‘‘If Al Capone were alive today, this is how he would be hiding his money.”[1]

1. Introduction To Cryptocurrencies

The worth of an object is only measured by the value ascribed to it by others. A Monet painting would be only so much canvas and paint, but for the greatly esteemed skills of the artist; a branded scarf is only a piece of clothing, but sought after by fashion enthusiasts for its design pattern; a vintage wine is in essence an old and potentially acidic beverage, bur prized by gourmets for its earthy taste and rarity. All these examples describe how the economy functions- the principle of supply and demand; something that is rare but greatly desired will attract more value than something that is abundant and unappreciated. Tastes, and demand, fluctuate depending on random or specific events, ranging from what is fashionable to people’s perception of the economy’s outlook. Gold and other precious metals are such an example. The price of gold fluctuates dramatically, depending on what people will pay for it at any given moment; its value also increases in those times when national currencies are perceived as less reliable.

Cryptocurrencies, like bitcoin, are not linked to any national economy.  Like the Internet, cryptocurrencies operate through the system which is the sum total of those connected to it, and work on an open source protocol. In simple terms, a cryptocurrency is just a number in an electronic ledger- this is similar to the way in which money is held in a bank. With a traditional bank however, only the bank can see the whole database whereas with the cryptocurrency all participants have a copy of the full ledger distributed to account holders.

Even though a cryptocurrency can only be accessed or used by the authorized person who has the password, everyone with a cryptocurrency has a copy of the electronic ledger. Transactions are therefore considered transparent and include a randomly generated alphanumeric code (an identifier) that make them pseudonymous. This means that cryptocurrencies offer increased protection through a pseudonymization process, rather than anonymously.[2] Anonymity would require that it is impossible to trace the transaction to the owner- even though it is very difficult to do so, it is not impossible.[3]

Cryptocurrencies (or “Crypto coins” or “Virtual Currencies”, or “Bitcoin” –the last for the sake of simplicity and given how this is the most accepted cryptocurrency- used interchangeably in this paper) are digitally encrypted sequences of numbers. They enable digital transactions to be undertaken securely and with a high-degree degree of pseudonymity.[4] Every transaction conducted through the cryptocurrencies is verified via decentralized peer-to-peer networks and then broadcasted on public ledgers that encode the transaction histories of each individual cryptocurrency. The transaction is considered complete once every node validates it. The technology that provides the bedrock to bitcoin, and many more things than just cryptocurrencies, is called blockchain.[5]

The last few years have brought significant change in the way digital transactions are undertaken. We typically differentiate between three types of virtual currencies:

• Certain virtual currencies are deployed within a closed system, which can generally not be obtained with legal tender, nor exchanged for such tender.[6]
• A second type of virtual currencies includes currencies that can be purchased against legal tender, but cannot be converted back into legal tender.[7]
• The last type of virtual currencies is bidirectional virtual currencies: they can be obtained against legal tender, and can be exchanged back into legal tender.[8] This is where cryptocurrencies like the bitcoin enter into the picture, being distinct in that they have not been issued by a central authority.

In terms of usability, closed scheme virtual currencies principally only serve the single purpose for which they are created. For instance, a coin purchased and created within a video game[9] can only be spent within the game. However, such a currency can gain broader use, for instance when a loyalty scheme is combined with issuing a virtual currency.[10]

The current paper will discuss the history of cryptocurrencies, and bitcoin in particular due to its popularity, as well as the risks associated with the use of such coins. The focus will largely revolve around illicit activities connected to the use of virtual currencies like drug trafficking and money laundering. The paper will then discuss legislative efforts in the EU, the US and worldwide, and will discuss the broader ramifications of using cryptocurrencies in our era.

History of Bitcoin

How were cryptocurrencies, and bitcoin in particular, created? This novel concept was first developed by an unidentified person or group under the alias Satoshi Nakamoto. The open source of the design gave rise to several competing cryptocurrencies, and the experimentation for further ones.[11]

In particular, on Halloween of 2008 an entity under the name Satoshi Nakamoto distributed a white paper on the website “mezdowd.com”. The true identity of Satoshi is unknown, however indications exist that Satoshi is not a single individual and the group is probably of western descent. The paper “Bitcoin: A Peer to Peer Electronic Cash System” described a system along with its underlying technology, the blockchain database. The paper discussed peer-to-peer transactions without the need for a third party trust agent and coined the idea of a new trust system entirely decentralized and independent of third parties. Despite its unknown identity, Nakamoto was nominated in 2015 for the Nobel prize in economic sciences for its contribution to the modern economy through the introduction of cryptocurrencies.

