Growing Interest in Trillion-Dollar Crypto Trading Presents Problems for Security
U.S. Office of the Comptroller of the Currency Acting Chief Michael Hsu spoke at the British American Business Transatlantic Finance Forum about regulating stablecoin – the digital currency he sees as being a bridge between fiat and cryptocurrency – and the need for robust and collaborative regulations to thwart the abundance of online scams, money laundering and cybercrime rings.
Hsu called for collaboration and coordination between legislators and cryptocurrency firms and platforms in designing legislation that will not affect innovation. Further, he said the numbers alone – including larger trading platforms that currently have millions of users worldwide and trade billions each month – make a case for working with seasoned banking institutions to safeguard assets.
The bottom line, according to Hsu: Digital currency, which is being embraced by 16% of the U.S. population as well as corporate giants such as Tesla, Starbucks and PayPal, is not showing any signs of slowing in mainstream markets. In five years, the overall cryptocurrency capital has grown from $100 billion to more than $2 trillion.
“This mainstreaming of crypto has occurred despite regulatory and legal uncertainty, and a series of scams, hacks, and other disruptive events,” said Hsu.
Hsu addressed the main benefits and risks associated with stablecoins, a topic that has seen extensive debate among federal lawmakers.
The growth of cryptocurrency and its adoption alongside fiat currencies, will result in more security threats as cybercriminals and nation-state actors alike, seek to defraud the public and big business, a variety of experts continue to say.
“Cybercriminals follow the money – it is highly likely that as more money pours into the cryptosphere, more cybercriminals will increase their efforts to try to steal cryptocurrencies from victims,” says Roman Faithfull, cyber threat analyst for risk analysis firm Digital Shadows.
While Hsu praised stablecoins as being “the oxygen of the crypto ecosystem” for decentralized finance, also known as DeFi, he cited their volatility, noting that a widespread collapse could rival the 2008 financial crisis.
“I heard bankers, treasurers, and risk managers bemoan the ‘unfairness’ and ‘irrationality’ of runs. ‘We’re money good,’ they would say repeatedly. That statement misunderstands what a run is about. It isn’t just about the assets or the numbers. It is as much about how others act when there is uncertainty and the fear of being the sucker,” Hsu said.
In order to mitigate the risks associated with a widespread crypto finance crisis, Hsu said that ensuring flows into blockchain, as well as keeping cryptocurrency regulations in line with modern banking regulations, could protect investors “even if the tide were to go out.”
Further, Hsu sees regulation as a tool to provide more, durable innovation to the cryptocurrency landscape.
“While innovation thrives in uncertain environments, solid foundations can help, especially when it comes to money and trust,” Hsu continued.
Online money laundering and cryptocurrency schemes, even direct attacks on ever-expanding crypto exchanges, are some of the primary concerns that demand a regulatory eye, Hsu suggests.
“Large crypto intermediaries today may have multiple subsidiaries subject to different regulators, but no one regulator is able to understand how the firm as a whole operates, how much risk it is taking, and whether it is operating in a safe, sound, and fair manner,” he says, “As large crypto intermediaries expand, engage in a wider range of activities and risk-taking, and deepen their interconnectedness with the traditional financial system, the risks from this lack of comprehensive consolidated supervision will increase, as will the need for interagency collaboration and coordination.”
Impacts to Security
As the cryptocurrency market grows, this presents unique security challenges to network defenders, experts say.
In addition to run-of-the-mill cybercrime gangs, nation-state threat actors – such as North Korea-backed Lazarus Group – are persistently and actively targeting financial institutions and cryptocurrency startups.
“Cryptojacking campaigns are typically about stealing resources and energy,” says Joseph Carson, chief security scientist and advisory CISO for cloud identity security firm ThycoticCentrify. “Therefore, an attacker wants to limit the impact so they can remain concealed for as long as possible.”
In addition, IOActive COO Matt Rahman believes the governance, operation and design of stablecoin arrangements need to be handled by trusted third parties, otherwise it could lead to exposing operational infrastructure or weak software and coding.
“Until the security posture that surrounds cryptocurrencies catches up with the technology that underlies them, cryptocurrency holders, in general, will remain attractive targets for cybercriminals,” says Digital Shadows’ Faithfull.