US Regulators Identify Cybersecurity Risks in Crypto TradingNeed Regulator for Bitcoin Spot Market, Says Financial Stability Oversight Council
Federal regulators charged with identifying threats to the financial system unleashed against cryptocurrency, asking lawmakers to strengthen their ability to oversee the market for digital assets.
The U.S. Financial Stability Oversight Council, chaired by Treasury Secretary Janet Yellen and comprised of the heads of every major federal financial regulatory agency, unanimously approved a report concluding that crypto asset activities pose risks to stability if trading is left to grow without additional regulation. It recommends a slew of changes including the passage of legislation granting rule-making authority to federal financial regulators over the spot market for crypto assets that are not securities, such as Bitcoin.
"It is vital that government stakeholders collectively work to make progress on these recommendations," Yellen said in a statement. The report comes shortly after the White House released a framework for cryptocurrency regulation and follows a March executive order from President Joe Biden calling for "responsible financial innovation" in the blockchain world (see: Biden Administration Vows Crackdown on Illicit Crypto).
The regulatory gap in the spot market means trading platforms provide consumers fewer protections, including by not implementing cybersecurity requirements. Whether tokens are securities that come under the purview of the Securities and Exchange Commission or more like commodities isn't always clear. SEC Chair Gary Gensler asserted during the council meeting that "of the nearly 10,000 tokens in the crypto market, I believe the vast majority are securities."
Among the many risks identified by regulators, including a lack of controls to protect against runs and valuation driven primarily by speculation, cybersecurity is a thread that runs throughout the report's assessment of the entire crypto asset market.
A small number of infrastructure providers serve broad swaths of the ecosystem, creating operational risks when those providers experience a disruption. Because distributed ledger activity tends to be built on top of existing activities, the marketplace in practice boils down to a small number of key infrastructure providers, the report says.
The code-based nature of cryptocurrency poses a risk in that it is open to public review and typically difficult to change. That provides malicious actors with a number of potential weak points to exploit - and once they're discovered, "other market participants may have little ability to quickly prevent such attacks or implement cybersecurity options."
The greater the scale of crypto trading, the more cybersecurity risks will grow, the report warns. More money in the system will mean crypto assets "would be increasingly tempting targets, particularly given the heightened cybersecurity risks of these activities."
Decentralized finance platforms have gone in the past two years from undergoing minimal hacks that steal money to at least five attacks that resulted in thefts of more than $300 million.
No single regulator necessarily perfectly matches the activities of any crypto asset entity. As a result, regulators say, Congress should approve legislation ensuring that regulators have visibility into the activities of all affiliates and subsidiaries. "Such authority would apply regardless of any characterization or assertion of a crypto asset entity's 'decentralization,'" the report states.