In January 2009, the first reference implementation of bitcoin was released by Nakamoto as an online monetary system and the reference code contained the first units of cryptocurrency. Bitcoin is unique in its design in that its supply is finite since there will only ever be 21 million bitcoins and at present 16.3 million have already been mined and are being traded. The last bitcoin is scheduled to be mined in 2140, after which point no new bitcoins can be mined. As of January 2018, Nakamoto owns $16.5 billion in bitcoins[12] whereas about 1,000 individuals own 40% of total bitcoin of circulation.[13]

In the beginning of its trading history, Bitcoin was worth just a few cents.[14] Users would mine bitcoins through devoting their computer’s horsepower to solve riddles that validated transactions in the blockchain community.[15] In a few years’ time the Bitcoin’s value exploded, surpassing that of an ounce of gold, and reaching as high as $17,550 for one bitcoin.[16] It has always experienced significant volatility, as every cryptocurrency, since a loss or gain of 10% of its total value is considered rather typical in a trading day. This extreme volatility makes bitcoin, and every cryptocurrency, a very risky investment which can yield an extremely high profit in equal chances as it can evaporate one’s capital. At the time of writing of this paper,[17] the bitcoin was trading for a bit more than $4,100 (about EUR 3,625) each.[18]

Bitcoin therefore rose from obscurity to mainstream recognition in 2017. Until then, the concept of owning and trading bitcoins was seen as rather unorthodox. In the early years of its creation, virtually no vendor would accept it as a tender. The first ever purchase to be made with bitcoins was on 22 May 2010,[19] when an individual paid 10,000 bitcoins for a pizza.[20] Nowadays, one can buy a wide range of goods and services with bitcoins, including coffee from Starbucks, a Tesla car, or your tuition fees.[21]

Bitcoin has often been targeted with negative comments. Earlier in 2017, the Chief Executive Officer of JP Morgan, the largest US bank, said that Bitcoin is a fraud, “appealing only to murderers and drug dealers”, and that he would fire any employee who traded the digital currency for “being stupid”.[22] Ironically enough however, after Bitcoin prices fell JP Morgan purchased Bitcoin exchange-traded notes.[23] Such behavior is normal since banks are ultimately service businesses.

But what are the risks associated with the bidirectional currencies, like the bitcoin, that are extremely volatile to the exchange rates? First, these currencies can be used for money laundering and terrorist financing activities due to the relevant anonymity and speed of these transfers.[24] Second, the European Central Bank (ECB) has warned that virtual currencies would have an effect on price stability and monetary policy if virtual currencies would substantially modify the quantity of money, and interact with physical world economy.  Third, there is a risk to payment systems’ stability, where it is remarked that virtual currency payment systems could face the same risks as classic payment systems, but are not subjected to the same regulatory oversight. Also, bitcoins can be traced through a private key, without which the funds are lost forever and no one can ever use them which leads to further instability.[25] Finally, the reputation of central banks could be damaged through negative evolutions in virtual currencies, if their use would grow significantly.

As a result of the above, bitcoin has “enjoyed” a reputation as a tool of criminal activity from its inception, as the transaction of choice for drug dealers and extortionists (Bloomberg, 2017, p. 1). Its almost anonymous digital transactions make it as easy as cash but far more lightweight to move. It is indicative that the majority of ransomware is usually paid in Bitcoins due to its close to anonymous nature.[26] Initial Coin Offerings (ICOs) are also used to raise money for investment in new initiatives that are subject to money laundering. While Initial Public Offerings (IPOs) are required to register and are known entities, investments in ICOs are not regulated. This makes it rather easy to launder illegal sources for investment capital.

