CEO and Co-Founder of Compliance.ai, a RegTech company transforming the way highly regulated organizations address compliance risk.
On June 11, 2021, the SEC released an update of its regulatory priorities, but it came with a glaring omission. The Spring 2021 Unified Agenda of Regulatory and Deregulatory Actions, which includes the SEC’s priorities and lists short- and long-term regulatory actions that administrative agencies plan to take. Notable SEC rulemaking priorities in the Spring 2021 Agenda include enhancing shareholder democracy, market structure modernization within equity, treasury and other fixed-income markets, and required disclosures relating to climate, human capital and cybersecurity risks.
One issue was notably absent, however: cryptocurrency.
Crypto-Related Fraud On Pace To Set A Record In 2021
Breaches and fraud in the cryptocurrency market are on the rise, climbing at a record-setting pace thus far in 2021. Fraud has been increasing in step with the overall growth of the cryptocurrency market, which has topped $2 trillion in value.
To date, 32 breaches have occurred in 2021, totaling $2.99 billion lost due to crypto-related attacks. This is on pace to break the record of 38 breaches set in 2020, which itself represented a 40.7% climb from 2019, according to a recent study from Crypto Head (via Markets Insider), a research firm that tracks the cryptocurrency market. The average loss per incident in 2021 stands at $93.3 million.
MORE FOR YOU
While the record of 38 breaches may not seem high, the number only represents publicly reported breaches of wallets or exchanges. Scams and fraud, on the other hand, represent a more far-reaching problem.
According to the Federal Trade Commission, between October 2020 and the end of March 2021, nearly 7,000 consumers have reported cryptocurrency investment fraud to the FTC and other agencies. Consumers reported losing more than $80 million to cryptocurrency investment scams, a more than 10-fold increase year over year.
Cryptocurrency investment scams range from bogus investment websites that sell crypto “secrets” to pump-and-dump cons to schemes cooked up by crooks posing as celebrities, such as the fake Elon Musk crypto scam that circulated on social media recently. While the form of the scams varies, one factor is constant: The scammers all prefer payment in cryptocurrency.
Yet as bad as the breach and fraud trendlines look, an even bigger threat looms on the horizon.
How Cryptocurrencies Threaten National Security
Drug cartels, terrorists and rogue nation-states have all used the anonymity of cryptocurrency to cloak their nefarious activities while its portability (no suitcases of money to lug around) and global reach make it easier to fund those activities.
For instance, cryptocurrency has been increasingly tied to ransomware attacks.
On May 7, 2021, the largest pipeline in the U.S., which delivers approximately 45% of the fuel consumed in the U.S., shut down due to a ransomware attack launched by the DarkSide hacker group. The outage triggered gas shortages on the East Coast, drove up prices at the pump and exposed Colonial Pipeline to a class action lawsuit.
Colonial Pipeline ended up paying the hackers nearly $5 million in Bitcoin for the decryption keys to unlock their infected systems. In an ironic turn of events, the Department of Justice used Bitcoin’s public ledger to track and reclaim nearly half of the ransom, but by then the amount recovered was just a fraction of the overall damage done.
Even more concerning, North Korea has launched a series of crypto-related cyberattacks against western governments and businesses. According to a Department of Justice press release announcing the indictment of three North Korean military intelligence computer programmers, North Korea sought to “steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.”
These attacks are not isolated incidents. Russian spies have used cryptocurrency to fund espionage, including the attack on the 2016 U.S. Presidential election, and Iran uses cryptocurrency to evade sanctions. Moreover, 90% of Bitcoin mining occurs in nations considered U.S. rivals, including Russia, China and Iran, which results in the transfer of roughly $10 billion from the U.S. and our allies to our adversaries each year.
The SEC Recognizes Crypto As A Threat But Waits To Act
Perhaps the SEC not prioritizing cryptocurrency regulations is just a matter of timing. In a statement to Congress at the end of May, SEC Chairman Gary Gensler recommended that Congress begin hearings to start officially reigning in the risks surrounding cryptocurrencies, but no official action has been taken to date.
With the risks surrounding cryptocurrencies on the rise and with investments into the crypto market in the first half of 2021 doubling those for all of 2020, the clock is ticking. Waiting for Congress to act in our hyper-polarized political era is a questionable strategy.
In August, speaking at the Aspen Security Forum, Chairman Gensler again discussed the risks of cryptocurrencies, but he again failed to chart a clear path forward.
“[T]he use of stablecoins on these platforms may facilitate those seeking to sidestep a host of public policy goals connected to our traditional banking and financial system: anti-money laundering, tax compliance, sanctions, and the like. This affects our national security, too,” Gensler said.
“Further, these stablecoins also may be securities and investment companies. To the extent they are, we will apply the full investor protections of the Investment Company Act and the other federal securities laws to these products,” he added.
Chairman Gensler clearly understands the risks associated with unregulated cryptocurrencies, but his statement in Aspen that his agency “stand[s] ready to work closely with Congress, the Administration, our fellow regulators, and our partners around the world to close some of these gaps” is not aggressive or urgent enough.
Crypto risks are on the rise, and now is the time for the SEC to take the lead on regulating cryptocurrencies before the negative externalities associated with them spin even further out of control.