Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime
US Bank Regulator Weighs Stablecoin Risks and BenefitsOCC's Hsu: Fraud Loss 'Pales in Comparison' to $2 Trillion Crypto Market Wealth
Acting Comptroller of the Currency Michael J. Hsu, on Friday delivered remarks at the Institute of International Economic Law at Georgetown University Law Center on developing a path forward for U.S.-backed stablecoins, leading to regulatory and security questions as the technology expands.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
Hsu said stablecoins posed challenges, including their stability for the long haul, and he probed whether the digital currency could be interoperable. Currently, the blockchains - or the public ledger that shows a record of cryptocurrency transactions - of the largest stablecoins, such as Ethereum and Solana, and other cryptocurrencies are uniquely coded. This poses a problem as different types of stablecoins, other cryptocurrencies and fiat money cannot facilitate payments together. Some security experts say this is also one of the biggest risks associated with blockchain cybercrime.
Hsu also acknowledged that cryptocurrency losses via cybercrime activity are troubling, however, the market outweighed the total losses by a significant margin.
"Scams, hacks and fraud in the crypto space are a problem," he said, stating that cryptocurrency theft reached $3.2 billion in 2021 - an increase of 516% from the year before.
"That is a big number," Hsu said. "But it pales in comparison to the overall size of the cryptocurrency market, which is around $2 trillion."
Stablecoins are a type of cryptocurrency that is tied to an asset that is considered stable, such as fiat currency or publicly traded assets. While considered less volatile that some other forms of cryptocurrency, there are still similar security concerns.
Last week, U.S. lawmakers made major decisions related to stablecoin regulations, capped by Pennsylvania Republican Sen. Pat Toomey's introduction of a stablecoin bill to Congress and Hsu's comments. The benefits and disadvantages of stablecoins have been widely debated at the federal level, as 1 in 5 Americans trade cryptocurrency.
On the other hand, cybersecurity practitioners say there tends to be a higher risk with stablecoin security than the technology itself. They say emphasis on blockchain tracking technology is needed, as well as staying current on evolving threats.
Challenges Posed by Stablecoin
While legislators have been pushing for regulations for the decentralized currency market, Hsu - who has agreed in the past that regulations are a key component - also sees obstacles associated with the reality of creating a centralized digital currency.
Along with scams aimed at consumers, the general instability of stablecoin and the possibility of policy errors - if not drafted by legislators responsibly - could hurt the U.S. dollar. He also discussed whether a burgeoning blockchain-backed economy was realistic.
"To be clear, the rise of Web 3.0 and a blockchain-based digital economy are not inevitable. Several observers have made thoughtful and credible arguments questioning the value proposition and long-term sustainability of cryptocurrencies and Web 3.0. I find many of their arguments to be compelling," he said. "At the same time, however, it is hard to ignore the rapid growth of the developer community, market signals about blockchain firms' long-term potential, and pronouncements and actions from a range of policymakers and governments."
Security experts also wonder about the likelihood of a digital economy advancing, adding that if it did, it would not happen overnight.
"While the U.S. has been looking into CBDCs [Central Bank Digital Currencies], this is years away in the USA, if at all," Karl Steinkamp, director for cloud consulting firm Coalfire, tells Information Security Media Group.
Still, Steinkamp says, he does not see the interest in various cryptocurrencies waning any time soon.
Stablecoin: Cybercrime Threats?
On the cybersecurity front, the largest threats to security stem from the holes that occur as cybercriminals attempt to hide illicit gains by trading currencies across blockchains, Steinkamp says.
"In this realm, interoperability is critical as many of the recent attacks on crypto have targeted cross-chain solution weaknesses in either design and/or coding on contracts.
Blockchain technology has aided law enforcement agencies in tracking down cybercriminals. Typically, laundering money through digital assets is highly difficult as it is challenging to offload the funds. For instance, several high-profile cryptocurrency criminals has been caught domestically.
John Bambenek, principal threat hunter at security firm Netenrich, says a government push for stablecoin could reflect the belief that it might be used to solve problems, such as tracking transactions for the sake of taxation.
"I think the number [of fraud losses] is an understatement, however, it reflects a growing belief in government that cryptocurrency principles can be used to take the technology and solve government problems with them," he says.
Cybercriminals, as witnessed by the gravitation toward stealing from cryptocurrency firms, will adapt to the most lucrative options to defraud victims. But Steinkamp says he does not see an issue with the technology as much as a need for better security training.
"The amount of theft is a signal to the cybersecurity community that more focus in this area is needed, in terms of detective and preventative technologies, as well as better trained personnel, to combat this evolving threat," he says.
If stablecoin transactions at the government level manifest, CISOs in the finance sector will have to monitor fraud evolution through the use of stablecoin.
"BEC [business email compromise], advance fee fraud, and others can be greatly expanded if an organization switches to stablecoin for purposes for their own financial transactions," Bambenek tells ISMG.
As the digital asset space continues to grow, CISOs will also need to employ the proper training techniques, similar to those launched by the FBI's newly formed Virtual Asset Exploitation Unit, according to Steinkamp. This might include building a sector of security that specifically focuses on managing and securing cryptocurrency assets.
"Stablecoins are and will continue to be a key component within the cryptoasset space," he says, and adds that professionals can concentrate on bolstering blockchain defenses.