A panel of experts established by the US Department of Justice last week to combat ransomware is expected to recommend “aggressive tracking of Bitcoin and other cryptocurrencies,” according to a report from Reuters today that cited anonymous sources.
The potential recommendations would expand the regulatory requirements on cryptocurrency exchanges and hold them to similar standards as traditional financial institutions.
Ransomware involves hacking computers and computer networks and locking users out until they pay a ransom. An estimated 99% of ransomware payments were made in Bitcoin as of the first quarter of 2020, thanks to its status as electronic cash. Afterward, the BTC can be exchanged into a privacy coin such as Monero, which is difficult to trace, and ultimately exchanged for cash. Research firm Cybersecurity Ventures estimated in 2019 that annual ransomware costs would reach $20 billion globally this year.
The Ransomware and Digital Extortion Task Force is composed of staff from several Department of Justice wings, including the Federal Bureau of Investigation, the Civil Division, the Criminal Division, the National Security Division, and the Executive Office for US Attorneys. The Departments of the Treasury and Homeland Security are also participating, as are private tech firms.
The group’s recommendations, due tomorrow, will reportedly target anonymous cryptocurrency transactions. However, depending on what form those recommendations take, they may need congressional approval.
Reuters points to three key recommendations, namely, applying all know-your-customer rules for financial institutions to cryptocurrency exchanges, upping the requirements for crypto firms to earn money transmitter licenses, and expanding money laundering regulations. Taken collectively, they could prevent ill-gotten Bitcoin from flowing through regulated exchanges.
Such recommendations would align with a proposed rule from the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) that would require cryptocurrency businesses to collect a user’s personal data whenever a transaction is worth more than $3,000; transactions above $10,000 would be reported to FinCEN. Crucially, that rule, first proposed in the dying days of the Trump administration, extends to self-hosted wallets (i.e., wallets that weren’t attached to an exchange or crypto custodian).
The proposed rule has drawn criticism from privacy advocates and blockchain interest groups. Should the DOJ task force double down with similar proposals, it may cause hackers to rethink their Bitcoin strategy—and investors to pull back from the $1 trillion Bitcoin market.