Demand for virtual currency services, including custody services, has soared in the past several years.  Like their counterparts in traditional finance, these custodians are stewards of retail and institutional customer funds and serve an important and valuable function.  However, as evidenced by a number of headline-grabbing failures during the lingering crypto winter, inadequate disclosures and poor custodial practices can seriously harm retail and institutional customers alike.  For many virtual currency customers, this recognition – in an industry built on the pillars of trust and transparency – was realized too late.  Recent disclosures emerging from notable bankruptcies involving crypto companies have led to allegations of fraud and mismanagement in connection with custodial services.  These allegations strike at the very core of the custodial relationship, and have had repercussions throughout the crypto industry.

Seemingly in direct response to these developments, on January 23, 2023, the New York Department of Financial Services (“NYDFS”) issued industry guidance to Virtual Currency Entities (“VCEs”) who act as custodians (“VCE Custodians”).  Entitled “Guidance on Custodial Structures for Customer Protection in the Event of Insolvency” (the “Guidance”), the Department emphasized the “paramount importance of equitable and beneficial interests always remaining with the customer” and reminded covered institutions of their obligations in connection with “sound custody and disclosure practices in the event of an insolvency” or similar proceeding.

The Guidance comes on the heels of developments in two high-profile insolvency proceedings: (1) the FTX proceedings, where, among others, the SEC has alleged co-founder Samuel Bankman-Fried concealed the diversion of FTX customer funds to the co-founder’s private crypto hedge fund, and (2) the Celsius proceedings, where the chief judge for the United States Bankruptcy Court for the Southern District of New York issued a decision holding that Celsius’ Terms of Use made clear that customer deposits into Earn Accounts became Celsius’ property at the time of deposit, such that the digital assets now constitute property of the debtors’ bankruptcy estate.  In Celsius, customers argued that the deposits in the Earn Accounts were held by Celsius as a custodian, but the court found that the plain language of the Terms of Use made clear that ownership interest had passed to the debtors.

This past month, a California district court granted a motion to compel arbitration of various claims by customers of cryptocurrency exchange platform, Coinbase Global, Inc. (“Coinbase”), finding that Coinbase’s User Agreement, which contains a broad arbitration provision, including a delegation clause that delegates questions of arbitrability to the arbitrator.  (Donovan v. Coinbase Global, Inc., No. 22-02826 (N.D. Cal. Jan. 6, 2023)). Unlike some electronic contracting disputes, which turn on whether the user had adequate notice of the terms and manifested consent to such terms (a ruling which often involves an examination of a site or app’s screen display and whether the user is reasonably presented with notice that completing a transaction will bind the user to terms of service), the account holders in this case did not dispute that they had agreed to the User Agreement, rather they argued that the arbitration provision and delegation clauses were unconscionable and unenforceable.

Customer lists held by providers and the personal information users enter to obtain digital wallets or set up crypto exchange accounts are enviable targets for hackers.  Such data can be used to launch targeted phishing schemes and related scams to trick holders into divulging their private keys or else unknowingly transferring anonymized crypto assets to hackers.  One recent case involves a suit brought by customers who purchased a hardware wallet to secure cryptocurrency assets and are seeking redress for harms they allegedly suffered following data breaches that exposed their personal information.

A recent Ninth Circuit decision analyzed whether a federal court had personal jurisdiction over a foreign crypto asset wallet provider, an issue that can be important when litigating in this area, given the boundary-less nature of the world of crypto assets and related services. (Baton v. Ledger SAS, No. 21-17036 (9th Cir. Dec. 1, 2022) (unpublished)). 

At a time when states are jockeying for position to become digital asset and cryptocurrency hubs and we’ve witnessed turmoil and regulatory uncertainty within the cryptoasset industry, the New York Department of Financial Services (“NYDFS”) on December 15, 2022 released its final Guidance (the “Guidance”) to banking organizations seeking to engage in “new or significantly different” virtual currency-related activities. As stated in the Guidance, “virtual currency-related activity” includes all “virtual currency business activity,” as defined under the BitLicense regulation (23 NYCRR § 200.2(q)), as well as “the direct or indirect offering or performance of any other product, service, or activity involving virtual currency that may raise safety and soundness concerns for the Covered Institution or that may expose New York customers of the Covered Institution or other users of the product or service to risk of harm.” At a high level, the Guidance reminds state-regulated banks (“Covered Institutions”) that, as a “matter of safety and soundness,” they must apply for approval before engaging in digital asset-related activities and outlines the types of information the NYDFS deems most relevant in assessing a proposal and the potential risks that such virtual currency-related activities may pose for the institution, consumers and the market in general (note: The Guidance expressly states that it does not interpret existing laws nor take a position on the sorts of activities that may be permissible for Covered Institutions to take).

Notably, the Guidance further increases the scope of NYDFS oversight by expanding the types of virtual currency activity requiring approval: “virtual currency-related activities” must receive approval, whereas previously only “virtual currency business activity” required prior approval from the NYDFS.  In a footnote, the Guidance explains the difference – virtual currency-related activity” essentially means any “virtual currency business activity” as defined under the BitLicense rules, plus certain additional activities that the NYDFS believes might raise “safe and soundness concerns.”

