The SEC Nearly Doubles the Size of its Enforcement Division’s Crypto Assets and Cyber Unit
Merkle Science
On May 3, 2022, the Securities and Exchange Commission (SEC) announced that it is nearly doubling the Crypto Assets and Cyber Unit, bringing the headcount to a total of 50 positions. The SEC said that the 20 new additions include investigative staff attorneys, trial lawyers, and fraud analysts.
In the press release, the SEC cited a booming period for crypto markets and a corresponding responsibility to keep investors safe from the growing risk of fraudulent investment schemes, as well as, mitigating cyber-related threats as a reason for expanding the unit.
“Crypto markets have exploded in recent years, with retail investors bearing the brunt of abuses in this space. Meanwhile, cyber-related threats continue to pose existential risks to our financial markets and participants,” said Gurbir S. Grewal, director of the SEC’s Division of Enforcement. “The bolstered Crypto Assets and Cyber Unit will be at the forefront of protecting investors and ensuring fair and orderly markets in the face of these critical challenges,” he added.
In recent years, the crypto market has experienced a meteoric rise both in terms of use and distribution. Reportedly, the global crypto market reached a value of $1.7 trillion. However, greater commercial viability and an increase in the trading volumes have also resulted in an increased risk of fraudulent activities including; cyber-security threats, rug pulls, bridge exploits, flash loan attacks, and reentrancy hacks among others. For instance, on April 17, 2022, Beanstalk Farms, a decentralized stablecoin protocol, suffered a flash loan attack with total losses skyrocketing to $182 million. Further, in March 2022, Ronin Network, an Ethereum-linked sidechain developed specifically for popular crypto game Axie Infinity, lost around $568 million worth of crypto in a security breach. The attacker used hacked private keys in order to forge fake withdrawals through two specific transactions. The Ronin exploit follows the Wormhole bridge attack, wherein the attacker bypassed the verification process to mint 120,000 wETH worth over $320 million at the time, from the Wormhole bridge on Solana.
What is the Crypto Assets and Cyber Unit and what does it do?
The Crypto Assets and Cyber Unit, formerly known as the Cyber Unit, is a part of the SEC’s broader Enforcement Division and is responsible for protecting investors in the crypto markets.
Since its creation in 2017, the unit has brought more than 80 enforcement actions related to fraudulent and unregistered crypto asset offerings and platforms, resulting in monetary relief totaling more than $2 billion. For example, in February 2022, the SEC announced that crypto trading platform BlockFi had agreed to pay a $100 million penalty for selling its crypto-lending product without registering it. In the same month, the unit targeted Richard Hoffman for soliciting investments from his clients for a crypto-trading Ponzi scheme run by Zima Global Ventures. More recently, in April 2022, the SEC charged the automated cryptocurrency fund, Block Bits LLC and its co-founders Japheth Dillman and David Mata with fraud and registration violations. To learn more about the SEC’s crypto assets and cyber enforcement actions, click here. Besides the above-mentioned actions, the unit has also brought numerous actions against SEC registrants and public companies for failing to maintain adequate cybersecurity controls and for failing to appropriately disclose cyber-related risks and incidents.
In the future, while continuing to tackle the omnipresent cyber-related threats to the U.S. financial markets, the expanded unit will focus on investigating securities law violations related to:
- Crypto asset offerings
- Crypto asset exchanges
- Crypto asset lending and staking products
- Decentralized finance (DeFi) platforms
- Non-fungible tokens ("NFTs")
- Stablecoins
The SEC Chair Gary Gensler observed that the unit “has successfully brought dozens of cases against those seeking to take advantage of investors in crypto markets. By nearly doubling the size of this key unit, the SEC will be better equipped to police wrongdoing in the crypto markets while continuing to identify disclosure and control issues with respect to cybersecurity."
The obvious outcome of this announcement is that the SEC will have more resources and staff to conduct investigations and launch enforcement actions against individuals and entities in the crypto asset space that may have previously violated federal securities laws. Moreover, now the unit will have the bandwidth to undertake more intensive investigations, going beyond cases of outright investor fraud in the sale or promotion of cryptoassets and perhaps into more nuanced areas of enforcement of DeFi platforms, NFTs offerings (including fractional offerings), and stablecoin disclosures and reserves.
However, not everyone is happy with the SEC’s plan to increase the headcount in the Crypto Assets and Cyber Unit, to express her dissent, ‘Crypto Mom’ and the SEC Commissioner Hester Pierce tweeted that “the SEC is a regulatory body with an enforcement department. It’s not an enforcement agency. Why are we leading the way in crypto enforcement.” Representative Tom Emmer, Co-chairman of the Congressional Blockchain Caucus, who had previously criticized the overregulation of crypto, appeared to echo Peirce’s sentiment, retweeting her tweet with the “finger pointing down” emoji.
How can Merkle Science help?
The SEC is increasing its regulatory scrutiny over the crypto market and is continuing to focus on crypto enforcement of existing regulations. The SEC now has more staff to conduct more numerous and extensive investigations and bring enforcement actions against crypto businesses that may have previously violated and still continue to violate federal securities laws.
Going forward, crypto businesses will need to put compliance first and proactively engage with the SEC and other regulatory authorities to understand how they can operate within the regulatory parameter. To avoid facing enforcement action, crypto businesses should seek registration, ensure timely threat detection, and put in place robust compliance frameworks that will help them meet the AML/KYC standards set up by the SEC. Implementing effective due diligence and compliance frameworks, will not only enable consumer and investor protection but also give them a clear competitive advantage.
Merkle Science’s highly customizable and easy-to-use platform provides businesses with 360-degree compliance support. Our predictive cryptocurrency risk and intelligence platform set the standard for the next generation of financial safeguards and criminal detection. Merkle Science's proprietary Behavioral Rule Engine allows users to tailor the tool according to businesses’ own risk policies —based on the requirements set by each jurisdiction.