Hot Takes

We got a data dump of all the complaints about "virtual currency" filed with the CFPB.

This was thanks to a Freedom of Information Request filed by Muckrock News.

A first glance at the data left us scratching our heads. According to the CFPB response, there were a total of 5,177 complaints filed from 2011 to the end of 2015. Of those, the top ten companies complained about were:

  1. Western Union Company - 1,003 complaints
  2. MoneyGram - 784 complaints
  3. PayPal - 435 complaints
  4. Bank of America - 193 complaints
  5. Wells Fargo - 167 complaints
  6. JP Morgan Chase - 155 complaints
  7. Citibank - 71 complaints
  8. Ria - 42 complaints
  9. Walmart - 39 complaints
  10. PNC Bank - 11 complaints

Those are obviously not digital currency firms. So we took a look at the CFPB’s online complaint form and discovered that the agency has not yet developed a form specific to virtual currency complaints and therefore lumps in virtual currency complaints with complaints about traditional money transmission (see screenshot below). When the CFPB responded to the FOIA request asking for virtual currency complaints, the overwhelming majority of complaints they returned were therefore not related to “virtual currency”.

So, we went through the data, cleaned it up, and then marked all those firms that we could recognize as clearly related to digital currency. What we found is that there was only a grand total of 37 complaints against "virtual currency" companies over the five-year period.

Coinbase took pole position with 10 complaints, which makes sense given the large number of customers they have. “Bitcoin” itself had two complaints lodge against it. GAW Miners had four complaints, Bitcoin Trader three, and Butterfly Labs two. After those, the rest only had one complaint each, and they are as follows: Bitfinex, BitInstant, Bittrex, Blockchain,,, CoinMX, igot, Local Bitcoins, minerslab, Moonasics, MtGox, PERBTC, Purse, and Terabox. Many of these will be recognizable as known scams, and we have previously explained why there are so many Bitcoin scams.

In August 2014 the CFPB announced that “consumers who encounter a problem with a virtual currency product or service can now submit a complaint with the Bureau.” No doubt the agency wanted to see how widely consumers were being affected by the risks it had previously identified with digital currency. It’s remarkable, then, that in five years of data there have been so few complaints, and that so many of the products and services in the space are completely absent. Let’s keep it up.


A resolution calling for a pro-bitcoin national policy was just introduced in Congress.

The bi-partisan H.R. 835 was introduced by Rep. Adam Kinzinger and co-sponsored by Rep. Tony Cardenas. Its preamble cites bitcoin and blockchain innovation:

Whereas emerging payment options, including alternative non-fiat currencies, are leveraging technology to improve security through increased transparency and verifiable trust mechanisms to supplant decades old payment technology deployed by traditional financial institutions; and

Whereas blockchain technology with the appropriate protections has the potential to fundamentally change the manner in which trust and security are established in online transactions through various potential applications in sectors including financial services, payments, health care, energy, property management, and intellectual property management

It then calls for “a national policy to encourage the development” to encourage these technologies and their use.

It’s important to note that a House Resolution, if passed, only sets forth the sense of the House of Representatives (and not necessarily the Senate) about what kind of policy the federal government should adopt, either through future legislation or through agency rule-making. It’s not binding and it’s not specific, but it is a good way for the House to communicate in what direction it would like to see government policy move.

The proposed House Resolution from Rep. Kinzinger shows that many in Congress understand that the federal government should adopt policies that encourage blockchain innovations to flourish. That means a national fintech charter from the Office of the Controller of the Currency, as well as smart treatment of cryptocurrencies by the SEC, CFTC, FinCEN, and others.


A law firm just filed a petition with the CFTC asking for a "comprehensive rulemaking" on Bitcoin.

Steptoe and Johnson, which has many Bitcoin industry clients, is asking that the commission clarify what constitues as “actual delivery” of bitcoins after a transaction.

As Houman Shadab, Andrea Castillo, and I explained in one of the first law review articles on this topic, this matters because if a trade results in actual delivery of bitcoins (rather than deferred delivery or simply receiving contract rights to bitcoins) the exchange is exempt from certain commodities futures regulations.

The recent CFTC order against Bitfinex has prompted this call for greater clarity. The petition explains:

In the Bitfinex Order, the Commission found that Bitfinex, a Hong Kong based online platform for exchanging and trading cryptocurrencies, violated certain CEA provisions by engaging in retail-financed commodity transactions in bitcoin that did not result in “actual delivery” under CEA … Specifically, the Commission found that the margin transactions were within the scope of the Retail Commodity Transactions provision because the transfer of cryptocurrency from one person’s account to another’s did not satisfy the requirement of “actual delivery” to exclude the transactions from the jurisdictional reach of the CEA.

