On Dec. 9, 2018, Gerald Cotten, CEO of Canada’s then-largest cryptocurrency exchange QuadrigaCX passed away, taking with him $215 million worth of the exchange’s client assets (primarily in Bitcoin and other cryptocurrencies). After QuadrigaCX’s demise, roughly 17,000 creditors, primarily consisting of everyday Canadians, lost most of the assets provided to QuadrigaCX’s “custodial” or “hosted” cryptocurrency wallet. QuadrigaCX marketed itself as a licensed money services business with FINTRAC, in compliance with anti-money laundering rules.
QuadrigaCX’s demise and the losses experienced by ordinary Canadians provided a clear example of the risks involved with aggregated cryptocurrency holdings by regulated entities. Despite these risks, regulators globally have since started proposing regulations encouraging aggregated cryptocurrency holdings, by targeting and discouraging the use of their alternative, “self-hosted wallets.”
What is a self-hosted wallet?
A self-hosted wallet is an alphanumeric code that provides access to a specific address on a blockchain network. When interacting with a blockchain service, such as creating an NFT (non-fungible token) or playing a game, a self-hosted wallet may be used to interact with the service by accessing the specific blockchain address it represents. The fundamental purpose of a self-hosted wallet is that it allows for an individual to securely participate directly with a network. This form of participation isn’t generally possible with a hosted or custodial wallet provided by a regulated entity.
Self-hosted wallets are essentially passwords to blockchain addresses, making the term a misnomer. This differs from custodial or hosted wallets that are provided by regulated entities that provide a similar service and share analogous infrastructure to bank accounts or online payment services, where the entity holds cryptocurrencies on behalf of others.
Many active participants in the blockchain industry prefer to use self-hosted wallets because of the risks associated with hosted wallets. Beyond QuadrigaCX, many exchanges and platforms that provide hosted wallets have been targeted by various scams and theft, such as “SIM-swapping” attacks, resulting in millions of dollars’ worth of customer cryptocurrencies being stolen in recent years. Having cryptocurrencies spread out across numerous secure self-hosted wallets (disaggregated) has prevented individuals from falling victim to cybercrime. Unfortunately, regulators have ignored this dynamic when crafting regulations addressing self-hosted wallets.
The current direction being pursued by regulatory bodies in the United States and Europe is mandating regulated entities to perform anti-money laundering measures against self-hosted wallets they interact with. The European Parliament’s Committee on Economic and Monetary Affairs recently approved a proposal for amendments to fund transfer legislation that would require regulated entities to obtain, retain and attempt to verify the beneficiary information of the self-hosted wallet they interact with. In the United States, the Financial Crimes Enforcement Network has proposed amending anti-money laundering legislation to require regulated entities to keep records and verify the identities of individuals using self-hosted wallets that they transact with.
Canadian regulators have yet to announce measures targeting self-hosted wallets. However, it was widely reported that tweets made by high-profile executives at American cryptocurrency exchanges, advocating for the use of self-hosted wallets, were referred by the Ontario Securities Commission to the Royal Canadian Mounted Police for investigation. This likely signals the government sector’s stance on this topic for future regulation.
Problems with these approaches
Regulators have begun targeting the use of self-hosted wallets by proposing new anti-money laundering rules, indicating what may be a fundamental misunderstanding of their purpose. Viewing fund transfers as the main purpose of self-hosted wallets, rather than an incidental feature, makes the application and coverage of comprehensive anti-money laundering regulations potentially devastating to the function and widespread adoption of self-hosted wallets. The decision to regulate a core component of blockchain technology in this manner also represents a large divergence from the regulation of other technologies.
By applying blanket compliance regulations to self-hosted wallets, many functions not associated with fund transfers may become impractical and cease occurring with self-hosted wallets. Further, compliance measures may discourage regulated entities from interacting with self-hosted wallets and other service providers that primarily deal with self-hosted wallets. This will have the effect of increasing the potential for systemic risks associated with the aggregation of cryptocurrency holdings by regulated entities. It will also result in a significant amount of resources being required to monitor transactions in self-hosted wallets to comply with regulations for activities whose risks may not justify the costs.
By characterizing self-hosted wallets as a fund transfer tool, regulators have begun on a path toward applying overbroad regulations to this fundamental blockchain technology. This will likely result in burdensome financial surveillance measures being required for many activities where they are irrelevant and difficult to institute, threatening the viability of different use cases for blockchains over the long run.
As the prevalence of blockchain technologies grows over time, it’s vital for the regulatory environment to evolve alongside it in a thoughtful manner that doesn’t threaten its viability. While governments have every reason to take measures to combat anti-money laundering, it is unclear why overbroad legislation is being proposed against self-hosted wallets as opposed to physical cash, gold and other commodities, where money laundering and other illicit activities are well documented and prevalent on an absolute and relative basis.
Self-hosted wallets are widely seen as the safest method for interacting with blockchain networks and an effective method of disaggregating cryptocurrency holdings. Through a more thorough and nuanced understanding of blockchain technologies, pragmatic and effective regulations can be drafted to properly address regulatory concerns without the risk of another QuadrigaCX incident from occurring. This article was originally published by The Lawyer’s Daily (www.thelawyersdaily.ca), part of LexisNexis Canada Inc. Photo credit: @ / Shubham Dhage — UNSPLASH.COM