Tuesday 10 November 2020 11:46 am

Crypto asset scams: Peril in the age of Covid-19 and related legal reform

As central banks around the world strive to counter the effects of Covid-19 in their respective economies, prospects of rapid inflation have led investors to believe that crypto assets, could be a good hedge going forward.  For example, the price of Bitcoin has surged to more than $15000, boosted by news such as PayPal’s new services and more financial institutions engaging with cryptocurrencies with some referring to them as an “alternative asset akin to gold”.

With such success, investors have not been the only ones trying to take advantage of these developments. Unfortunately, as with any new opportunity, scammers and criminals have also been exploiting opportunities as a result of this crypto asset boom. This has naturally led to law reform and more regulation of the crypto asset space to protect consumers and investors. 

What are some of the scams ?

There have been various scams and schemes targeting consumers, via online platforms through a variety of strategies. Some have involved forged requests for payment, the establishment of fake cryptocurrency exchanges in order to gain access to existing crypto wallets and manipulating software to distort prices and investment returns in order to artificially drive up the value of crypto assets. 

Many may wonder what the difference is to other scams involving bank accounts and other investments products involving fiat currency?  There is indeed a lot of similarity, however, unlike traditional online bank frauds, the anonymous nature of blockchain makes it extremely challenging to track down and retrieve stolen crypto assets as scammers can more easily exploit technicalities which enable them to hide the destination of victims’ funds.

For example, in May 2019, $40 million of Bitcoin, two-factor authentication codes and API tokens were stolen from Binance. Also in 2019, a small team of scammers based in the Netherlands and UK created a fake website which helped them gain access to $27 million worth of user Bitcoin wallets across 12 countries. There are many new technologies and concepts being developed by exchanges and services providers to minimise such risks. There have also been consumers that have unfortunately suffered losses due to products being sold to them that they do not fully understand or comprehend. This is an area, like traditional investment products, where consumers can benefit from further legal protection and regulation. This is a natural evolution for the digital asset business. 

An example: FCA’s recent “retail” ban on crypto asset derivatives

A recent example of a world class regulator taking action to protect consumers was announced on the 6th of October 2020. In an attempt to mitigate against the risk of retail consumers falling victim to such schemes, the Financial Conduct Authority (FCA) announced a ban on the sale of derivatives and Exchange Traded Notes (ETNs) that reference certain types of crypto assets to “retail” consumers.  For clarification, the FCA has not banned crypto assets themselves, but a set of complex and poorly understood derivatives that track unregulated crypto assets targeting vulnerable “retail clients” under the Markets in Financial Instruments Directive (MiFID) who, do not possess the experience, knowledge and expertise to make their own investment decisions.   

Specifically, the ban will affect “the sale, marketing and distribution” to retail investors of any derivatives contract or ETNs that linked to “unregulated transferable crypto assets” issued by entities in or outside the U.K.  Unregulated transferable cryptoassets are tokens that are not ‘specified investments’ or e-money, and can be traded, which includes well-known tokens such as Bitcoin, Ether or Ripple. Specified investments are types of investments which are specified in legislation. Firms that carry out particular types of regulated activity in relation to those investments must be authorised by the FCA.

The U.K. ban will come into effect on 6 January 2021 and it will apply to: 

  • MiFID investment firms, including credit institutions as appropriate, marketing, distributing or selling crypto derivatives in, or from, the UK to retail clients;
  • UK branches of third-country investment firms who are marketing, distributing or selling crypto-derivatives in, or from, the UK to retail clients; 
  • EEA MiFID investment firms which currently passport into the UK and which continue operating in the UK after 6 January 2021 under the temporary permissions regime or the financial services contracts regimes.

The ban will not be applicable to the sale and distribution of crypto asset derivatives and ETNs to “professional clients” under MiFID. This seems like a natural evolution of regulation around crypto assets designed to protect vulnerable consumers and investors.  The FCA’s retail ban is an important step in regulators acknowledging the increased prevalence of and demand for crypto assets. This will benefit the crypto asset and digital asset industry in the medium to long term. In the grand scheme of things, retail crypto asset derivatives was a small part of the crypto asset market and the industry does not benefit from scandals or retail consumers suffering losses.  

The evolution of technology and regulation 

Numerous regulators and agencies have issued statements warning consumers to be especially vigilant in respect of Covid-19 crypto asset scams.

The FBI has also warned about medical provision scams, in which criminals pose as online vendors of PPE and treatments. There have also been a number of blackmail attempts in which scammers write emails threatening to release victims’ personal information and infect them with Covid unless they send payment to a Bitcoin wallet.   

As a purely digital asset, cryptocurrencies do not possess many of the systemic safeguards that are naturally built into fiat currencies. Unlike with traditional bank accounts, scammers don’t need personal data to receive crypto assets, thus enabling them to set up multiple wallets to disguise the location of the victims’ funds. It is crucial that crypto asset service providers have a strong compliance framework in place to mitigate against the risk of fraud and instil greater user trust in both the service provider as well as the cryptocurrency ecosystem as a whole.

Such a framework may include controls to detect and prevent price manipulation, risk management, cybersecurity measures and enhanced customer due diligence. Exchanges should ensure that user assets are well protected and secure, preferably in cold wallets, with multifactor authentication in place to accurately verify user identities. A dedicated cyber team should be trained to monitor security updates and conduct regular penetration testing, while compliance officers should ensure they continuously monitor regulatory developments in their respective trading jurisdictions to ensure they are not illegally offering products to certain customers. Following such practices will help enable exchanges to build greater trust with users while avoiding unwanted regulatory scrutiny.

There is no doubt that with more robust processes and “anti-scam” technologies being put in place by service providers and the regulatory landscape evolving to protect consumers, the crypto and digital asset industry will continue to thrive and evolve. 

By Abradat Kamalpour, Partner Ashurst LLP and Architect of FinTech Legal Labs (www.fintechlegallabs.com),  Ida Mokhtassi, Associate Ashurst LLP and Emily Jones, Trainee Ashurst LLP.

Crypto AM: Talking Legal in association with INX