If the Commission takes up such a rulemaking, we’ll be looking at whether “actual delivery” can be said to take place when ownership of bitcoin is changed on a third party’s books, or only when a transfer happens on the blockchain. And when does a transfer actually happen on the blockchain? Fun times ahead.


Is your crypto-crowdsale a security?

The legal test for what is and is not considered a security is pretty flexible. Beyond the financial instruments that obviously fit the bill, things as weird as orange groves and country club memberships have been regulated as securities too.

DAOs are about as weird as it gets. Things can get muddy very quickly for regulators seeking to understand their purpose and how their work. Recently our director of research Peter Van Valkenburgh went on The Ether Review podcast to discuss the work we have done in educating securities regulators about the finer points of DAOs and other cryptotoken based crowdfunds.

The episode was recorded before theDAO was exploited but foresaw a number of pertinent issues. This makes it an even more interesting primer on the regulatory issues raised by these novel corporate structures.

Listen below:


What does Coin Center actually do day-to-day, anyway?

That’s a question we’re frequently asked, and the reason we’re asked this so often is because we rarely talk about what we actually do day-to-day. We don’t talk about it because a lot of it is meeting with policymakers to explain how cryptocurrencies work and to discuss how the law should treat them (i.e. generally leave them alone), and it’s not really polite to hold a private meeting and then send out a press release about it.

The problem, though, is that this approach isn’t very transparent, and folks end up having no idea what it is we do. So, we’ve thought about it and realized there’s quite a bit we can share either because it’s public or because we can generally say what we did. So we’re going to give you an update from time to time on what we’ve been up to. Here are some highlights of what we did this week:

  • We attended attended Consumer Research’s Bretton Woods conference, at which Peter moderated a panel with representatives from the FTC and NIST.
  • We gave a two-hour briefing to the World Bank’s digital currency working group, focusing on how permissionless blockchains work and reach consensus.
  • We gave a briefing to program officers and staff at the Center for International Private Enterprise.
  • We had catch-up meetings with several staff on the Hill.

So now you know what we do. 😉


Maybe the EU's proposed new AML rules are not so clear after all.

While I think it’s very heartening they seem to draw a distinction between custodial and non-custodial wallet services, Bitcoin Magazine reports that some in the Netherlands are unsure what would qualify as “custodial” and what wouldn’t. Bitonic CEO Jouke Hofman:

Under the current provision, it’s not that clear who or what the regulation applies to, exactly. It covers wallet providers that hold onto private keys of their users. But does it also include wallet providers that hold onto one key for a two-of-three multisig address? What if bitcoins are time-locked and wallet providers cannot spend the funds now, but perhaps in the future? And if the regulation applies to any key holder, where does the definition of a wallet provider begin? Could the regulation perhaps even apply to Lightning Network nodes?

This kind of uncertainty is exactly why we need absolutely clear language both in AML and consumer protection rules. Typically you want to avoid over-specifying when you draft a law, but in this case you want to be as clear and specific as possible to make sure you are exempting applications that should not be covered. For example, here’s the definition of “control” (i.e. custodial) that we helped the ULC develop for its draft Virtual Currency Business Act:

(3) “Control” means possession of sufficient virtual currency credentials or authority on a virtual currency network to execute unilaterally or prevent indefinitely virtual currency business transactions. The term does not include possession, for a reasonably time-limited period, of virtual currency credentials sufficient to prevent virtual currency transactions to provide a service such as an escrow, provided that the user is able to regain unilateral rights to execute transactions following the period in which the escrow was in effect.

We think such clear language would address all of Hoffman’s questions.


The UK's new blockchain welfare benefits trial has privacy advocates freaking out.

Representatives from the Open Data Initiativesay:

Experimenting with putting highly personal data in immutable data stores is fraught with danger. To avoid undermining trust in government’s use of data, DWP should be much more open and transparent about the policy objective of these trials, the safeguards they are putting in place to limit the risks and the lessons being learnt through the trial.

And that's a reasonable concern. As tools, blockchains are better at provably revealing truthful information than they are at obscuring information; they are engines for trustworthy agreement not privacy. Even Bitcoin lacks robust privacy or anonymity for transactions (which is why the continued development of ZCash and Confidential Transactions is so important).

