When Berkshire Hathaway’s (NYSE:BRK.A, NYSE:BRK.B) Charlie Munger called Bitcoin (CCC:BTC-USD) “useful to kidnappers and extortionists” and “contrary to the interests of civilization,” crypto enthusiasts sneered. But, today, his words are even more incendiary.
Sunday’s cyberattack on JBS (OTCMKTS:JBSAY), the world’s largest meat packer, follows on the heels of the May 6 Colonial Pipeline attack, which shut down access to 45% of the East Coast’s gasoline and diesel fuel for 11 days. After two chaotic infrastructure shutdowns and an attack on the New York City subway system, it’s clear that the ransomware epidemic poses a legitimate threat to both U.S. corporations and national security interests.
With reports suggesting that both ransom demands came from criminal organizations based in Russia, cybersecurity is now at the center of the Biden administration’s national security agenda. Dozens of advisers want the U.S. to take a more organized, more sustained focus on threats like election interference and cybercrime — especially following the non-partisan approach of the past.
But solving the ransomware problem requires more than diplomacy and a lockdown of critical assets. What needs to stop is a dangerous pattern of crypto-based extortion by cybercriminals. Today’s pirates don’t accept cash. They take coin. And by leveraging the anonymity of the crypto ecosystem, they’ve been able to evade regulators and law enforcement.
The cloak of invisibility is a powerful weapon. Darkside, which extorted nearly $5 million from Colonial Pipeline, amassed roughly $90 million so far this year. Thousands more ransomware pirates are emboldened to take American companies hostage by taking control of their computers. Estimates suggest the costs of direct extortion will be in the billions this year alone, with the collateral damage to the economy costing much more.
Solving the cybercrime epidemic is complicated, but not because it’s technical. The problem isn’t ransomware: it’s crypto. Ransomware can’t succeed without cryptocurrency. The pseudonymity that crypto provides has made it the exclusive payment method for hackers.
And now, after having enjoyed more than a decade out of the watchful eye of the government, cryptocurrency may face regulation in the U.S.
Trouble is, there’s no easy way to regulate a “platypus.” By its very nature, crypto is a strange beast that doesn’t easily fit into one asset class. It’s used for payments, but isn’t legal tender in any jurisdiction. It’s amorphous, not beholden to national borders, or even controlled by any third-party monetary authority. And while crypto’s anonymity played a huge part in attracting libertarian-minded adopters, it’s now considered by most observers a barrier to mass adoption.
The crypto regulatory debate is also part of something much bigger. In the quest for global financial power who wins? The U.S. banking machine or the masses? Will regulation kill crypto, or will it make it safer, stimulating mass adoption? While no one has the answers, one thing is clear. A tide that shifts toward regulation could mean big sweeping changes for the financial legal system. It could also mean big changes for the long-term value of cryptocurrency itself.
With that said, here’s a closer look at the ransomware problem and what’s at stake.
A Brief History of Hacking
The history of digital privacy starts with Napster, whose peer-to-peer (P2P) file sharing software almost destroyed the entire music industry. Cybercrime has come a long way since. By the late 2000s, the digital threat evolved to “pharma hacks” by Russian spammers, whose shady Viagra and Cialis emails netted roughly $100 million a year from their victims.
By the mid-2000s, ransomware was born. Ransomware is malicious software that takes control of a computer, either by encrypting files or threatening to publicly expose data. As the name suggests, ransomware releases that control only after receiving a ransom payment.
Over the past decade, the complexity and number of these attacks has grown. So too has the bounty. In 2020 almost $350 million worth of cryptocurrency went to wallets associated with ransomware attacks. Early strains like Locky demanded ransoms of just 0.5-1 bitcoins — worth around $500 based on Bitcoin prices at the time. This year, the average remediation cost of a ransomware attack, including business downtime, lost orders, operational costs and more, totals $1.85 million.
Not only are the monetary stakes higher. The attacks now target critical infrastructure, large corporations and government agencies. According to Microsoft (NASDAQ:MSFT), Russian hackers have staged cyberattacks on over 150 government agencies around the world. Gaining access to critical systems allows ransomware operators to demand higher ransoms and increases the sense of urgency to pay. After a jump in gas prices and panic buying along the East Coast, Colonial Pipeline reportedly paid extortionists roughly 75 Bitcoin — nearly $5 million in ransom to recover its stolen data.
Swimming With the Platypus
Digital crime has a long checkered past. But with almost 8,000 cryptocurrencies in the mix, the con has become more nefarious. Bitcoin makes exploitation much easier. So much so that there’s even a new business model for it. Developers sell or lease ransomware, empowering malicious actors who aren’t tech-savvy themselves to receive payment quickly and securely. Ransomware-as-a-service (RaaS) anyone? And Binance, the world’s largest crypto exchange, is being investigated by the Internal Revenue Service and the Justice Department for money laundering and tax evasion.