Cryptocurrencies have therefore shown their use as a payment alternative for those engaged in drug trafficking and money laundering, the most prominent example being the Silk Road case. In particular, the Silk Road marketplace facilitated the sale of illegal drugs, stolen personal data, firearms, and provisions of illegal services. By the time it was taken down, it is estimated that the site facilitated the sale of illegal products and services totaling 9.5 billion bitcoins.[27] There have been approximately 200,000 to 400,000 websites on the dark web and estimated that 90% of the sites host illegal activity.[28]

A Primer on Blockchain

Traditional currencies are based on banks and governments to establish their credibility on the stability of the government and said government’s financial policy. For Bitcoin, such ability is derived through its underlying technology: the blockchain. In essence, blockchain is a chain (i.e. a public database) of blocks (i.e. digital information). The technology allows to verify transactions between users without the need of a third party.[29] It creates stability and offers almost complete anonymity to its users. Every time a new transaction is to be authorized, every node connected in the network validates said transaction. A block is then created and added to the chain (ergo “blockchain”), which forms part of the public ledger.[30] The public ledger can be compared to the ancient Athens marble stones where everyone could see the exact designated expenses, for the sake of transparency.

Blockchain provides significant security since the only way to tamper with a transaction is to hack every single computer connected in this decentralized network. The security and robustness of Blockchain’s architecture is what makes it attractive to financial institutions that try to benefit from its sophisticated nature. Many other sectors have also expressed an interest in blockchain technology (e.g. academic institutions to validate degrees and educational certificates, hospitals to validate medical record, individuals who want to enter into smart contracts, governments to validate property records or passports etc.). Therefore, Bitcoin and blockchain are not synonymous as there can be many different implementations of blockchain as a trust system and the Bitcoin implementation of blockchain is and will be different than others. In essence, Bitcoin is just an application that resides on top of a technological infrastructure, which is blockchain.

2. Cryptocurrencies And Illicit Activities

The security and anonymity offered by cryptocurrency transactions sometimes gives rise to illicit activities, including the sale of illegal goods, drugs, and weapons; assassinations; Ponzi schemes; money laundering; unlawful gambling; and identity theft. Illicit activities come in many forms and businesses can practice in more than one illicit transaction at the same time. Basically, cryptocurrency has enabled criminals to conduct traditional illicit crimes through an almost anonymous payment system, which helps to hide their activities from regulators.

Before further discussing the issue of cryptocurrency anonymity, and how this is used for illicit activities, we want to discuss the concept of anonymity per se, and in particular anonymity as privacy and anonymity as a hidden identity. Anonymity as privacy relates mostly to customers who are concerned about potential intrusions in their personal life through institutions gathering lots of information for them. In response to these fears they tend to use cryptographic tools or other anonymizers so that they can browse the web and conduct purchases in an anonymized way. Anonymity as hidden identity relates mostly to criminals who require anonymity to conceal their real identity and avoid being tracked by the authorities.[31] Since no transaction can be absolutely anonymous, but rather very difficult to trace, criminals that use cryptocurrencies risk that their transactions are linked with each other.

We will review below certain illicit activities where cryptocurrencies are commonly used as a facilitator. Even though the examples below refer to every cryptocurrency, bitcoin is currently the preferred denominator.

Money Laundering

Bitcoins are infamously used to launder money acquired through illicit activities due to the lack of “Know Your Client” (KYC) measures that traditional banking institutions implement. Unlicensed entities do not typically require any such data collection for reporting requirements.

Indicative of this popularity, a selling exchange for bitcoins called “Local Bitcoins” allows buying or selling bitcoins using cash. The transaction fee on these platforms averages 10-15%, which is significantly higher to the 1-2% for licensed bitcoin exchangers. In essence, the transaction fee allows individuals with quantities of illicit cash to anonymously convert the cash into bitcoins. Once the transaction is confirmed in the blockchain, the seller receives the currency. No KYC information is typically required for this type of transactions. The buyer can then successfully accomplish the placement phase of money laundering and introduce “clean” cash into the financial system.[32]

Bitcoin ATMs are another way to launder money since they allow bitcoins to be purchased with cash or gift cards. Said ATMs either collect minimal KYC information, that remains unverified, or no information at all. The first bitcoin ATM was introduced in 2014. As of November 2018, there are approximately 4,500 active ATMs in more than 70 countries around the world.[33] These ATMs charge a commission fee of 10-15% and sometimes are as simple to transact as inserting your phone number. While other ATMs require an identification, the information provided is rarely verified, which defeats the point of KYC in the first place.

To make things even easier for aspirational money launderers, bitcoin tumbling services can conceal the true source and destination of bitcoin transfers by dividing the transfer into smaller payments transacted at the same time. Tumblers, also named mixers or laundry services, obfuscate bitcoin transactions between parties to make them less identifiable by law enforcement and other users on the network. Since the blockchain contains bitcoin transactions, users desire to mask their transmissions of bitcoins through tumblers to facilitate money laundering. Tumblers take multiple transactions and join them together for disbursement to payees through multiple senders.[34] New cryptocurrencies, like Monero, have built-in tumbling services which increases the anonymity they offer to their users.

