Crypto’s Anonymity Has Regulators Circling After the Colonial Pipeline Hack

Bookmark

When Berkshire Hathaway Inc. Vice Chairman Charlie Munger earlier this month called Bitcoin “useful to kidnappers and extortionists” and “contrary to the interests of civilization,” crypto enthusiasts mocked his investment performance, compared him to an elderly Muppet, and said he was too old to understand the technology. Michael Saylor, a crypto investor and chief executive officer of MicroStrategy Inc., asked rhetorically in an interview with a precious metals website, “Do you go to your great-grandfather for investment advice on new technologies?”

Munger’s warning is looking pretty good about now. Days ago, a criminal gang hacked Colonial Pipeline Co., in effect shutting down the conduit for 45% of the East Coast’s fuel supply. Details of the hack haven’t been revealed, but the group’s modus operandi is to encrypt its victims’ data and threaten to release it publicly unless paid a ransom in Bitcoin or another cryptocurrency.

How’s that for “contrary to the interests of civilization”?

The overwhelming majority of Bitcoin users have nothing to do with the criminal underworld, and plenty a heist is funded by plain old U.S. dollars. Blaming Bitcoin for the activities of its holders is a bit like getting mad at a $100 bill for being used in a drug deal.

But after letting Bitcoin spend most of its 12-year rise outside the watchful eye of government, regulators from the U.S. to Europe are cracking down. Their ambition is to take away the treasured anonymity that makes Bitcoin and other cryptocurrencies a haven for hackers and other criminals. “We don’t really have an adequate framework to deal with the different issues that they pose from a regulatory perspective,” said U.S. Treasury Secretary Janet Yellen at the Wall Street Journal CEO Council Summit on May 4, calling crypto’s use in illicit activities a topic “well worth addressing.”

Cryptocurrencies can be a pretty poor currency for criminals. Bitcoin is built on a digital ledger that publicly records every transaction, with users identified by a string of characters called a “wallet address.” If a law enforcement agency can figure out a wallet’s owner, it essentially has access to that person’s entire transaction history, no subpoena required. Compare that with the relative untraceability of paper money, and the good old greenback starts to look pretty good for your average criminal enterprise. But for online crimes, Bitcoin remains the default payment. Since the FBI shut down the Silk Road marketplace in 2013, other digital currencies that aren’t as easily traceable have emerged. Yet Bitcoin is still the most prevalent, in part because it’s so easy to get and because it’s held its value better than others.

As the Colonial hack shows, ransomware is by far the fastest-growing problem. In 2020 almost $350 million worth of cryptocurrency went to wallets associated with those attacks, quadruple the level of 2019, according to Chainalysis Inc., a Bitcoin forensics firm.

Regulators have taken notice. Toward the end of 2020, the U.S. Treasury Department proposed rules that would require banks, exchanges, and anyone else dealing in Bitcoin to make a greater effort to discover the true identities of people trying to withdraw the currency—and, in some cases, to figure out to whom they’re sending the currency.

The Treasury drew more than 7,000 letters during its official comment period. Negative comments came not just from crypto-focused companies such as cryptocurrency exchange Coinbase Global Inc. but also from Wall Street heavyweights like Fidelity Investments, which has recently tried to build a presence in the cryptosphere. Some analysts said the proposal could even cause the price of Bitcoin to crash. Former Treasury Secretary Steven Mnuchin pushed to finalize the rules before President Donald Trump left office, but his department ultimately punted the final decision to the Biden administration.

Rules that crypto advocates called even more alarming appeared in March, courtesy of the Financial Action Task Force, which sets standards for the world’s anti-money-laundering bodies. The group said countries should require operators of crypto networks to collect data on their users’ activities even if the operators themselves don’t have custody of the users’ wallets. Bitcoin think tank Coin Center described the proposal as “mass warrantless surveillance.”

Crypto executives think regulators’ fears are overblown. Days after Munger’s and Yellen’s comments, Coinbase, which last month had a landmark initial public offering valuing the company at $86 billion, published a “fact check” dismissing the concerns. Chainalysis says the percentage of cryptocurrency transaction volume tied to illicit finance dropped to 0.34% last year, from 2.1% in 2019.

Coinbase and other crypto companies have responded to the regulatory push as companies often do, by hiring lobbyists and former government officials to make their case. The number of public lobbying filings mentioning crypto-related issues more than doubled from 2019 to this year. Last month a trade association newly formed by Coinbase, Fidelity, and other companies released a white paper authored by former acting CIA Director Michael Morrell. It concluded that claims about Bitcoin’s use in illicit finance “are significantly overstated.”

To some extent, Bitcoin’s growth makes more regulation inevitable. It was easy for governments to mostly ignore crypto a decade ago. Now with major banks such as JPMorgan Chase & Co. and Goldman Sachs Group Inc. fighting for a piece of a multitrillion-dollar industry, events like the Colonial hack make Bitcoin’s criminal use an unacceptable risk. The crypto industry spent years fighting to break into mainstream finance, and now it’s finding out just how much success might cost.
 
Read next: A 23-Year-Old Coder Kept QAnon and the Far Right Online When No One Else Would

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.