Crypto supporters, or “coiners” point out that fiat currencies like the dollar have been used for crime and corruption forever. But, it can also be argued that the main purpose of cryptocurrency is to facilitate off-the-books financial transactions. That can’t be said about the dollar, which is government-backed and supports trillions in commerce daily. Even your bank account is insured by the federal government. In contrast, countless crypto exchanges have closed down due to hacks, scams or simply disappeared for unknown reasons.
The Biden administration hasn’t yet crystallized its view. While having tacitly acknowledged Bitcoin as a property, it’s also trying to regulate it as property vulnerable to exploitation. The president’s executive order mostly focuses on improving cybersecurity in the private sector and public-private collaboration to protect critical infrastructure. This week, Biden launched a strategic review to address the increased threat of ransomware. The focus: find and pursue criminal transactions, evaluate how ransomware is distributed and work with other nations to “hold countries who harbor ransom actors accountable.”
It’s a start. But many observers view these efforts as inadequate. Ransomware can’t succeed without cryptocurrency. So, do we outlaw crypto?
A handful of countries — including China and Russia — have banned Bitcoin and other cryptocurrencies, outlawing their use and investment altogether. The view here is that allowing cryptocurrency would ultimately result in loss of economic power and a dangerous shift toward decentralized economies globally.
A Middle Ground?
But for the U.S. the answer to the ransomware problem probably lies somewhere in between. Banning anything runs counter to the American ethos of capitalism and democracy. Caitlin Long, crypto pioneer and CEO of Avanti Financial Group, describes Biden’s policy approach as “if you comply with applicable laws and regulations, we’re cool with whatever.”
One place to start: register all corporations that use crypto. That way, the U.S. government could make payment for criminal activities using crypto increasingly difficult.
Next, clarify whether crypto is a security or a commodity. Nothing is more symptomatic of this confusion than crypto’s classification by U.S. regulatory agencies and updates to the new tax law. The Commodity Futures Trading Commission (CFTC) treats Bitcoin as a commodity. The IRS treats it as property.
A new bill in Congress, called the Eliminate Barriers to Innovation Act of 2021 — wants to fix that. The aim is to clarify when the SEC has jurisdiction over a particular token or cryptocurrency (when it’s a security) and when the CFTC does (when it’s a commodity). This particular question has been a contentious topic following the SEC’s prosecution of Ripple (CCC:XRP-USD) for allegedly operating an unlicensed security with its XRP cryptocurrency.
Crypto and Digital Money 2.0
The biggest piece of the crypto puzzle: the U.S. Federal Reserve. To date, there’s nothing to suggest the central bank is actually going to issue a digital dollar or any other form of central bank digital currency (CBDC). The Fed is currently working on a joint project with the Massachusetts Institute of Technology to evaluate a digital dollar. That said, there’s no indication of whether the U.S. central bank will move forward.
While the trajectory is unclear, the conversations have at least begun. A CBDC marries the convenience and security of cryptocurrency with the regulated and reserved-backed money circulation of the traditional banking system.
Ultimately, for crypto to achieve mainstream adoption, it will have to be seen as “normal,” like cash or more traditional assets. A CBDC could allow a digital dollar to function more like the U.S. dollar and potentially gain widespread acceptance. It would also stop ransomware. A central database would keep a record of the amount of money held by every entity (individuals AND corporations) and at the same time provide the appropriate privacy and cryptographic protections.
The big question is whether or not mainstream adoption, safety and regulation ultimately destroy the financial freedom and autonomy that have made cryptocurrency so sexy in the first place. With Bitcoin valued at just under $800 billion, roughly half the market cap of tech giants Amazon (NASDAQ:AMZN), Alphabet (NASDAQ:GOOG, NASDAQ:GOOGL) and Microsoft, the market is speaking. Loudly.
To quote cybersecurity pioneer John McAfee, “You can’t stop things like Bitcoin, it’s like trying to stop gunpowder.”
Your comments and feedback are always welcome. Let’s continue the discussion. Email me at firstname.lastname@example.org.
On the date of publication, Joanna Makris did not have (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.com Publishing Guidelines.
Joanna Makris is a Market Analyst at InvestorPlace.com. A strategic thinker and fundamental public equity investor, Joanna leverages over 20 years of experience on Wall Street covering various segments of the Technology, Media and Telecom sectors at several global investment banks, including Mizuho Securities and Canaccord Genuity.