launch of Bitcoin in 2008/2009, there have been few significant developments in that direction. There appears to be no critical mass of like-minded countries, capable of instilling some sense of international consensus that would trigger a harmonization or cooperation (let alone regulation) process. By way of illustration, China has introduced an umbrella ban on private cryptocurrencies, aiming to develop its own, state-backed coin. South Korea recently adopted a comprehensive, cryptocurrency-specific law linking wallets to real-world bank accounts and requiring the registration of wallets under their users actual names. The European Banking Authority and the European Securities and Markets Authority have highlighted the need for a cryptocurrency-specific approach that would evaluate the use of each cryptocurrency individually, whereas in the US no cryptocurrency-specific laws have been formally contemplated, with most types of transactions being currently subject to the supervision of the Securities and Exchange Commission and the Commodity Futures Trading Commission. These variations reflect fundamental differences in understanding as regards the legal nature, risks and benefits of cryptocurrencies.

Recent developments and future prospects for international governance

Notwithstanding the above, there appears to be an end in sight for the current governance standstill. Recently, the Financial Action Task Force (FATF) issued Guidance for a Risk-based Approach to Virtual Assets and Virtual Asset Service Providers, clarifying how its International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation apply to virtual assets, virtual asset activities and virtual asset providers. Moreover, the Financial Stability Board (FSB) issued a list of high-level recommendations for stablecoins; notably, according to recommendation 5, [a]uthorities should ensure that GSC [global stablecoin] arrangements have effective risk management frameworks in place especially with regard to reserve management, operational resiliency, cyber security safeguards and AML/CFT measures, as well as fit and proper requirements. Lastly, the International Organization of Securities Commissions (IOSCO) published a report setting out a range of key considerations for regulating cryptocurrency exchange platforms. Among else, the report urges domestic authorities to review the arrangements in place to compensate participants in the event of a loss of assets, including, for example, insurance policies, compensation funds or other contingency measures. In view of the institutional backing of the FATF, FSB and IOSCO, these initiatives are likely to bring about some degree of concerted regulatory activity.

Critically, in past cases marked by limited appetite for international dialogue, the solution has been prompted by compelling political developments. Indeed, in both international taxation and finance, it took the shock of the Global Financial Crisis for governments to converge on the need to limit transfer pricing and base erosion (see the OECDs BEPS project), decrease banking leverage and strengthen capital requirements (see the Basel III Accord). This time around, the negative publicity generated by recent scams and Facebooks Libra project, coupled with the COVID-induced recession, will likely serve to facilitate global consensus, hopefully toward a balance between fintech innovation and risk mitigation.

Continue reading here:
Cryptocurrency theft, scam and other misadventures: what ...