Taking further steps into the world of cryptocurrency, two entities of the federal government recently took legal action against BitFunder, a now-defunct Bitcoin exchange, and its founder, Jon Montroll. The Securities and Exchange Commission filed civil charges against BitFunder and Montroll, and the U.S. Attorney’s Office in Manhattan brought criminal charges of perjury and obstruction of justice against Montroll, who was arrested and taken into custody. BitFunder was an exchange that, among other things, empowered its customers to create and trade Bitcoin denominated shares of enterprises. The numerous allegations and charges against the defendants include:
- Montroll used his investors’ funds for personal expenses.
- BitFunder was hacked and victimized by a group of its own users, who stole approximately $750,000 of customers’ Bitcoins from the company’s wallet, which commingled customers’ funds.
- BitFunder and Montroll failed to disclose this theft and the resulting losses, and tried to cover them up.
- BitFunder and Montroll fraudulently issued securities on BitFunder to raise money to cover their losses, while telling investors the securities would be used for other purposes.
Putting it Into Practice: This case illustrates a number of key lessons for practitioners –
- Remember that dangers lurk within your organization, as well as outside. Here the hack was perpetrated by the exchange’s own users, whose accounts unintentionally gave them stronger permissions on the system than they should have had.
- Government agencies, including particularly the SEC, are going after the failure to disclose a material breach, or worse, cover it up or lie about it. You can work to avoid this danger by preparing properly with a strong, updated incident response plan.
- While the underlying facts in this case took place over four years ago, Bitcoin and other cryptocurrencies remain in their infancy. Industries at this early stage face heightened risks. If you are considering using cryptocurrency or other forms of blockchain technology, choose your vendors carefully. Make sure you are selecting careful, responsible partners, with a strong legal and compliance structure that will minimize your legal and financial risk.