By Henry C. W. Price with additions from Hugh Lawson-Tancred,  GCEX Research and Advisory Board
By Henry C. W. Price with additions from Hugh Lawson-Tancred, GCEX Research and Advisory Board

Risk Old and New - Crypto has a lot to learn and some things to teach

Digital assets are part of a broader class of financial innovations and arguably originated in e-money and credit card projects in the 1990s. However, a balance of your funds digitised, and accessed through even an ATM for cash, could also make it a ‘digital asset’. Computer-based representations of real-world assets are currently reimagined using tokens and smart contracts.

Digital assets are part of a broader class of financial innovations and arguably originated in e-money and credit card projects in the 1990s. However, a balance of your funds digitised, and accessed through even an ATM for cash, could also make it a ‘digital asset’. Computer-based representations of real-world assets are currently reimagined using tokens and smart contracts.

Satoshi Nakamoto’s original proposals essentially remove the central database from digital money, reducing the chances of manipulation and also 3rd party involvement, in a white paper titled “A Peer-to-Peer Electronic Cash System”.

Decentralised systems, developed into DLT (Decentralised Ledger Technology), do not usually have a central authority. Bitcoin is the end of a journey for decentralising technology comprising, for example, BitTorrent (the same Bit as Bitcoin), Napster and other file-sharing systems which were prominent in the early 2000s.

Another critical element of the philosophy that built Bitcoin appears in the 1997 article ‘The God Protocols’ by Nick Szabo. God Protocols allude to the act of faith required to transact on the internet, as the other party can never be wholly known as in a ‘real world’ interaction. This raises the crucial concept of counterparty risk, and how to avoid it. On the internet party A and B can choose to use PayPal. By introducing a party, you remove the risk (also maybe introducing some anonymity) but involve a third party. What Bitcoin and subsequent digital asset technologies attempt to do is eliminate third parties. A protocol that can mediate transactions - alone is a ‘God Protocol’.

Another set of critical terms commonly used in the crypto world include ‘Trustless’, ‘Peer to Peer’ and ‘anonymous’. Achieving these in one system was the holy grail for original cryptocurrencies. There is greater nuance after 20 years, which will be explored in this article. 

“It’s very attractive to the libertarian viewpoint if we can explain it properly. I’m better with code than with words though.” - Satoshi Nakamoto

Risks for Institutions Dealing with Crypto Assets

KYC in crypto is a bit problematic; given its origins, the primary goal of cryptocurrencies in their original conception was to create a trustless and anonymous peer-to-peer transactional network with an associated database. Such a decentralised system was specifically intended to evade the reach of governments. Obviously, the authorities can still have some control over the on and off-ramp of these currencies to the fiat world. Regulatory, cybercrime and counterparty risk are the stand out areas.

There are some novel KYC risks; however, Bitcoin is not strictly an anonymous system, but a pseudo-anonymous system, i.e. by repeated use of a public address a profile can be built up. If these transactions mimic that of a known entity in the real world, they can be linked to that entity.  Blockchain records are permanent, which is the strength of this technology or perhaps a weakness if indefinite privacy is required. For example, encrypted files could be decrypted or otherwise security-compromised as computers advance – encrypted or not the information remains in plain sight. Everything done on a public blockchain is indeed public forever.

We will divide this risk area into three subsections. There are old tools, new risks and new tools.  

A table of largest hacks with their time of date valuation. Ethereum was not created until approximately 2015 and more widely traded in 2016. 

Old Tools

Best execution is a trading venue problem, and unfortunately, Cryptocurrency was designed to facilitate trading between counter-parties in novel ways, especially through smart contracts. But it is not fast. Speed and efficiency almost always require centralisation.

We see a wave of technologies producing `second layer’ solutions such as the Lightning network and also projects connecting counterparties. Networks with a second layer ledger could be used to lock funds, providing ‘proof of coin’ and also allowing parties to settle on the main Blockchain only when needed, i.e. end of day and allowing netting. 

It is incredibly slow to move Bitcoin ‘on-chain’ between venues, approximately 60 minutes or six-block confirmations. The price to move currency and speed is also dependent on other participants; precisely when there is high volatility, on-chain transactions are both expensive and slow.

For Centralised exchanges collateral can be placed in an omnibus wallet and represented on a standard central limit order book. This technology is what we like to call ‘old world’. Still, the old world must be given credit for its advances, especially in matching technology in limit order books and trade execution.

Trading technologies do not mitigate the pervasively fragmented nature of the cryptocurrency markets, although it is improving. What is vital for best execution is that good liquidity comes from numerous venues and committed market makers, along with tried and tested trade architecture.

