August 23, 2018 By Kacy Zurkus 3 min read

Can you imagine if the dark web existed in the time of William Shakespeare? The soliloquies of “Othellos” nefarious Iago might have expounded on cryptocurrency securities, yet he’d likely turn around and encourage Roderigo to infiltrate your digital wallet to “put money in thy purse.”

In the play, Iago actually says, “Who steals my purse steals trash; ’tis something, nothing; ‘Twas mine, ’tis his, and has been slave to thousands.” It’s a noble thought, but those who have been victims of cryptocurrency theft most likely disagree.

According to a recent report from Reuters, cybercriminals stole $761 million worth of cryptocurrency in just the first six months of 2018. That’s nearly three times the total for all of 2017, which was a whopping $266 million, serving as evidence that malicious actors are still finding new ways to fill their digital purses.

Pursing the Threat

What does that extraordinarily high level of theft mean for cryptocurrency securities? Certainly, the current lack of regulations is a factor in the volatility and vulnerability of the market, since decentralization allows criminals to hide their identities. The currency exchanges can’t be traced, which has given rise not only to theft, but also to criminals using cryptocurrency to engage in all sorts of illicit activity, virtually without consequence.

For those reasons, there has been a lot of talk about cryptocurrency securities, with many pointing to regulations as a viable solution. While the goal of regulations is to protect investments and safeguard against fraud, there are also those bitcoin purists who resist them because, according to Shimon Brathwaite, Founder and CEO at ThreatTracer, the regulations would grant the government “control over citizens’ transactions that are all [currently] anonymous with no central body controlling them.”

Will Regulations Rescue or Restrict Crypto?

Discussions of governments regulating cryptocurrencies have grown more mainstream and begun to affect the market, but the goals of regulations go beyond reducing fluctuations in value. In fact, cryptocurrency regulations will have a huge impact on the digital currency space, said Mark Szyszkowski, co-founder of the Cryptocurrency Regulatory Commission Project.

One likely impact, according to Szyszkowski, is that roughly 85 percent of the more than 1,000 different cryptocurrencies currently in the marketplace will fall away overnight once the regulations are put in place.

“We will see that there will be less volatility, but we won’t see this until well into 2019” if we begin regulating now, Szyszkowski said.

Before that can happen, the U.S. Securities and Exchange Commission (SEC) needs to do its due diligence, which is why Szyszkowski encouraged the agency not to consider an exchange-traded fund for bitcoin earlier this month.

“To date, the SEC and CFTC [Commodity Futures Trading Commission] have not formally labeled Bitcoin as a commodity or a currency,” Szyszkowski wrote to the SEC. “The SEC has stated that Bitcoin is not a security, and sees it as a commodity, but the true nature is still a digital asset, a virtual currency based on code, which at this time does not have any classification in SEC, CFTC, or FINRA [Financial Industry Regulatory Authority], definitions or regulations.”

Technology enables faster transactions, which is why regulation supporters want to move quickly, but patience is key to getting it right and building out effective security.

“Governments need to require that cryptocurrencies vendors have adequate contingency plans, such as insurance and disaster recovery plans,” Brathwaite said.

Of additional concern is the need for a universal framework that will ensure the interoperability of cryptocurrency exchanges globally. That’s not to say cryptocurrency shouldn’t be regulated. Rather, correction needs to happen, but it has to happen responsibly, which leaves many people sitting and waiting on regulations before they know what they can do.

Should We Keep Cryptocurrency Securities Waiting?

When it comes to cryptocurrency, there is a lot to consider — not only from financial and consumer protection perspectives, but also from a cybersecurity standpoint.

“Any form of fraud done inside or outside of the cryptocurrency ecosystem is a key concern for citizens,” said Mate Tokay, chief operating officer (COO) of “Ensuring consumers are protected from forms of fraud such as identity theft and hacking is a crucial element of cryptocurrency’s evolution.”

For that reason, many believe that cybersecurity professionals should not wait for government regulations. According to New York attorney and cryptocurrency writer Eric Pesale, cybersecurity should be front-of-mind as governments consider how to regulate cryptocurrencies.

“Having uniform cybersecurity standards in place can make these exchanges safer for first-time investors to dip their toes in,” he said. “They can also in turn reduce the likelihood of cryptocurrency flash crashes, exchange downtimes and theft, much of which can be traced back to cybercriminal activity on these platforms.”

Waiting to see what happens with regulations before deciding how to handle cryptocurrencies, on the other hand, would not be a good move for the cybersecurity industry. As Brathwaite put it, “A delayed reaction by cybersecurity professionals waiting on regulations to be made will only make hacking easier for attackers.”

While the world waits for cryptocurrency regulations to come to fruition, the cybersecurity industry should not stand idly by. Instead, it should forge ahead and leverage technologies such as blockchain and artificial intelligence (AI) to develop cryptocurrency security strategies that are built to last.

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today