Deep Tech NEWS
I am writing this open letter to raise what I perceive to be a vital concern regarding cryptocurrency-related regulation. Across Europe, we have seen regulators take similar approaches to those used in traditional financial services, which lack adequate levels of technology-based assurances due to inherent high risks associated with specifically decentralised technology used in Blockchain, Smart Contracts and Cryptocurrencies.
Cryptocurrencies, other similar forms of tokens and related activities have inherent technological risks which could be detrimental to European regulatory frameworks and the EU’s reputation in this sector. In June 2020, a European country had taken a blow to its reputation (and perhaps indirectly Europe) with respect to regulatory oversight of financial and operational due diligence of the sector. Let us not let it take another potentially more serious blow from lack of technological due diligence and technology assurances.
[caption id="" align="alignleft" width="419"] Dr. Joshua Ellul[/caption]Cryptocurrencies, , virtual financial assets, utility tokens, ICOs, STOs, IEOs, or any other financial operation and technology built on or making use of blockchain and smart contracts are inherently high risk. Regulators are already familiar with the risks inherent in the operational and financial aspects, but this risk is intensified because of its dependence on blockchain or similar distributed ledger technologies (DLT).
Unlike traditional technology and systems, where a mistake in a transaction or bug in the data or code can be fixed.On a DLT, such errors frequently cannot be fixed, and the data cannot be reverted or manipulated to compensate for losses resulting from the unexpected behaviour. Neither the operator, nor the software developer, the responsible Authority, nor the justice system may be able to enforce such a recovery. To put this in context, consider the hypothetical scenario in which, due to a software bug, all clients’ accounts are reset to have no funds, effectively emptying millions of euros worth of cryptocurrency held by various clients.
Now consider this bug occurs in an EU licensed activity — it results in millions or billions worth of euros in losses and again it was licensed by an EU-based regulator, and it is found that adequate technological due diligence to minimise such bugs was not undertaken by the developer and/or operator, nor required by the Regulator. Not only will this be a blow to EU crypto-based licensed activity, but aggrieved parties may decide to initiate class-action lawsuits against the Regulator for not having had in place sufficient technology assurances that could have minimised such occurrences. It is worth adding that the hypothetical nature of this scenario is the latter part — the occurance of this happening to an EU licensed activity. However, when it comes to bugs and losses one can cite various instances of DLT technology failures which have led to the equivalent of hundreds of millions of euros.
The risks associated with the underlying technology is as high.Much higher some would say — than the operational and financial ones. And yet, one can approach addressing such risks in a manner which mirrors the way in which operational risks are addressed — setting up a process of independent third-party system audits and a sufficient for ensuring technology-based assurances. This needs to be mandatory within the cryptocurrency space.
As part of Malta’s regulatory framework, the Malta Digital Innovation Authority addresses such technology-based assurances. We would like to reach out to the EU and other member states to initiate a forum for taking such assurances to an EU-level. If the EU does not implement adequate technology assurances, then it may only be a matter of time until it will have to face another blow to the credibility of its regulated services due to lack of technology-based assurances.
A list of such reported losses due to bugs and technology follow.
List of a few reported bugs and losses Sep 2020 https://cointelegraph.com/news/dev-finds-major-governance-bug-in-sushiswap-but-no-threat-to-the-project-yet |
Aug 2020 https://www.coindesk.com/erc-20-ethereum-tokens-fake-deposit https://www.theblockcrypto.com/post/74810/yam-token-market-cap-collapses-by-more-than-90-flaw https://cointelegraph.com/news/rushed-upgrade-made-12-of-ethereum-clients-unusable (no direct loss of money, downtime though) |
Jul 2020 https://cointelegraph.com/news/vulnerability-in-ravencoin-creates-extra-15-of-maximum-supply-for-hackers https://www.coindesk.com/mempool-manipulation-enabled-theft-of-8m-in-makerdao-collateral-on-black-thursday-report |
June 2020 https://cointelegraph.com/news/defi-protocol-balancer-hacked-through-exploit-it-seemingly-knew-about |
Mar 2020 https://www.coindesk.com/long-festering-defi-dapp-bug-still-not-fixed-by-industry |
Feb 2020 https://cointelegraph.com/news/decentralized-lending-protocol-bzx-hacked-twice-in-a-matter-of-days https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8 https://cointelegraph.com/news/value-locked-in-crypto-defi-markets-hits-1-billion-milestone |
Sep 2019 https://cointelegraph.com/news/hacker-spends-1k-to-win-over-110k-in-eos-betting-game-using-rex |
June 2019 https://cointelegraph.com/news/ethereum-based-synthetic-asset-platform-loses-over-37m-tokens-in-oracle-attack |
July 2018 https://cointelegraph.com/news/bancor-urges-industry-players-to-collaborate-after-23-5-million-hack https://cointelegraph.com/news/bithumb-details-still-sketchy-after-30-mln-hack https://cointelegraph.com/news/buy-the-fud-mainstream-media-convinced-coinrail-hack-caused-crypto-price-plunge |
Dec 2018 https://cointelegraph.com/news/eos-dapps-lose-almost-1-million-to-hackers-over-the-last-five-months Sep 2018 https://cryptoslate.com/eos-dapp-smart-contract-exploit-pays-out-200k-to-hacker/ |
Feb 2018 https://bitcoinist.com/bitgrail-cryptocurrency-exchange-hacked-170-million-nano-allegedly-stolen/ |
Jan 2018 https://cointelegraph.com/news/coincheck-stolen-534-mln-nem-were-stored-on-low-security-hot-wallet |
Nov 2017 https://www.theguardian.com/technology/2017/nov/08/cryptocurrency-300m-dollars-stolen-bug-ether |
July 2017 https://www.coindesk.com/30-million-ether-reported-stolen-parity-wallet-breach |
Aug 2016 https://www.theguardian.com/technology/2016/aug/03/bitcoin-stolen-bitfinex-exchange-hong-kong |
June 2016 https://www.bbc.com/news/technology-36585930 |
Jan 2015 https://thehackernews.com/2015/01/bitstamp-bitcoin-exchange-hacked.html |
Feb 2014 https://cointelegraph.com/news/mt_gox_blows_fallout_could_be_catastrophic |
Sep 2012 https://bitcoinmagazine.com/articles/bitfloor-hacked-250000-missing-1346821046 |
June 2011 https://venturebeat.com/2011/06/19/popular-bitcoin-exchange-mt-gox-hacked-prices-drop-to-pennies/ |