By David Nordell
It was only yesterday that I wrote a think piece here entitled "Is Fintech doing enough to fight financial crime?" and almost as soon as I had posted the article to the Terror Finance web site, I received an e-mail bulletin about a massive cyber attack against a Bitcoin exchange.
The hack, which is described in detail by cyber analyst Graham Cluley here, took place against Hong Kong-based exchange Mycoin, and appears to have resulted in up to $387 million worth of Bitcoins disappearing completely. It isn’t the first time there has been a major attack resulting in the loss of Bitcoins: the exchange Mt. Gox was attacked about a year ago, resulting in the loss of some $480 million worth, while more than 700MB of transaction data was also leaked onto the Internet.
What’s the special problem here? After all, massive frauds and cyber attacks, some considerably larger against financial institutions quite regularly, and as the saying goes, ’it’s only money.’ But that’s not quite the case. First of all, the 3,000-odd individuals who reportedly lost their virtual money in the Mycoin attack will never see that money again, because unlike normal regulated banks, a Bitcoin institution is neither regulated nor insured, and there are no depositor compensation schemes, or even sufficient shareholder funds, to compensate the money’s owners. But more than that: the whole essence of Bitcoin is basically that it is both anonymous and instantaneous. So whoever stole the Bitcoins from Mycoin, if it was indeed a theft rather than a sabotage attack, could have moved them immediately to a dozen other locations, whether wallets or exchanges, and then either kept them there or turned them into hard currency, without there being any effective way to trace them. How come? Because unlike SWIFT, BACS, Fedwire or whatever other financial clearing system, Bitcoin doesn’t have a proper paper trail, let alone KYC and other regulatory checks.
This reinforces the point that I made yesterday about Fintech not doing enough to prevent financial crime. But actually the situation is a lot worse: Bitcoin, as one of the most advanced examples of modern Fintech, actually facilitates and encourages financial crime, partly by acting as a temptation to technologically-savvy criminals and partly by obscuring the means that would make investigation and recovery possible. So is it really possible to say ’it’s only money’? No: although the money might end up paying for some clever criminal’s life of luxury on the French Riviera or a Caribbean island, it’s just as likely to end up paying from jihadi propaganda, guns, explosive and infrastructure aimed at killing innocent people.
I’m far from being a Luddite about Fintech or any other technology: I’m also a Fintech entrepreneur, But entrepreneurs, banks, regulators and governments need to be a lot more careful about letting new technology out of its cage before understanding what risks are involved, because the risks might not only be to your wealth, but to your lives.