Cryptocurrencies

Subscribe to Cryptocurrencies via RSS

Customer lists held by providers and the personal information users enter to obtain digital wallets or set up crypto exchange accounts are enviable targets for hackers.  Such data can be used to launch targeted phishing schemes and related scams to trick holders into divulging their private keys or else unknowingly transferring anonymized crypto assets to hackers.  One recent case involves a suit brought by customers who purchased a hardware wallet to secure cryptocurrency assets and are seeking redress for harms they allegedly suffered following data breaches that exposed their personal information.

A recent Ninth Circuit decision analyzed whether a federal court had personal jurisdiction over a foreign crypto asset wallet provider, an issue that can be important when litigating in this area, given the boundary-less nature of the world of crypto assets and related services. (Baton v. Ledger SAS, No. 21-17036 (9th Cir. Dec. 1, 2022) (unpublished)). 

At a time when states are jockeying for position to become digital asset and cryptocurrency hubs and we’ve witnessed turmoil and regulatory uncertainty within the cryptoasset industry, the New York Department of Financial Services (“NYDFS”) on December 15, 2022 released its final Guidance (the “Guidance”) to banking organizations seeking to engage in “new or significantly different” virtual currency-related activities. As stated in the Guidance, “virtual currency-related activity” includes all “virtual currency business activity,” as defined under the BitLicense regulation (23 NYCRR § 200.2(q)), as well as “the direct or indirect offering or performance of any other product, service, or activity involving virtual currency that may raise safety and soundness concerns for the Covered Institution or that may expose New York customers of the Covered Institution or other users of the product or service to risk of harm.” At a high level, the Guidance reminds state-regulated banks (“Covered Institutions”) that, as a “matter of safety and soundness,” they must apply for approval before engaging in digital asset-related activities and outlines the types of information the NYDFS deems most relevant in assessing a proposal and the potential risks that such virtual currency-related activities may pose for the institution, consumers and the market in general (note: The Guidance expressly states that it does not interpret existing laws nor take a position on the sorts of activities that may be permissible for Covered Institutions to take).

Notably, the Guidance further increases the scope of NYDFS oversight by expanding the types of virtual currency activity requiring approval: “virtual currency-related activities” must receive approval, whereas previously only “virtual currency business activity” required prior approval from the NYDFS.  In a footnote, the Guidance explains the difference – virtual currency-related activity” essentially means any “virtual currency business activity” as defined under the BitLicense rules, plus certain additional activities that the NYDFS believes might raise “safe and soundness concerns.”

On November 30, 2022, amidst the tumult roiling the cryptocurrency industry following the latest collapse of a major crypto exchange and its reverberations throughout the crypto economy, European Central Bank (ECB) Director General Ulrich Bindseil and Adviser Jürgen Schaaf published a post on the ECB Blog, “Bitcoin’s last stand,” declaiming that Bitcoin “has never been used to any significant extent for legal real-world transactions” and that its market valuation is “based purely on speculation” and, on top of that, “the Bitcoin system is an unprecedented polluter.”  The scathing rebuke of Bitcoin, the largest crypto asset by market cap, was hurled at what the ECB officials see as Bitcoin’s technological shortcomings that make it “questionable as a means of payment” and “rarely used for legal transactions,” given that real Bitcoin transactions are “cumbersome, slow and expensive.” With the current price of Bitcoin having fallen since it peak of $69K in November 2021, the ECB officials described its current price (below $20K) as “an artificially induced last gasp before the road to irrelevance.” The remarks echo statements made by Fabio Panetta, Member of the Executive Board of the ECB, back in April 2022 where he decried the entire “crypto gamble,” seeing crypto-assets as “bringing about instability and insecurity – the exact opposite of what they promised.” (See also recent statements by a Bank of England deputy governor noting that cryptocurrency was a “gamble” that needs to be regulated similar to the traditional financial sector, echoing his own remarks from November 2022 that urged “bringing the activities of the crypto world within the relevant regulatory frameworks”).