Finally, property exchanges work through intermediaries who purchase items on popular websites (e.g. Amazon). The customer creates a wishlist and then the user lists these items on the Purse marketplace. Customers receive the goods and pay similarly a 10-15% commission fee, as above. Neither Purse nor Amazon conducts KYC or AML programs, which similarly enhances the anonymity of the marketplaces.

A few well-known money laundering cases include the Bitcoin exchange “OKCoin” with hundreds of thousands of US dollars laundered[35] as well as the case of “BitInstant”,[36] where an estimated sum of more than $1,000,000 was laundered for Silk Road market customers. Moreover, cryptocurrencies have advanced the operations of various malware families such as ransomware, with CryptoLocker and CryptoWall receiving 133,045.9961 BTC and 87,897.8510 BTC,[37] respectively; cryptojacking, with JenkinsMiner[38] earning its operator over $3,000,000 worth of Monero; and crypto-stealing Trojans, such as CryptoShuffler,[39] which stole hundreds of thousands of US dollars by targeting the contents of volatile memory.[40]

Cryptomarkets and Drug Trafficking

A cryptomarket is usually defined as a marketplace that hosts multiple sellers or vendors, provides participants with anonymity via its location on the hidden (or dark) web and the use of cryptocurrencies for payment. It also aggregates and displays customer feedback ratings and comments, whereas participation in cryptomarkets requires a certain level of technical competence.

Cryptomarkets are designed in a way that allows the trafficking of illicit products, predominantly drugs.[41] In fact, a recent study demonstrated that almost 57% of all products and services offered on cryptomarkets relate to drugs.[42] This type of illicit substance trafficking rose to prominence with the creation of the Silk Road in 2011. In web interface and usability, the Silk Road very much resembled engines like the ebay and Amazon, based on peer to peer technologies related to encryption processes. In contrast to these popular search engines, Silk Road is part of the darknet.[43] Access to it necessitates a specific communication protocol, such as an onion routing used to hide a computer’s IP address. These cryptomarkets then facilitate the online trafficking of illicit goods through encrypted communications and financial transactions using cryptocurrencies (e.g. bitcoins).

The original Silk Road was launched in 2011 and was shut down by the US Federal Bureau of Investigation (FBI) in 2013. It was considered to provide a high level of security and anonymity, evidenced by the fact that out of hundreds of thousands of participants, only a small fraction was arrested following the take down of the cryptomarket. The website’s creator, the American Ross Ulbricht, was sentenced to life imprisonment without parole for a number of charges, including money laundering. Consequently, Silk Road 2.0 was taken down in 2014 following an international operation by police agencies from 17 different countries. Silk Road 3.0 opened again in mid-2016 revealing the longer-term limit to international police crackdowns. Apart from other factors, the limited experience of law enforcement officials also contributed to a less effective prosecution of the cryptomarket vendors.

In essence, cryptomarkets provide a new distribution channel for illegal substances for which the costs and benefits are still unknown. These new platforms allow for reputation building for vendors who provide illicit products, and provide a relatively seamless experience since users avoid face to face interaction, which consequently reduces the chance for violent incidents. These benefits of using these platforms make them an attractive option for users looking to purchase illegal goods.

Extortion, Attacks and Terrorism Financing

Extortion schemes have increased as a result of cryptocurrencies’ anonymity. It is desirable for those penetrating extortion due to its relevant anonymity and non-oversight by a central regulator. These crimes are being funded through anonymous payments in cryptocurrency where no physical or electronically traceable handoff occurs. The schemes include traditional extortion such as kidnapping and blackmail to higher tech schemes including malware, ransomware, and DDoS attacks.[44] Another common scheme is to insert malware on a subject’s servers that encrypts their data until a ransom is paid. Similarly, hackers can exploit a weakness in the individual’s technology until a ransom is paid, or even take control of the distribution of an individual’s funds. Another method whereby blockchain is exploited is by injecting arbitrary encoded data chunks (e.g. pictures) in non-standard Bitcoin transactions to infiltrate child exploitation material, then asking for ransomware.