Recent developments in cryptocurrency exchange infrastructure are clearly being leveraged; this means markets are becoming more connected, having more algorithmic trading and of course, more derivatives. At the same time, there is market maturity, with the ‘Wild West’ yielding to more regulations including special protections for retail investors

Figure 1: Hacks by date separated in two Business Quarter buckets, the time of hack valuation in USD. Note 10x scale for Bitcoin vs Ethereum.

New Risks

Insider trading could also become a concern if individuals control a network or large amounts of tokens, perhaps acting pseudo-anonymously. Satoshi Nakamoto is the perfect example of decentralisation done correctly. Even as the creator of the organisation in Bitcoin; he does not exist today and may never have. Also, the democratisation of mining means that Satoshi is not the largest holder or influencer of the currency. During recent cryptocurrency speculatory periods, many creators, leaders of core developer teams or controlling those large amounts of mining power can and did perhaps manipulate the market.

Dorgs and Dapps are still under-addressed by regulation. The SEC Release No. 81207 / July 25, 2017, describes critical problems with “The DAO” (“The Decentralised Organisation”) See table 1. One of the main criticisms was that token holders had no meaningful control. Great care should be taken when investing in new schemes. The problem with “The DAO” was a contract bug, however, standardisation of contracts has developed more and more in the last few years. Using professional custodians and other institutions designed to hold and create these digital assets and accompanying contracts will increase institutional confidence in this area. However, investors should remain cautious about weakly tested technology.

Many regulators’ most recent announcements also include the new digital asset licences from the Hong Kong’s Securities and Futures Commission. Regulated entities should find ways to issue tokenised securities known as STOs (Security Token Offerings), and this goes hand in hand with regulation increase and advances in standardisation of smart contracts and legal frameworks for these tokenised assets. These also include stable coins, tokenised fiat and other tokens for gold or other commodities but the ideas are expandable to almost any asset class. Regulators are technology agnostics. Similar ideas have long been considered, one early example includes French order no. 2017-1674 dated 8 December 2017 (the “DLT Order’’) allowing some French securities to be recorded on a DLT.

Figure 2: Distribution of hack sizes.

AMLD5 and FCA registration

Crypto exchanges have operated in the UK and globally in some form or another since a few years after Bitcoin’s creation, becoming more and more formalised, with Mt. Gox and BTCChina being some of the early large projects. The FCA imposed mandatory registration for all crypto platforms and other businesses; all such platforms need to be registered to continue operation by January 10, 2021. This moves cryptoasset exchanges into the fold to comply with the European Union’s fifth AML Directive (AMLD5).

In some of the latest guidance “All cryptoasset exchange providers and custodian wallet providers. These firms are new categories of firms within the scope of the REP-CRIM obligation.” furthermore states “In our 2019/20 Business Plan, we said we would consider extending the REP-CRIM reporting obligation to more firms. This commitment was also noted in the UK’s Economic Crime Plan from 2019 to 2022.” Money laundering or terrorist financing requires firms in the UK to report suspicious activity to the National Crime Agency ( NCA ) submitting a Suspicious Activity Report (SAR).

Travel Policy and VASPs

The “Bank Secrecy Act” (BSA) rule was issued by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) in the US.  The “travel” rule, which came into effect in May 1997, requires all financial institutions to pass on certain information to the next financial institution in specified fund transmittals involving one or more institutions. The purpose of this act was to assist law enforcement tracking and to audit the transmission of funds, primarily between institutions. This type of regulation has been proposed by FATF issuing guidance in June 2019 for Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs).


We organise hacks (90+) which are on the public record and usually directly or indirectly confirmed by the affected exchanges. There have been some figures quoted for funds lost in scams, essentially widespread cybercriminal activity. In addition, we consider only BTC and ETH, as there are a few hacks for large amounts in new and emerging coins which were stolen at peak pricing in the 2017 ICO bubble. 

From Figure 1, we can see that Bitcoin leads the hacking losses, partially due to its popularity. Hacks of this nature and size are infrequent and tend to align with price peaks or chances and peaks, which make them more of a target for criminal entities, after the price crash in Bitcoin. In late 2014 Bitcoin prices rose to a height of approximately $1,200 and by April 2014 a new low of $340 was reached. This reduction in price also reduces interest in hacks thereby lowering any hack value. 

Figure 2 shows that hack sizes for Bitcoin and Ethereum are approximately $10M and $2M (90th percentile) and $195M and $62M (99th percentile) respectively. The value of hacks in Bitcoin is dwarfed by the infamous Mt Gox hack of 850,000BTC or $540.14M. Bitcoin is associated with significantly more major hacks and larger losses, partly because of the time Bitcoin has been around and its substantially higher valuation. Binance was one of the first instances, where such a large hack loss was borne by the exchange itself and a number of cybersecurity tools were used to trace the lost funds as they were moved. There seems to be a trend downwards of hack losses, and, with insurance contracts being issued, it may be that these hacks will henceforth stay in the experimental or unregulated areas of the industry.