On October 3, 2022, the Financial Stability Oversight Council (“FSOC”) – a collaborative body formed under the Dodd-Frank Act composed of state and federal regulators and tasked with identifying risks and responding to emerging threats to financial stability – released its 100+-page Report on Digital Asset Financial Stability Risks and Regulation (the “Report”). In the Report – a response to President Biden’s Executive Order 14067 on digital assets, which, among other things, directed various agencies to promote innovation and R&D while calling for measures to mitigate risks – the FSOC reviewed what it deems to be, “specific financial stability risks and regulatory gaps posed by various types of digital assets.”

At the core, the FSOC Report is a call to arms, with the council citing what it sees as a host of regulatory and industry shortfalls that have not kept up with the rapid growth of digital asset activities.  For example:

  • The FSOC report noted that stablecoins and the lending and borrowing on digital asset trading platforms are now an “important emerging vulnerability.”
  • The Report’s basic thesis is that crypto-asset activities “could pose risks to the stability of the U.S. financial system if their interconnections with the traditional financial system or their overall scale were to grow without being paired with appropriate regulation, including enforcement of the existing regulatory structure.” This point was reiterated in the Federal Reserve’s November 2022 “Financial Stability Report,” which presents the Federal Reserve Board’s current assessment of the stability of the U.S. financial system.
  • The FSOC Report also expresses the position that federal comprehensive digital asset legislation is needed to address complex, systemic economic risks, as, in its opinion, “many crypto-asset platforms are not registered or chartered under regulatory frameworks that would address these risks.”

Both the head of the Commodity Futures Trading Commission (CFTC) and leader of the SEC agree that the crypto markets need regulating, and specific rules may help clarify which agency has authority to regulate various cryptocurrency activities. The client alert below discusses both CFTC Chairman Rostin Behnam’s comments and SEC

Back in 2013, the first cryptocurrency matter hit our desks. That was the beginning of the exponential growth of our digital assets practice. Recognizing the importance of the area, we launched this blog, Blockchain and the Law. In our first cluster of posts, we covered topics such as cryptocurrency taxation, blockchain and privacy, and issues surrounding initial coin offerings (or ICOs), one of the hottest issues at that time and a practice that still garners SEC scrutiny in 2022 (interestingly, there is still no consensus around when a digital asset, outside of Bitcoin, which is considered a commodity, is a “security”).

Today, blockchain-based innovations continue apace, continuously offering new opportunities (and raising challenges). In the push toward Web3 – with its decentralized, permissionless, tokenized core – there are a variety of new technologies and innovations, from DeFi to DAOs to NFTs to fan tokens to the Merge to the metaverse.  We have been privileged to work with many of the most dynamic clients in helping them build businesses around these advances.

We were thrilled to host a three-day symposium from September 19-21, 2022 to highlight some of the hottest legal and business issues affecting digital assets, featuring a full slate of discussions among our attorneys and guests from the industry.  At the symposium, we programmed virtual panels across a range of topics: SEC enforcement and securities regulation of digital assets, asset manager considerations surrounding digital assets, employee compensation and benefits issues, cryptocurrency AML considerations, digital assets in bankruptcy, decentralized autonomous organizations (DAOs), and sports and media trends and issues in Web3.  The final day of the event culminated in an in-person reception and a “Voices from the Industry” panel featuring an eclectic group of executives from across the digital asset space talking about issues that are top of mind.  In the span of a few days, we learned a lot.

Background

The issue of fraudulent crypto-related mobile apps has received much attention of late.  Back in July 2022, the FBI issued a notice, warning financial institutions and investors about instances where criminals created spoofed cryptocurrency wallet apps to trick consumers and steal their cryptocurrency. There have also been reports of phishing websites that attempt to trick consumers into entering credentials, thereby enabling hackers to access victims’ crypto wallets. In response to these developments, Senator Sherrod Brown recently sent a letter to Apple, among others, expressing his concern about fraudulent cryptocurrency apps and asking for more information about the particulars of Apple’s process to review and approve crypto apps for inclusion in the App Store.

In a recent ruling, a California district court held that Apple, as operator of that App Store, was protected from liability for losses resulting from that type of fraudulent activity. (Diep v. Apple Inc., No. 21-10063 (N.D. Cal. Sept. 2, 2022)). This case is important in that, in a motion to dismiss, a platform provider was able to use both statutory and contractual protections to avoid liability for the acts of third party cyber criminals.