Network Security

Cryptocurrency’s legal tender

“Good investments don't bite you on the bottom and say we're here. It takes good old hard work and research, the kind they do at Smith Barney … they make money the old fashioned way: They earn it.”

With apologies to John Houseman's TV commercials for the brokerage house that ran 1979 to 1986, bitcoin value surged 17-fold in 2017, hitting just a little over $19,000 before plunging and more recently hovering at $8,358 in April 2018. Investors mostly took the plunge post-Thanksgiving amid several digital wallet thefts, as well as regulatory investigations and prosecutions that became public.

To what extent the cryptocraze is simply a fad means to get rich quick or fleeting libertarian antiestablishment endorsement of decentralized financial systems remains to be seen. Purported usage by drug dealers and other money-laundering criminals contribute to Wall Street skeptics and cryptocritics predicting an imminent bubble, pointing to extreme volatility that saw bitcoin lose 20 percent market value in one day and temporarily crash several exchanges.

“For the outsider looking in, you would definitely advise ‘buyer beware,'” says McAfee chief scientist Raj Samani, who calls himself “a huge fan” of cryptocurrency, but very wary of Initial Coin Offerings (ICO) scams. “If it sounds too good to be true, it is too good to be true,” he adds.

ICOs can run the gamut of 1,323 digital currencies listed by The Security and Exchange Commission (SEC) is becoming vigilant in enforcement, as evidenced by its suit filed Dec. 1 in New York federal court over an unregistered security called “PlexCoin,” which illegally raised $15 million for making “materially false and misleading statements.”

Meanwhile, cybersecurity firm of Austin, Tex.-based Forcepoint last month found Quant Trojan-triggered malware pilfered bitcoins from cryptocurrency wallets. Hackers targeting vulnerabilities in cryptocurrency systems that implement blockchain technology were among Forcepoint's eight trends to watch next year.

“In our 2018 prediction, the team talked about an uptick in attacks aimed at cryptocurrencies, and I think we're already seeing that,” says Richard Ford, Forcepoint's chief scientist.

Market Legitimization

Cryptocurrency “legitimization” is being fuelled by the likes of two renown Chicago exchanges offering cryptocurrency futures and also Cantor Fitzgerald jumping on the bandwagon. Money can be converted into bitcoin at ATMs on street corners in New York and London. Microsoft has accepted Bitcoin for game purchases through Xbox. Surf Air, a frequent-flier airline servicing passengers in Europe, California and Texas, now accepts payments via bitcoins and ethereum. Overstock accepts more than 40 types of cryptocurrencies.

The early December “how high is up” bitcoin frenzy coincided with NiceHash users reportedly losing as many as 4,736 bitcoins worth roughly $76 million, on the heels of a Nov. 20 report that a hacker robbed Tether of $30.9 million of USDT. A week later, a phishing scam compromised user information and a Github bitcoin gold wallet holding $3.3 million of cryptocurrency assets, including bitcoins, litecoins and ether.

Bitcoin mining – targeting unsuspecting vulnerable corporate networks – today is clearly more than a cottage industry and another tool in hackers' arsenal. But such cybersecurity headaches are nothing new since bitcoin emerged in 2009 (see sidebar).

Loi Luu, co-founder and CEO of Kyber Network, a Singapore-based decentralized, trustless (providing the ability to transact with people you don't know), cryptocurrency exchange, notes cryptocrimes can be very lucrative. “I don't foresee them disappearing anytime soon,” says Luu, citing a rise in “petty” cryptocrimes in which scammers impersonate identities of moderators, or send members of a group private messages containing false token sale information. “The key to combating these crimes is to spread awareness of the scam tactics as well as exercise vigilance and due diligence at every corner,” Luu says.

With cryptocurrency going mainstream, hedge funds are focusing on how to provide custody for coin assets, finding secure ways to store keys and making sure digital wallets are secure, points out attorney Joshua Ashley Klayman, co-chair of the blockchain group at the New York law firm Morrison & Foerster. “Don't just save keys on your computer or phone,” she advises cryptocurrency participants to use cold storage.

Decentralized private blockchains aren't the problem, explains Klayman, noting cryptocurrency hacks usually involve a vulnerability in the smart contract – the computer code that overlays the blockchain – that allows money to be withdrawn in an unauthorized manner from a new added at the end.

She believes current domestic and international laws are sufficient to prosecute illegal activity.

“Certainly U.S. laws governing commodities may apply,” says Klayman, citing the Securities and Exchange Commission (SEC) finding that bitcoin must be registered as a currency, and a litany of tax, broker and money-transmission laws may also apply, as does the legal principles of good faith and fair dealing.

Nothing is Anonymous

The Internal Revenue Service (IRS) issued a tax guidance in 2014 that “while not perfect, established basic rules for taxing mining, trading, and barter transactions made with cryptocurrencies,” points out Andrew M. Hinkes, a partner with the Ft. Lauderdale, Fla. law firm Berger Singerman. The flexibility of the existing legal framework will consider most token sales securities, and therefore subject to SEC regulations. “U.S. law is more than sufficient to govern the domestic use of cryptocurrency,” he adds, citing the U.S. Department of Justice's Financial Crimes Enforcement Networkrequiring registration by persons who transact between cryptocurrencies and fiat currencies, Hinkes points out. 

Fraud is prohibited whether or not crypto is involved, points out Klayman, noting some international jurisdictions expressed concern over money laundering and terrorist financing, while China and South Korea have banned token sales.

“It's not the Wild West,” she says. “There are laws all around the world; we're trying to figure out how they apply to individual tokens because there is no monolithic token,” she says, adding that it's more likely how it fits in an existing regulatory framework throughout the world.

Samani points out that the European Union Agency for Law Enforcement Cooperation (Europol), the law enforcement agency reported $36.35 million in 1,719 illicit money transfers using digital cryptocurrencies, such as bitcoin, of which about 90 percent were linked to cybercrime and money-laundering schemes.

In response to an SEC action, Coinbase, which processes the most bitcoin transactions, was ordered by a federal court in California to produce details about bitcoin transactions worth more than $20,000 between 2013 and 2015. “Coinbase was successful in reducing the scope of what information they needed to turn over,” Klayman notes.

Like the SEC, the IRS senses a tax revenue stream from Americans profiting from bitcoin speculation. The IRS earlier in 2017 began tracking via a software program called Chainanalysis whether bitcoin investors are reporting their profits on their returns. Through formal partnerships with Europol and other international law enforcement, Chainanalysis says its investigative tools have been used globally to successfully track, apprehend, and convict money launderers and cyber criminals.

 Despite crypto platforms' supposed anonymity and privacy for users, cybersleuths can piece together a paper trail. considering the avalanche of bitcoin transactions registered in the past few months, the SEC and IRS will certainly have plenty to investigate.

But cryptocurrency anonymity is overrated, believes its proponents.

“Bitcoin is pseudo-anonymous,” Samani says. “Absolute anonymity doesn't exist. It's not impossible to uncover true identities. It's harder, but not impossible to follow the money with cryptocurrency,” he adds.

To register with Coinbase, for example, users must submit a lot of information, including verifications and requirements to upload IDs, notes Klayman.  

“When you think about it, if I give you a suitcase of cash that's going to be less traceable than if I give you a bitcoin,” she adds.

Agrees Hinkes: “For a money launderer, cryptocurrencies are not nearly as useful as U.S. dollars.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.