Copyright © 2021 Cryptolaw. All Rights Reserve.
Theme of the week: ransomware and crypto
When US-based Colonial Pipeline got hacked, it paid US$ 4.4 million worth of bitcoin ransomware to the hackers. Yesterday, the US Department of Justice announced it had recovered $2.3 million of the ransomware from a bitcoin wallet. There is still some confusion about statements that the bitcoin was ‘kept on a server’ in California. Although bitcoin is not ‘stored’ anywhere, private keys to a wallet may have been.
The news that public authorities were able to retrieve the bitcoin ransom paid by Colonial Pipeline may offer some temporary reprieve/strengthen arguments that crypto-payments make tracking criminal activity easier due to blockchain’s transparency. However, it seems unlikely that this will be the end of the story as politicians turned up the heat in the past week, with growing calls for greater crypto regulation. The general reaction from crypto commentators was that ransomware existed long before bitcoin and that crypto can’t be blamed for companies’ vulnerability to hacks.
El Salvador – President Nayib Bukele made a big announcement at the Bitcoin 2021 conference in Miami this weekend. He wants to make bitcoin legal tender, alongside the US dollar (BBC). This would make remittances from Salvadorans living abroad easier, he stated, and improve financial access to the 70% Salvadorans without a bank account. Bukele plans to send a draft law to parliament next week, but the details of the law are not yet public. Some dismiss Bukele’s announcement as a pr stunt. Others point out that Bukele’s plans may have important geopolitical and legal consequences. It allows for a de-dollarization in El Salvador and other countries may follow suit. There may also be legal ripple effects beyond El Salvador: if bitcoin becomes legal tender in one country, that may affect its legal status elsewhere (does it make bitcoin ‘money’ under US commercial law, as some suggested?). The change would also affect how bitcoin is taxed. Bukele holds an absolute majority in Parliament.
Korea – The Financial Services Commission of South Korea met with 20 crypto-exchanges to discuss the planned VASP (Virtual Asset Service Provider) rules. Smaller exchanges expressed concerns over the prohibitive cost of complying with real-name accounts. The FSC officials ‘reportedly sympathized with the difficulties being faced by the smaller exchanges and promised not to interfere with their relationships with South Korean banks’. (Cointelegraph) The FSC plans to ban cross trading. The ‘FSC believes that restricting cross trading would prevent exchanges from manipulating prices, and ensure that operators don’t receive information before their clients.’ (Decrypt)
US – Acting OCC head Michael Hsu reiterated that his team is reviewing ‘everything’ about its crypto approach, including guidance and even conditional trust charters given to a number of crypto companies under the helm of Hsu’s predecessor Brian Brooks . The OCC formed an interagency sprint group with the Federal Reserve and the Federal Deposit Insurance Corporation. The sprintgroup’s first task is to agree on definitions and terminology. (Coindesk)
US – Former Congressman Ron Paul suggested bitcoin should be legalized as money, ‘let it compete with the dollar’. (KitCo News) Senator Rick Scott, on the other hand, asked Treasury Secretary Yellen to get tough on crypto scams. (Bitcoin.com)
Popular crypto podcast host NLW dedicated an episode to US regulatory developments this week. His conclusion? ‘I think that the biggest regulatory questions faced in the next year or two will not be about bitcoin – they will be about stablecoins and the threat they potentially represent to the US digital dollar’.
Ireland – A few days after a Central Bank of Ireland official described bitcoin as a ‘grave concern’ to public authorities, an Irish MEP called for more stringent EU rules on digital assets. MEP Chris MacManus submitted no less than 45 amendments to the draft Markets in Crypto-Assets (MiCA) Regulation. MacManus proposed that ‘all new and existing crypto-assets’ require authorisation by a competent authority (such as a central bank). He wants that authorisation to be conditional on a prior assessment of the new coin’s environmental impact. (Cointelegraph – stick to official press release?)
Russia – The CEO of the biggest online bank in Russia said it could not offer crypto-services to its clients due to the Bank of Russia’s tough stance on crypto. (CNBC) Although digital assets have legal status in Russia since last year, crypto-payments are still not allowed.
US – Lawyers for Ripple filed a motion to force the SEC to release communications with third parties that discussed bitcoin, ether or XRP. A SDNY judge had previously ordered the SEC to hand over the documents and the parties have met several times to find an agreement. The motion states: ‘Ripple and the SEC have resolved several discovery disputes, there are two sets of SEC documents as to which the parties are at an impasse, and we ask for an order compelling their production.’ Roslyn Layton wrote in Forbes that the SEC is on trial itself in the lawsuit. Her article is highly critical of the SEC’s decision to go after Ripple for securities law violations and hints at potential conflicts of interest between former SEC officials Jay Clayton and William Hinman.
