In mid-June, the Wall Street Journal reported that cyber thieves hacked into Coinrail, a South Korean cryptocurrency exchange, and made off with over $40 million in digital currencies. Since crypto assets are entirely unregulated, it’s not clear what recourse, if any, these crypto asset holders now have. In a worst-case scenario, they might be facing a total loss of $40 million. As might be expected, the scale and scope of this cyber heist has increased the call for new cryptocurrency regulations.
What just happened with Coinrail?
To understand why cryptocurrency regulations are so important, you first have to understand why the Coinrail heist is different from a traditional bank heist. If this had been a conventional bank robbery – if thieves had busted their way into a bank vault and made off with $40 million in cash, then the asset holders would have had some form of recourse. In the United States, for example, they would have protection from the Federal Deposit Insurance Corporation (FDIC), which guarantees the holdings of bank deposit holders.
However, in the world of crypto, there is no FDIC and there is no regulatory authority. In fact, in the world of crypto, it’s a game of “finder’s keepers.” There is no physical asset such as cash when it comes to cryptocurrencies; instead, all assets are just digital 1’s and 0’s that can be manipulated to change ownership. Without cryptocurrency regulations, the world of virtual currencies is a Wild West environment with surprisingly few defenses or safeguards against cyber intrusion.
Thus, if cyber thieves are able to penetrate the digital defenses of the server of a major currency exchange, it is equivalent to being given the master key to a bank vault: hackers can enter as they please and grab as many crypto alt-coins as they want. As you might imagine, it’s a lot easier to bust your way into an online server than it is to bust your way into a brick-and-mortar bank in the middle of the day.
In this case, the cyber thieves in South Korea made off with approximately $40 million in alt-coins. Thankfully, Coinrail is only ranked in the Top 100 exchanges in the world, according to trading volume, so the amount of damage was somewhat contained. Moreover, these alt-coins are ones that you’ve probably never heard of – there was no Bitcoin stolen, no Ethereum stolen, and no Ripple stolen. Instead, the cyber thieves made off with nearly $20 million worth of NPXS tokens, $14 million worth of Aston X tokens, and approximately $6 million worth of other obscure crypto tokens (e.g. Dent, Tron).
In response, Coinrail took as many actions as it could to prevent further disaster. For example, Coinrail called in the South Korean police, who are now examining the exchange’s servers. Coinrail also took the extraordinary step of freezing all tokens that were stolen so that they cannot be further traded. And the South Korean crypto exchange has also taken all other assets offline, putting these crypto assets into a so-called “cold wallet” (a physical storage device not connected to the Internet, so that hackers can’t reach them). Right now, Coinrail says it has secured 70% of the tokens held on the exchange, meaning that 30% of the crypto assets might be lost forever.
Not surprisingly, supporters of cryptocurrency regulations say there is a huge problem when cyber thieves can make off with $40 million worth of assets overnight and feel relatively secure that nobody will be able to track them down. (Crypto assets, by their very nature, mean that the identity of each asset holder is protected cryptographically). It’s like robbing a bank in full daylight and knowing there are no alarm systems and no security cameras to get in the way.
And Coinrail is hardly the only hack of a major exchange. Earlier this year, Japan’s Coincheck exchange lost 10 times the amount as Coinrail – a staggering $400 million worth of crypto assets. And in late 2017, Tether lost $31 million in crypto assets after a similar attack. But the real “mother of all crimes” was the massive hack of Mt. Gox in 2014, which resulted in $350 million worth of Bitcoin being stolen out of thin air. (Given today’s exchange rates, that amount of Bitcoin would be worth more than $5 billion)
So, at their core, any new cryptocurrency regulations should place the onus on exchanges such as Coinrail to take security more seriously. Just as every aspect of the modern financial services experience – down to the amount of cash that bank tellers can have on hand at any time and the amount of effort that banks must take to verify the identity of their customers – is highly regulated, similar types of cryptocurrency regulations might be needed for crypto companies, as well as Bitcoin and other cryptocurrencies.
For now, the “weak link” in the crypto world appears to be the exchanges. Notably, in the Coinrail incident, the hackers did not hit the crypto companies that issued the tokens – only the exchanges where those assets were held. So hackers seem to have figured out that the weak (or non-existent) security at these exchanges is an easy target.
Cryptocurrency regulations will promote market integrity and confidence
In some nations, the government has already taken a more active and vigorous role in regulating crypto. In the UK, for example, the Bank of England has already called for enhanced regulation of the crypto asset ecosystem. The goal is three-fold: to combat illicit activities, to promote market integrity, and to protect the safety and soundness of the financial system.
This last point cannot be overstated enough, because any hack of a major crypto exchange will have reverberations throughout the financial markets. In the case of the Coinrail hack, investors and analysts got spooked, and all crypto prices began to plunge as a result. For example, the Coinrail hack is now blamed for wiping 10% off the price of Bitcoin, as well as 10-20% off the price of other major cryptocurrencies.
For the sake of perspective, just imagine what would happen to faith in the modern financial system if you were to go to your local bank to withdraw money from your ATM and find out that your account had been entirely wiped out. Zero cash whatsoever. Then, you check your holdings in the stock market and find out that there is no record of you holding any assets whatsoever, or that all capital gains have been reversed. Finally, you call up your mortgage holder, just to make sure that you still own your home (most likely, your most valuable asset), and you find out that the deed to your home has been transferred to someone else’s name. You now own nothing, have zero access to cash, and most likely are facing financial ruin.
Well, that type of scenario is what happens in the crypto world on an all-too-regular basis. And that’s why cryptocurrency regulations are so important. Just as nobody worries about his or her bank assets magically disappearing overnight, nobody should have to worry about his or her crypto assets magically disappearing overnight. This is what is meant by market integrity and confidence – as soon as this integrity and confidence disappears, that’s when you have a run on the banking system and panic in the streets.
Next steps for cryptocurrency regulations
Obviously, there are a number of directions for regulators to go when it comes to crypto assets and regulations related to cryptocurrency. In an extreme case, there could be a call to ban cryptocurrencies. But in a more likely case, there will be a call for task forces to explore financial regulation for both cryptocurrency exchanges and cryptocurrency trading.
Regulations would help to reduce the risk of many distortions that currently plague the cryptocurrency market, such as price manipulation and cyber intrusion. Cryptocurrency regulations could go a long way in maintaining investor faith in the modern financial system and protect average people from the very real risk of losing everything.