On November 30, 2022, amidst the tumult roiling the cryptocurrency industry following the latest collapse of a major crypto exchange and its reverberations throughout the crypto economy, European Central Bank (ECB) Director General Ulrich Bindseil and Adviser Jürgen Schaaf published a post on the ECB Blog, “Bitcoin’s last stand,” declaiming that Bitcoin “has never been used to any significant extent for legal real-world transactions” and that its market valuation is “based purely on speculation” and, on top of that, “the Bitcoin system is an unprecedented polluter.”  The scathing rebuke of Bitcoin, the largest crypto asset by market cap, was hurled at what the ECB officials see as Bitcoin’s technological shortcomings that make it “questionable as a means of payment” and “rarely used for legal transactions,” given that real Bitcoin transactions are “cumbersome, slow and expensive.” With the current price of Bitcoin having fallen since it peak of $69K in November 2021, the ECB officials described its current price (below $20K) as “an artificially induced last gasp before the road to irrelevance.” The remarks echo statements made by Fabio Panetta, Member of the Executive Board of the ECB, back in April 2022 where he decried the entire “crypto gamble,” seeing crypto-assets as “bringing about instability and insecurity – the exact opposite of what they promised.” (See also recent statements by a Bank of England deputy governor noting that cryptocurrency was a “gamble” that needs to be regulated similar to the traditional financial sector, echoing his own remarks from November 2022 that urged “bringing the activities of the crypto world within the relevant regulatory frameworks”).

On October 3, 2022, the Financial Stability Oversight Council (“FSOC”) – a collaborative body formed under the Dodd-Frank Act composed of state and federal regulators and tasked with identifying risks and responding to emerging threats to financial stability – released its 100+-page Report on Digital Asset Financial Stability Risks and Regulation (the “Report”). In the Report – a response to President Biden’s Executive Order 14067 on digital assets, which, among other things, directed various agencies to promote innovation and R&D while calling for measures to mitigate risks – the FSOC reviewed what it deems to be, “specific financial stability risks and regulatory gaps posed by various types of digital assets.”

At the core, the FSOC Report is a call to arms, with the council citing what it sees as a host of regulatory and industry shortfalls that have not kept up with the rapid growth of digital asset activities.  For example:

  • The FSOC report noted that stablecoins and the lending and borrowing on digital asset trading platforms are now an “important emerging vulnerability.”
  • The Report’s basic thesis is that crypto-asset activities “could pose risks to the stability of the U.S. financial system if their interconnections with the traditional financial system or their overall scale were to grow without being paired with appropriate regulation, including enforcement of the existing regulatory structure.” This point was reiterated in the Federal Reserve’s November 2022 “Financial Stability Report,” which presents the Federal Reserve Board’s current assessment of the stability of the U.S. financial system.
  • The FSOC Report also expresses the position that federal comprehensive digital asset legislation is needed to address complex, systemic economic risks, as, in its opinion, “many crypto-asset platforms are not registered or chartered under regulatory frameworks that would address these risks.”

Both the head of the Commodity Futures Trading Commission (CFTC) and leader of the SEC agree that the crypto markets need regulating, and specific rules may help clarify which agency has authority to regulate various cryptocurrency activities. The client alert below discusses both CFTC Chairman Rostin Behnam’s comments and SEC

Back in 2013, the first cryptocurrency matter hit our desks. That was the beginning of the exponential growth of our digital assets practice. Recognizing the importance of the area, we launched this blog, Blockchain and the Law. In our first cluster of posts, we covered topics such as cryptocurrency taxation, blockchain and privacy, and issues surrounding initial coin offerings (or ICOs), one of the hottest issues at that time and a practice that still garners SEC scrutiny in 2022 (interestingly, there is still no consensus around when a digital asset, outside of Bitcoin, which is considered a commodity, is a “security”).

Today, blockchain-based innovations continue apace, continuously offering new opportunities (and raising challenges). In the push toward Web3 – with its decentralized, permissionless, tokenized core – there are a variety of new technologies and innovations, from DeFi to DAOs to NFTs to fan tokens to the Merge to the metaverse.  We have been privileged to work with many of the most dynamic clients in helping them build businesses around these advances.

We were thrilled to host a three-day symposium from September 19-21, 2022 to highlight some of the hottest legal and business issues affecting digital assets, featuring a full slate of discussions among our attorneys and guests from the industry.  At the symposium, we programmed virtual panels across a range of topics: SEC enforcement and securities regulation of digital assets, asset manager considerations surrounding digital assets, employee compensation and benefits issues, cryptocurrency AML considerations, digital assets in bankruptcy, decentralized autonomous organizations (DAOs), and sports and media trends and issues in Web3.  The final day of the event culminated in an in-person reception and a “Voices from the Industry” panel featuring an eclectic group of executives from across the digital asset space talking about issues that are top of mind.  In the span of a few days, we learned a lot.