But it's not the supposed use of a "blockchain" that has me worried in this GovCoin case. I can't find the source code for this trial tech anywhere, and have to suspect that the software is proprietary. The public can only judge the privacy of a technology if the software can be openly audited. Bitcoin and other cryptocurrencies are powered by open source software, anyone can look at every detail of its technical specification. We should expect no less from a blockchain software stack employed by a government.


The OCC’s new banking risks report mentions “virtual currency” twice.

The first mention is:

Banks and other businesses continue to receive extortion demands to be paid in virtual currency in exchange for preventing or stopping distributed denial of service attacks or for the decrypting or return of proprietary information.

The report cites a McAfee study finding that ransomware samples are one the rise. As we have noted before, cryptocurrencies are not a but-for cause of these attacks. Rather, threats like ransomware depend on poor cybersecurity, which has nothing to do with digital currencies.

The second mention of “virtual currency” in the report reads in its entirety:

New platforms and technologies, such as virtual currencies, enable anonymity for cyber criminals, including terrorists and other groups seeking to transfer and launder money globally. These methods not only pose substantial challenges for compliance with the Bank Secrecy Act and Anti-Money Laundering (BSA/AML) laws and regulations, but also help cyber criminals raise funds to pay for physical and cyber attacks.

It’s interesting that “virtual currency” is used as an example of a broader set of “new platforms and technologies” about which the report is warning. To our knowledge, there is no evidence that cryptocurrency has been used by terrorist groups to ‘pay for physical attacks.’ Cryptocurrencies are also not as anonymous as many believe. A better example for this broader set of these enabling technologies might be prepaid cards.


A new NYSE-traded Bitcoin ETF is about to give the Winklevoss Bitcoin Trust a run for its money.

It’s called the SolidX Bitcoin Trust and its S–1 was filed with the SEC today. The most interesting contrast between the two proposed funds is what happens if their bitcoins are lost or stolen. In its S–1 filing, the Winklevoss explained that:

The Trust will not insure its bitcoin. … Therefore, Shareholders cannot be assured that the Custodian will maintain adequate insurance or any insurance with respect to the bitcoin held by the Custodian on behalf of the Trust. Furthermore, Shareholders’ recourse against the Trust, Custodian and Sponsor under [New York] law governing their custody operations is limited. … Consequently, a loss may be suffered with respect to the Trust’s bitcoin which is not covered by insurance and for which no person is liable in damages.

In a recent filing with the SEC, the fund’s Bats Exchange explained that:

The Custodian has evaluated different insurance policy options and determined not to obtain coverage at this time due to insurers’ lack of understanding and sophistication with respect to Digital Assets, which has led to a thin marketplace of policies that are (i) not priced in an actuarially-fair manner and (ii) don’t properly model relevant loss vectors. Unfortunately, an efficient and effective marketplace for bitcoin insurance has not yet developed.

Despite all that, in its S–1 filing today, SolidX reports that it has secured insurance for its bitcoin holdings:

The Trust will maintain crime, excess crime and excess vault risk insurance coverage underwritten by various insurance carriers. The purpose of the insurance is to protect shareholders against loss or theft of the Trust’s bitcoin. The insurance will cover loss of bitcoin by, among other things, theft, destruction, bitcoin in transit, computer fraud (i.e., hacking attack) and other loss of the private keys that are necessary to access the bitcoin held by the Trust.

That’s quite a stark contrast. Coin Center has previously worked with Lloyds of London to help it and its insurance market participants understand the challenges and risks of securing bitcoins. You can read our report for Lloyd’s here.


Coverage of the EU’s new digital currency AML rules missed the most interesting bit.

While there was plenty of reporting this week about the fact that the European Commission proposed new EU-wide rules with somewhat stricter requirements than have been applied to date, the fact that these rules would only be applicable to exchanges and custodial wallet providers went largely unremarked. From the propose amendment to the AML directive, the newly covered entities would be:

(g) providers engaged primarily and professionally in exchange services between virtual currencies and fiat currencies;

(h) wallet providers offering custodial services of credentials necessary to access virtual currencies.

This is very careful and wise drafting. It should mean that service providers who do not hold keys for customers (like software wallets) or services providers who do hold keys but not enough to access a balance (like multisig wallet services) would be exempt. As for exchanges and custodial wallet services, these new rules should not be too burdensome because they already comply with essentially the same obligations imposed by the individual countries in which they do business. This new proposal would only standardize existing requirements across the EU.