Bitcoin theft: Regulatory response to an emerging technology
Browse this blog post
The recent theft of approximately US$60m worth of bitcoins from Hong Kong based cryptocurrency exchange Bitfinex is the latest in a series of Bitcoin thefts. The value of bitcoins fell over 20% in the immediate aftermath of the incident. The theft highlights the continuing legal and regulatory uncertainty in relation to cryptocurrencies. While some jurisdictions have taken steps to integrate cryptocurrencies into their financial regulatory system, regulators in other jurisdictions such as Hong Kong have not yet done so.
The theft is the latest in a series of hacking and theft incidents affecting Bitcoin globally. The most notable incident of this type occurred in early 2014, when Tokyo based Bitcoin exchange Mt. Gox suspended trading and entered bankruptcy protection, following the theft of approximately US$450m worth of bitcoins.
Cryptocurrencies – What are they?
Cryptocurrencies are a form of electronic money. Users can transfer the cryptocurrency to other users, in exchange for goods or services, or for traditional currencies. Cryptocurrencies use blockchain technology, by which a ledger of all transaction records is distributed to all users of the cryptocurrency. When a transaction occurs and is authenticated, ‘blocks’ of new data representing the transaction are distributed to all users of the cryptocurrency, and added to the existing ‘chain’ of transaction data.
As the records are held by all users on a decentralised basis and rely on a consensus as to the latest version of the ledger, the possibility of fraudulent records or transactions is greatly reduced. The messages sent among users of each cryptocurrency are publicly viewable. To ensure the security of the system, cryptographic technology is used to ensure that any person intercepting the message cannot decipher or alter its content. Bitcoin is the most well-known and widely transacted cryptocurrency.
Bitfinex has since restored service for exchange users. While losses to hackers were apparently sustained by users disproportionately, in an interesting development Bitfinex has applied losses on a pro-rata basis among all users of the platform. Users will also receive a ‘token’ for the value of the losses, that will be transferrable and in time repaid by Bitfinex or exchanged for shares of its parent company. Bitfinex has explained to users that it took this step as it most closely reflected the outcome that would occur in an insolvency scenario.
Many Bitfinex users had understood that their bitcoins were held in segregated accounts (known as wallets), and not commingled with any other user’s assets. If users’ bitcoins were properly segregated, it is unclear on what basis Bitfinex has applied losses on a pro-rata basis. Alternatively if assets were commingled, it would have been expected that a formal insolvency process be commenced before users could be forced to accept less than the full value for assets or funds Bitfinex holds on their behalf.
Challenges in cryptocurrency regulation
The nature of cryptocurrencies presents considerable challenges to the traditional legal and financial regulatory system. Cryptocurrencies operate on a decentralised, peer-to-peer basis. There is no central authority nor set of rules, nor any central record keeping system.
The anonymity of cryptocurrency transactions also presents a money laundering risk. Most regulatory systems focus on the point at which cryptocurrencies are exchanged with fiat currency, as transaction monitoring of wholly cryptocurrency based transaction is difficult.
Emerging recognition and regulation in the United States
The United States Treasury regards Bitcoin as a ‘convertible decentralised virtual currency’, and has been actively enforcing United States law and regulation on that basis. A United States District Court Magistrate Judge has also recognised Bitcoin as a currency in a Securities and Exchange Commission enforcement action (SEC v. Trendon T. Shavers and Bitcoin Savings and Trust, 416 (E.D. Tex. 2013)). On the other hand, a Florida state court has recently concluded that Bitcoin is not money for the purposes of that state’s legislation.
New York state adopts a formal licensing and regulatory system for Bitcoin and related business activity. In September 2015, the United States Commodity Futures Trading Commission (CFTC) defined ‘virtual currencies’ as commodities covered by the Commodity Exchange Act, and therefore the trading of bitcoins in the United States is subject to CFTC regulation. United States regulators are keen to regulate Bitcoin, though further legislative and judicial clarification is required before the legal position is settled.
Developments in other jurisdictions
In Japan, following the Mt. Gox collapse in early 2014, the Japan Financial Services Agency (JFSA) assumed regulation of ‘virtual currencies’ and their exchange. Virtual currency exchanges are required to register with the JFSA, and cryptocurrency specific regulation may be imposed. In Hong Kong, regulators have defined cryptocurrencies as ‘virtual commodities’, not subject to the traditional financial regulatory system.
Other major jurisdictions are at varying stages of recognition and regulation of cryptocurrencies. Two regulatory approaches appear to be emerging. One approach has been to define cryptocurrencies as a subject matter to which the existing regulatory framework applies. The second approach has been to introduce a new form of licensing and crytocurrency specific regulations.
Cryptocurrencies have emerged relatively recently, with legal and regulatory systems in many jurisdictions still adapting. The United States has made the most progress in this regard, defining cryptocurrencies as ‘virtual currencies’ and extending existing financial regulation to cover them. Further judicial consideration and regulatory enforcement activity will likely clarify the cryptocurrency regulatory landscape in the United States over time.
Elsewhere, regulation is generally at an earlier stage of development. As cryptocurrencies such as Bitcoin become more widely adopted, incidents such as the Bitfinex hack may occur more frequently. Technological and commercial developments are unlikely to wait for the law and regulation to catch up.
If you have any questions about this blog post please contact Investigations.Insight@AllenOvery.com