For instance, in November 2015 three Greek banks were reportedly threatened with dire consequences by a group of cybercriminals called the Armada Collective unless they paid 'hundreds of thousands of Euros' in Bitcoin (they asked for 20,000 bitcoin from each bank[45] and, in November 2015, the hackers of the mobile telephone provider TalkTalk sought to extort £80,000, also in Bitcoin, in return for not publishing the company's hacked customer data.[46] These are just a few recent examples of a growing catalogue of criminal activity in which Bitcoin has been nominated as the preferred method of payment.

Also, cryptocurrencies have been used to sponsor nation-state attacks since a number of countries around the world are affected by the existence of contemporary hybrid- war strategies.

Finally, terrorism financing is a connected point to extortions, ransomware and nation-state cyber attacks. Often, the ransomware itself is destined to finance terrorism activities, whereas in other instances terrorist groups communicate via the dark web and exchange funds through bitcoins.

Ponzi Schemes/ Pump and Dump

Cryptocurrency is volatile and it fluctuates in a similar way as the stock market- which is sometimes referred to as “pump and dump”. A cryptocurrency Ponzi scheme works exactly like a traditional Ponzi scheme. A falsely inflated rate of return is used to draw in investors- this is because the more money that is invested earlier in the scam allows the scammers to continue to pay off their victims for longer before folding and disappearing. The longer period of operation creates a false sense of solvency for future investment, which subsequently attracts more investors.

Initial Coin Offerings are also used for exit scams since the unregulated environment allows criminals to persuade their victims to buy large numbers of fake coins, subsequently disappearing with millions of dollars. Criminal may also use cryptocurrencies as a high yield investment or a Ponzi scheme.[47]

3. US & International Initiatives

US Laws and Case Law

The US Financial Crimes Enforcement Network defines fiat or real currency “coin or paper money of the United States or foreign country that “[i] is designated as legal tender and that [ii] circulates and [iii] is customarily used and accepted as a medium of exchange in the country of issuance.”[48] Unlike fiat currency, virtual currency is defined by the Financial Action Task Force as “medium of exchange; and/or (2) a unit of account; and/or (3) a store of value, but does not have legal tender status (i.e., when tendered to a creditor, is a valid and legal offer of payment) in any jurisdiction.”[49] Even though virtual currency does not have legal tender status, it is still considered a medium of exchange.

A number of regulations were introduced in the late 20^th century in the US to deal with money laundering schemes that became increasingly popular. An example is the Bank Secrecy Act passed by the congress in 1970, requiring banks to report any transactions above $10,000. The IRS and the Customs Service also had to initiate task forces to enforce and discover this kind of money laundering. In 1986, the Money Laundering Control Act was enacted, empowering banks to supply data to the government about transactions.

However, the initial intent of anti-money laundering statutes and regulations did not also include digital currencies. Rather, the intent was to mitigate the infusion of illicit currency into the economy and prosecute criminals attempting to launder criminal proceeds. Prosecutors and investigators attempt to adapt current laws, regulations, and policies to the medium of digital currency. As a result, existing US laws and regulations have been aggressive in prosecuting money laundering and are at the center of global AML efforts. For instance, the American Department of Justice invoked the Money Laundering Control Act of 1986 in prosecuting Bitinstant CEO Charlie Shrem, who pled guilty to aiding and abetting unlicensed money transmission. No explicit legislative initiative in the US deals with cryptocurrencies, however its notion and use has largely developed through case law.

Also, efforts to apply laws on an extraterritorial basis have revolved around initiatives like the Foreign Corrupt Practices Act (FCPA). In May 2013 the US Department of Homeland Security issued a seizure warrant to the American-based firm undertaking transfers for the Tokyo-based cryptocurrency exchange, which complied and received a money business service license months before filing for bankruptcy protection. However, extra-territorial jurisdiction has not otherwise been widely implemented in cryptocurrencies to date.

U.S. v. Ulbricht

Among the several cases where bitcoins were used for money laundering, United States v. Ulbricht is the most notorious; Mr. Ulbricht was the creator of Silk Road, a “billion-dollar online market that facilitated the illegal purchase of drugs, firearms and more”. Mr. Ulbricht tried to argue that since bitcoins are treated as “property” and not as “currency”,[50] he could not have engaged in money laundering at all since the transactions were not “financial transactions”.[51] The Court however held that “the money laundering statute is broad enough to encompass the use of bitcoins in financial transactions and that any other reading would be nonsensical”.[52] The district court judgment allowed the FBI to uncover almost one million Silk Road users, whereas the judgment was reaffirmed by the Court of Appeal in May 2017. It conveyed a simple yet clear message- if bitcoins are laundered and used to fuel criminal activities, the law enforcement authorities will need to act.