Ransomware & fraud (again…)
US – Are crypto investors enabling ransomware? Ex-SEC internet enforcement chief John Reed Stark thinks so. Cryptocurrencies are ‘the essence’ of ransomware, he said. (CNBC) The link between digital assets and ransomware has been hotly debated in recent weeks, as mentioned above. Biden reportedly plans to discuss ransomware and crypto with other heads of state at the G7 summit this week. (Cointelegraph)
US – The US Federal Trade Commission found that consumers have lost $82 million to crypto scams in six months. (Decrypt). Last month, the Australian Competition and Consumer Commission (ACCC) said Australian scamming victims paid over US$ 20 million in in crypto-assets to scammers in 2020. Crypto payments are now the second most popular payment method for scammers, after bank transfers. (Decrypt)
Anti-money laundering (AML)
UK – The Financial Conduct Authority (FCA) extended its Temporary Registration Regime for crypto businesses from July 2021 to March 2022. This allows crypto companies ‘to continue trading while the FCA continues with its assessments’. The FCA noted that a ‘significantly high number of businesses’ do not meet the requirements of the Money Laundering Regulations. ‘This has resulted in an unprecedented number of businesses withdrawing their applications’, it said.
G7 – The finance ministers and central bank governors of the G7 discussed CBDCs and stablecoins during a virtual summit. On stablecoins, the group’s communique warned again that ‘no global stablecoin project should begin operation until it adequately addresses relevant legal, regulatory, and oversight requirements through appropriate design and by adhering to applicable standards.’ Another clear warning to Diem/Libra.
US – Former CFTC Chairman Timothy Massad asked if stablecoins can break the US dollar.
‘Certain cryptocurrencies known as stablecoins are today’s economic equivalent of money-market funds, and in some cases their practices should have us worried that they could break the buck, creating significant damage in the broader crypto market.’ He said that, unlike money-market funds, ‘[t]here is no U.S. legal framework for regulating them. There are no requirements on how reserves must be invested, nor any requirements for audits or reporting.’ He pointed to a JPM Morgan report that found 50-60% of all bitcoin trades were for Tether, and saw the high levels of concentration in Tether as a source of concern. He also had some words of advice for SEC Chari Gary Gensler, saying perhaps he should consider regulating stablecoins similarly to money-market funds, with risk-mitigation measures ‘to ensure that the tokens are in fact worth that price’. (Bloomberg Quint)
China – Miners in China are still reeling after the State Council’s Financial Stability and Development Committee reiterated its warnings against bitcoin mining. Some miners announced they would cease their mining operations in mainland China and others may follow suit and sell their mining equipment abroad. (Cointelegraph)
The World Economic Forum published its DeFi Policy-Maker Toolkit today. The Toolkit explains the key features of Decentralized Finance, describes the main risks and discusses some policy approaches. (For full disclosure: I was a contributor.)
The WSJ’s Paul Vigna called DeFi ‘a double-edged sword for the crypto market lately, helping to fuel a surge in volatility.’ DeFi is ‘still an immature and highly risky market’, he said. ‘The services aren’t regulated or insured, so if a platform fails there is no recourse.’ (WSJ) Vigna points to the risk of rehypothecation: it ‘isn’t clear what percentage of assets are being lent and lent again across various DeFi platforms and other exchanges’, he warns. The fact that the WSJ is writing about DeFi is telling and shows how much this once obscure niche of crypto has gathered pace in the past year. It also shows concern that DeFi may repeat some of the mistakes we’ve seen in traditional finance.
The European Investment Bank thinks the bloc will face a 10 billion annual shortfall in investment in AI and DLT, according to a new EIB report.
A European Central Bank report analysed design features of CBDCs and the potential impact of CBDCs on third countries. A CBDC ‘would have the potential to widen access to payment services, promote financial inclusion and lower mark-ups of traditional intermediaries.’ It could also lead to ‘digital dollarisation’ and ‘facilitate currency substitution in third countries with instable currencies and weak fundamentals,’ the ECB said. While this may ‘strengthen the global status of the currency in which the CBDC is denominated’, it ‘would also reduce monetary policy autonomy in the economies concerned.’ The ECB also warned of the risks of not issuing a CBDC:
‘One concern could be a situation in which domestic and cross-border payments are dominated by non-domestic providers, including foreign tech giants potentially offering artificial currencies in the future. Not only could this threaten the stability of the financial system, but individuals and merchants alike would be vulnerable to a small number of dominant providers with strong market power, and the ability of central banks to fulfil their monetary policy mandate and role as lender of last resort would be affected. Issuing a CBDC would help to maintain the autonomy of domestic payment systems and the international use of a currency in a digital world.’
