Understanding cybersecurity and operational risks of cryptocurrency
By Jay Schulman, Principal; Todd Briggs, Partner; Stan Kot, Partner; Rob Farling, Director, RSM
Published: 21 January 2018
The regulatory environment and the operational and security risks are vitally important when investing in cryptocurrencies
While the price fluctuation for bitcoin, a type of cryptocrrency, garnered significant public interest in 2017, many fundamental questions remain on this subject. Questions such as: What are cryptocurrencies? Why are they so popular? And what are the key risks and challenges of investing in them right now?
What are cryptocurrencies?
Cryptocurrencies are a new asset class that allows one user to transfer a “coin” to another using blockchain technology, which in turn uses both encryption and open distributed ledger technology to facilitate the process. There are more than 1,300 cryptocurrencies currently available; the best known is bitcoin. While these cryptocurrencies are built on the same blockchain protocols, they are not all alike. While Bitcoin is often compared to gold, Ethereum allows for smart contracts. Monero is built on highly anonymized transactions and Civic is designed to provide government identity data.
Cryptocurrencies are becoming increasingly popular with investors as they are highly volatile and in some cases appreciate or depreciate rapidly. For instance, in at the beginning of 2017, bitcoin was trading at about $850 (USD). It then reached an all-time high at almost $20,000 (USD) in the middle of December 2017 and settled at over $13,000 (USD) at year-end.
Most currencies have a limited supply, which is one of the reasons the price has appreciated rapidly.
While a detailed explanation of how blockchain technology works is outside of the scope of this article; the underlying principles include a distributed database that is available to all parties and is not controlled by a single party; peer-to-peer communication instead of information being held by a central party; transaction transparency, where transactions that occur in the database are visible to all; and immutability, transactions that are added to the blockchain cannot be altered.
When a cryptocurrency transactions is executed via blockchain technology, the transaction of sending a coin from one person to another is placed in a virtual “block,” and that block is then broadcast to participating parties (“miners") on a blockchain network. Miners are paid a reward (akin to a commission) to ensure that the transactions are valid. Once the transactions are validated, the block is added to the “chain,” providing a transparent record of the transaction. A transaction is typically completed in 10 to 15 minutes. In this sense, it is more comparable to a banking transaction than a credit card transaction, which takes place in seconds.
A large, complex cryptocurrency ecosystem has erupted, consisting of currencies, exchanges for trading, financial and legal advisors, venture capitalists and hedge funds, market-makers and market researchers, and offline methods for storing the currencies known as “cold storage.”
Bitcoin was designed, and other cryptocurrencies followed, around the idea of an ecosystem where no one entity is in charge. Changing functions in Bitcoin requires consensus among miners to agree rather than a monetary authority to make policy.
Therefore, many would say that these currencies can’t be regulated. Certainly, governments try. The most common regulation in this space is entering and existing the marketplace – converting fiat currency (dollars, pounds, euros) to cryptocurrency. Additionally in selling new coins, called Initial Coin Offerings, regulatory authorities can apply standard securities law. For example, throughout 2017 the U.S. Securities and Exchange Commission (SEC) issued various investor alerts, bulletins and a statement on cryptocurrencies and ICOs. Together these documents cement the SEC’s intent on applying US federal security laws to cryptocurrency transactions. We expect other international regulatory agencies to follow.
Interestingly, one of the contributing reasons for rapid price fluctuations in this space result from the changes in regulations throughout the world that impact investor’s ability to buy and sell cryptocurrencies.
With respect to operational security, there are several important issues to consider. First is the immutability factor: transactions in the cryptocurrency space are final and cannot be reversed.
- For example, if you transfer coins to the wrong account, or “wallet,” they are gone—you cannot get them back
- If you are running a trading operation and an unscrupulous trader moves coins into his own wallet and not the corporate wallet, there is little you can do to get them back
- If an exchange that you are trading on gets hacked or you lose your username/password, your coins are lost
- If you are storing your coins on a laptop and a hacker breaks in and steals them, they are gone as well
For all these reasons, security in this space is extremely important. Therefore, you must balance the currencies you keep on an exchange, on your local computers and in cold storage.
We suggest investors’ consider keeping coins offline, in cold storage especially if you are a buy-and-hold trader. Cold storage typically uses a USB key-like device to store the private keys which allow you to send currency. More active traders, that do not want to miss out on opportunities by keeping their coins in cold storage, must take the necessary precautions.
Just as with regulations, there are few established accounting guidelines for cryptocurrencies. Many regulatory bodies have yet to define what a cryptocurrency is. Is it a financial instrument? Cash equivalent? Intangible asset?
Regarding ICOs, there are questions about how issuers and recipients should treat these transactions for accounting purposes. Are they issuing equity in a company or should it have liability treatment? Or is it a prepaid asset or intangible asset to the recipient and deferred revenue for the issuer? There are no definitive answers yet.
Anti-money laundering issues
Because of its anonymous or pseudonymous nature, cryptocurrencies are a natural place for criminals to launder money. Following local Know Your Customer laws are critical to making sure that your organization isn’t facilitating criminal activity. While any transaction can be used to launder money, transactions where a cryptocurrency is used as the source of funds or capital is often a higher risk transaction. Determining how or where a person received their cryptocurrency is much more difficult than with a fiat currency.
Just as with any new and disruptive technology, the ecosystem around cryptocurrencies is evolving fast. If this is an asset class that your organization is interested in investing in, you shouldn’t only be drawn by the appreciation and volatility. Understanding how these currencies work, what is their purpose and how the ecosystem works around it is important before making an investment.
We will likely see more exchanges fail, currencies collapse and people lose money. That said, this is also still a very big market. We will also see exchanges flourish, currencies appreciate and investors gain.
To contact the authors:
Todd Briggs, Partner at RSM: [email protected]
Rob Farling, Director at RSM: [email protected]
Stan Kot, Partner at RSM: [email protected]
Jay Scchulman, Principal at RSM: [email protected]