The US government has since been pursuing similar cases, including the IRS summons against John Doe in November 2016, seeking information on all Coinbase users with a US address, telephone number or e-mail domain.[53]

U.S. v. Faiella

The case of US v. Faiella (2014) served to answer the substantive question of what is a bitcoin (i.e. currency v. property). The Southern District of New York prosecuted Mr. Faiella for a violation of 18 USC para. 1960, alleging that he facilitated money laundering operation though the use of bitcoins on the Silk Road marketplace.

In his defense, Faiella invoked three main grounds: (i) bitcoins are not money; (ii) operating a bitcoin exchange does not facilitate transmitting money as per 18 USC par. 1960; and consequently he was not a money transmitter. However, Judge J. Rakoff ruled that bitcoin qualifies as money since it can be easily purchased in exchange for ordinary currency, acts as a denominator of value, and is used to conduct financial transactions.[54] This ruling gave the first definition of bitcoin in Federal Case Law.

Faiella was convicted of operating an unlicensed money service business (exchanging business in the darkweb). He was offered a plea to the charge and the additional charge of conspiracy to commit money laundering was dropped. Faiella was convicted to four years of imprisonment and he was ordered to pay a fine of $950,000 for his offences.

U.S. v. Murgio.

In September 2016, an Order was filed in the US District Court of New York in the case of US v. Murgio. The charges related to 18 USC par. 1960 and 18 USC par. 1956, in addition to other charges for operating a bitcoin money laundering operation. The charges against Murgio alleged the opening of an unlicensed bitcoin exchange under the name Coin.mx and thereafter facilitating money exchanges related to known criminals and money laundering activities. Murgio was also allegedly exchanging bitcoins into cash for known cyber criminals (US v. Murgio, 2016).

Murgio disputed the charges through the argument that bitcoins are not funds as prescribed in the statute and the charges are non-material. The Judge Allison Nathan denied the motion based on three main premises: The first pertained to language within 18 USC defining money transmitting “…to include transferring funds on behalf of the public by any way and all means…”.[55] The key terms are funds in the agreement, practically referring to “available pecuniary resources”.[56]

The Judge further defined pecuniary as “taking the form or consisting of money”.[57] Judge Nathan also stated that money is defined as “…something generally accepted as a medium of exchange…”.[58] Judge Nathan also reiterated the argument in the US v. Faiella case, that Bitcoins qualify as money under federal law.

The last argument addressed was about prior guidance and rulings regarding FinCEN, IRS, and the CFTC. Each of these agencies gave different perspectives regarding bitcoins and digital currency; however, the court rejected the context of prior rulings. The final ruling stated bitcoins fit the definition of funds, the definition of money, and 18 USC 1960 applied to bitcoin cases. Finally, the court rejected the argument that funds should be more narrowly defined as currency.

Notwithstanding the rulings in US v. Faiella and US v. Murgio, bitcoin has not been formally identified as money or currency by US legislators or regulators. Bitcoin needs a specific legal classification for regulation and enforcement purposes and specific mandates are needed to eliminate future confusion concerning the status of bitcoin (digital currencies) as being a currency, commodity, or security.

International Efforts

Beyond the US, various efforts have tried to mitigate the illicit uses of cryptocurrencies. ‘Altcoins’ are banned in several countries, including Bangladesh, Bolivia and Ecuador, while their legal status has remained questionable in others such as Russia and Thailand. Also, in 2013 and 2014 the People’s Bank of China and State Bank of Vietnam issued laws banning financial services firms and their employees from handling and conducting transactions in cryptocurrencies. The Central Bank of Iceland argued that the purchase of cryptocurrencies is in violation of the country’s Foreign Exchange Act. The central bank of Indonesia also declared that Bitcoin and other virtual currency are not currency or legal payment.

On the other side of the coin, New York State and other jurisdictions have attempted to establish themselves as legitimate centers of cryptocurrency activity. Singapore has required virtual currency exchanges to verify customer identities and report suspicious transactions through its office. The English Channel Island of Alderney has set up a cluster of AML-compliant cryptocurrency services, in an attempt to be the global hub of cryptocurrency activity, as did the Isle of Man.