CLEARING HOUSE - Figure 3: Traditional margin management.

Smart contracts and Ethereum problems

By 2016 the newly emerged Ethereum had already sustained “The Dao” fiasco. This contract failure was one of the single biggest losses in Ethereum, and the hard fork solution remains controversial because it broke the key philosophical tenet of “code is law” or “lex cryptographia”, the view 
that, since the hack was possible, it was automatically “legal” and that the contract was badly drafted and should be penalised accordingly. The DAO effectively raised and lost 3,600,000 ETH, then worth $65.69M and would have been worth $860.19M at the time of writing. Just a year later in July 2017, a similar major smart contract hack occurred when a vulnerability was discovered in the Parity Multisig Wallet version 1.5+ that allowed an attacker to steal over 150,000 ETH ($25.52M). 

New Tools

On-chain intelligence
Blockchains provide a super audit trail for the asset ownership they record with a transactional history stretching back from the mining point. Bitcoin is a pseudo-anonymous system meaning that addresses are generated anonymously but can be gradually de-anonymised by repeated interaction with wallets with attached identities. It is possible then to build up a picture of potential counterparties and even of the character of previous and current holders.  

Companies performing “on-chain analysis” build up a comprehensive list of blacklisted wallets, exchange wallets or other wallets used in connection with criminal activity. Using Machine Learning it may also be possible to classify wallets based on their transactional activity and other heuristics. These methods are by no means foolproof but identifying the proceeds of cybercrime (FBI list) and hacks is usually relatively straightforward if exchanges publish the outbound wallet addresses.

Crypto custodians are a necessary addition to the ecosystem. What custodians offer is a way to provide proof of coin and margin assistance as well as providing the much-needed security architecture to store ownership keys on all sorts of blockchain-based asset tracking systems not just for Bitcoin. The custody networks could also increase the speed of transactions as well as providing some privacy compared to ‘on-chain’ activity. Mutual custodians may provide other benefits of reducing counterparty risk and allowing the third party to assist with proof of funds between counterparties. 

Counterparty Risk - Exchanging the Exchange
Counterparty risk, In traditional markets, a third party is used to mitigate risk, usually applying margins and collateral held with a clearinghouse or other venue. 

SMART CONTRACT - Figure 4: Could there be a new way?

However, it may soon be possible to manage the risk in a decentralised manner with smart contracts performing the function of maintaining margins and collateral at the appropriate levels. 

It should be clear that the offering of this new digital space is programmable money. Smart contracts could be used to increase lots of different tokenisation projects but also could be used to reduce counterparty risk. Atomic swaps, another innovation involving smart contracts, are designed for a chain to chain exchange without the loss of funds; it is a contract that will only execute on both chains or on neither, i.e. a trade from Bitcoin to Ethereum has to have both legs confirmed in each chain, or the cryptoassets are returned to their originating wallet address.

An exchange must set margins to manage risk, but this cannot be too high that it will deter customers from trading. What these smart contacts could be used for is shown by Morni et al. in 2017, using Ethereum as a case study and an oracle to calculate the margin requirements. It may be possible to reduce the ‘margin period of risk’ and avoid costly liquidations when cash flows must not be received for a protracted period. Smart contracts could give more transparency to the parties involved. It may be worth noting that in Ethereum gas is used to perform decentralised computations that are encoded in a smart contract. The problem is that in the current version of the Ethereum protocol the costs for operating such a margining system are prohibitively expensive. The transactions and positions are also theoretically available on a public ledger. It may be that these problems can be solved in some future version of Ethereum or another blockchain. It may also make sense to implement them on another ledger that is not public and faster. Second layer solutions have been developed at the moment for both audit purposes and increasing privacy and speed of smart contract and transactions. 

Figure 5: Smart contract as a third party

Decentralised Finance and New Frontiers

What Blockchain certainly could add in terms of finance is providing an audit trail for settlement, but Crypto still has some things to learn from traditional finance. Stablecoins for traced ownership and collateralisation could shake up delivery dates, verification of transfers and all parts of regulatory reporting, compliance and accounting. Much as a transition from tickets to a digitised system for trades.

DeFi and lending products in a world of low-interest rates and also staking returns could find their home in traditional finance. Once digital assets and tokenisation liquidity and adoption increases, there could be many institutions involved in trading using this technology.

Massimo Morini. How the business model must change to make blockchain work in financial markets: A detailed example on derivatives, two years later. 2017. URL 
Nakamoto Satoshi. Bitcoin: A peer-to-peer electronic cash system. Unpublished Manuscript, 2008. URL