Crypto values have taken a hammering since December ‘21. Now comes the test of how committed the industry is to its claims of mass adoption.
“It’s money 2.0, a huge, huge, huge deal,” investor Chamath Palihapitiya famously once said about Bitcoin and, since those early days, talk about mass adoption has remained high on the crypto agenda. There are many factors that will determine whether that
happens or not. But, from my perspective, one of the most important is user protection, in the form of more comprehensive self-regulation and better user education.
To achieve the required balance between decentralised systems and the need to shut out bad actors, these need to be given a much higher priority. And that means investment — at exactly the time when retrenchment is on most players’ minds.
The crypto industry continues to underinvest in compliance
Let’s not overstate the case. Things are improving. Cryptocurrency theft used to be terrifying, with losses amounting to $4.5 billion in 2019, up from 2018’s $1.7 billion. But in 2020 crypto theft was down by almost 60% year-on-year to $1.9 billion. And
at the end of April 2021, the time of
CipherTrace’s latest report into crypto crime, major crypto thefts, hacks, and frauds totaled $432 million, suggesting an annualised rate of about $1.3 billion.
Another take on this, by
Chainalysis, comes to a similar conclusion. It assesses that the total dollar value of cyber crime was still increasing in 2021, but that the increase was dwarfed by the surge in crypto usage. “In fact, with the growth of legitimate cryptocurrency usage
far outpacing the growth of criminal usage, illicit activity’s share of cryptocurrency transaction volume has never been lower”, concludes Chainalysis.
However, complacency would be the wrong conclusion. The same report notes: “While this number may appear to be small when compared to previous years, a deeper look reveals an alarming new trend — DeFi-related hacks now make up more than 60% of the total
hack and theft volume. This is up from only 25% in 2020; in 2019, DeFi Hacks were virtually non-existent.”
A hard time to invest
Making the decision to invest in security and compliance is likely to be hard at a time of declining crypto values, with Bitcoin down over 50% and extreme uncertainty over what comes next.
You can understand why businesses are reluctant to eat into their profit margins: compliance is what is sometimes called a “distress purchase” — something you really need to spend money on, but are tempted to put off just that little bit longer.
But crypto has enjoyed massive capital inflows. In the 12 months of 2021, the total crypto market capitalization rose nearly three-fold from $777 billion to $2.25 trillion, according to data from
CoinMarketCap. Even allowing for the current downturn, the market cap is still up 60% over the start of 2021.
Any outsider looking at the situation would be hard pressed to understand why lack of capital could be a legitimate reason to not invest in greater security. And taking on that investment is likely to save costs, reduce reputational damage,increase customer
trust and safety, and demonstrate reliability to regulators.
The long term winners will be the players who are seen to take security seriously
Lower crypto prices will of course decrease the popularity of digital assets. But that’s only until the next peak, whenever that may be. To ensure a more successful and sustainable expansion of crypto in the next cycle, it is important to address user protection
now. Regulators are going to demand it, but it’s also important that the industry starts showing more initiative and self-regulation by adopting the sort of best practices that the big, “TradFi” companies have to abide by.
The challenge is not as daunting as some seem to imagine. Looking at the fines issued by supervisory authorities in the UK and other European jurisdictions for AML failings, fines are typically issued for ‘systemic control failures’. These are around issues
such as a robust customer due diligence process, ongoing transaction monitoring, conducting regular AML risk assessments and having relevant policies and procedures in place.
Firms are not expected to guarantee that zero illicit funds flow through their organisations. They are, however, expected to maintain a robust control environment and take part in the detection and prevention of financial crime as part of a bigger ecosystem.
If this sort of investment doesn’t happen, then regulators and users alike might well conclude the crypto industry does not take user protection seriously enough. It’s not a good look. But for those who grasp this nettle now, the future looks good. The players
who rise to the challenge today are going to dominate the industry for the long term.