Last October, Russia published its consultation paper on a digital rubble. This week, the governor of the central Bank of Russia said in an interview that CBDCs are the future. Governor Elvira Nabiullina also talked about how de-dollarization is part of its broader policy to manage foreign currency risks. Former US Treasury official Michael Greenwald reacted: ‘“What alarms me is if Russia, China, and Iran each creates central bank digital currencies to operate outside of the dollar and other countries followed them … That would be alarming.” (CNBC) Last October, Russia published its consultation paper on a digital rubble.
‘Globally, more than 60 central banks have already entered the central bank digital currency race since 2014, with 88% of the ongoing CBDC projects, at pilot or production phase, using blockchain as the underlying technology’, according PwC.
Thailand – The Central Bank of Thailand announced it hired German tech giant Giesecke+Devrient for a proof of concepts of its CBDC. Thailand plans to launch its retail CBDC in 3-5 years. (Coindesk)
G7 – The finance ministers and central bank governors of the G7 discussed CBDCs and stablecoins during a virtual summit. On CBDCs, the group’s communique said their ‘objective is to ensure that CBDCs are grounded in long-standing public sector commitments to transparency, the rule of law and sound economic governance. CBDCs should be resilient and energy-efficient; support innovation, competition, inclusion, and could enhance cross-border payments; they should operate within appropriate privacy frameworks and minimise spillovers.’ The group will ‘work towards common principles and publish conclusions later in the year’.
Market manipulation, frontrunning and wash trading in crypto: What do we know?
Concerns over market manipulation were cited by the US SEC as one of the reasons not to approve bitcoin ETFs thus far. Public officials around the world have voiced similar concerns over abusive market practices, such as frontrunning, wash trades and insider trading.
So what do we know so far? How big is this problem?
Back in 2018, the OAG NY published the report of its Virtual Markets Integrity Initiative. It focused on centralized exchanges and summarized concerns and responses received from exchanges that filled in the questionnaire. The OAG listed a number of concerns, such as conflicts of interest (employee and proprietary trading, listing fees) and market manipulation.
Wash trades or volume inflation
In March 2019, Bitwise Asset Management made a presentation to the US SEC (in the context of its Bitcoin ETF Trust application) in which it claimed that roughly 95% of alleged trading volume on bitcoin exchanges was fake or wash trading. It pointed fingers at the widely used bitcoin trading volume data from CoinMarketCap.com, calling that data simply ‘wrong’.
Later that year, CoinMarketCap introduced changes to the metrics for its ratings and it has tweaked those metrics several times since.
In a recent draft paper, researcher analysed trading data between July-Nov. 2019 on 29 crypto exchanges. For unregulated exchanges (as defined by the authors), they found more than 70% of reported trading volume (in bitcoin, ether, litecoin and XRP) were wash trades, worth an estimated $4.5 trillion in spot markets (and $1.5 trillion in derivatives markets) in Q1 2020.
Wash trading/volume inflation practices were linked to centralized exchanges (rather than decentralized exchanges or DEXes). DeFi’ers would probably point out that this shows why we need decentralized services, with greater on-chain transparency.
However, DeFi (decentralized finance) hasn’t been spared of allegations of abusive market practices. More precisely: there have been lots of discussions about frontrunning on the Ethereum blockchain, on which most of DeFi is currently built.
A widely discussed paper, Flashboys 2.0 by computers scientist including Philip Daian and Ari Juels, laid out the prevalence of frontrunning in the Ethereum mempool (the pool of unconfirmed transactions).
In a nutshell: users submit transactions to the Ethereum network and pay a proposed ‘gas fee’ (transaction fee) to incentivize miners to include the transaction in a new block on the Ethereum blockchain. The transaction is first sent to the mempool (the pool of unconfirmed transactions on Ethereum), waiting for a miner to pick it up and include it into a new block.
Miners are free to choose which unconfirmed transactions in the mempool they wish to select to include in a proposed new block. Miners typically prioritize transactions that include a higher ‘gas fee’ (transaction fee). This is the most lucrative strategy.
There is a time lag between the submission of a transaction to the Ethereum mempool and the time the transaction is included in a block that is appended to the Ethereum blockchain. During that time, unconfirmed transactions are just laying idle, hanging around in the hope of being mined. That time lag opens the door to frontrunning. While unconfirmed transactions are laying around in the mempool, anyone can observe them and trade against them.
Frontrunners (typically trading bots) can observe the unconfirmed transactions and propose their own transactions, offering a higher gas fee (transaction fee) to the miners. Miners will prioritize the frontrunners’ transactions in the proposed new block because they offer higher transaction fees. This allows frontrunners to have their transactions executed before the transactions of unsuspecting users, who had offered lower transaction fees to the miner…