The United Nations Office on Drugs and Crime (UNODC) also issued a detailed manual in 2014 for detecting and seizing cryptocurrencies associated with money laundering activity. Along with the Organization for Security and Cooperation in Europe (OSCE) it has been training officials to investigate money laundering through cryptocurrencies. In a similar vein, Interpol and Europol have established a joint partnership coordinating police activities against the abuse of virtual currencies for criminal transactions and money laundering. In fact, Europol recently warned that approximately 3-4% in illicit proceeds in Europe are laundered via cryptocurrencies, and that this proportion is going up quite quickly.

The Paris-based Financial Action Task Force (FATF)[59] is an intergovernmental organization officially comprised of thirty-five member states and two regional organizations. Including the associate and observer members, and the relevant regional bodies, approximately 170 countries are linked to the FATF, making it the epicenter of the global AML efforts. It was founded in 1989 and has published more than 40 recommendations, creating key global standards to advance a common AML approach. Its guidelines are non-binding and risk-based, providing national regulators significant discretion as to how to implement measures related to money laundering.

The FATF guidelines have also been applied to cryptocurrencies. At first, a 2013 report assessed Internet-based payment systems in general terms whereas a following report acknowledged the legitimate potential of cryptocurrencies and their technical complexity that involves several jurisdictions. A 2015 report further set out recommendations to help market actors identify and act on money laundering threats posed by cryptocurrencies.

The FATF guidelines revolve around information sharing between authorities across borders, and due diligence procedures as well as effective, proportionate and dissuasive sanctions (criminal, civil or administrative). The FATF urges national authorities to recognize how complete bans on cryptocurrencies might further exasperate regulatory arbitrage and cross-border divergences as key nodes between the financial authorities.

Despite the numerous recommendations, the effectiveness of FATF is often disputed since commentators have heavily criticized its weak and largely symbolic contribution that boils down to a “theater of security” instead of actually deterring money laundering through cryptocurrencies.

FATF has also made suggestions on how to regulate the transactions of virtual currencies, known as the FAFT Forty Recommendations. These state that any country taking part in money transfers should have in place measures that prove the legal person providing the money transfer service is licensed and regulated so that they are subject to compliance and monitoring.

4. EU Legal Framework

The European Union (EU) has drafted a number of legislative initiatives in the past years that relate to financial services and the fight against money laundering. In this section, we will discuss how the Payment Services Directive (1) and (2), the e-money Directive (1and 2), and the 4^th and 5^th Anti-Money Laundering Directives can be used, or not, for the regulation of cryptocurrencies and their illicit uses.

Payment Services Directive (1)

In 2007, the EU adopted a legal framework on payment services, known as the First Payment Services Directive (PSD). The directive restricts access to the market of payment services, but certain provisions are designed to waive or limit certain requirements for small market players. The First PSD primarily regulated service providers, and not their actual services, and therefore arguably cannot apply to virtual currencies. Moreover, the consensus in literature is that the directive does not leave room to include virtual currencies at large, and cryptocurrencies in particular.[60]

Application to virtual currency service providers would only be possible to the extent virtual currency services can be qualified as payment services under the directive’s scope. This is problematic since payment services under the directive are understood to revolve around the notion of funds, defined as “banknotes and coins, scriptural money and electronic money as defined in Article 1(3)(b) of Directive 2000/46/EC”. Even if we were to argue that privately issued currencies can fall under the scope of that definition, virtual currencies are typically not denominated in EURO or another currency recognized as legal tender, and therefore the substantive part of the Directive (Titles III and IV) would not apply. This means that even if virtual currency services are considered as payment services under the PSD, only a very limited set of provisions of the Directive would apply.

Perhaps an interesting exception, the French banking supervisor (Autorité de contrôle prudentiel et de resolution (ACPR)) has argued that cryptocurrency exchanges involve receipt of funds, in the strict sense of banknotes, coins, money or e-money, in exchange of cryptocurrency, which in turns leads to a payment service.[61] This approach however does not appear to have gained widespread popularity outside the France.[62]

Payment Services Directive 2

The Second Payment Services Directive does not substantially change things in that it is ultimately up to the Member States to interpret the relevant provisions of their directive and depending on their local sensitivities decide on the implementation.[63] Interestingly, in its proposal for amendments to the Fourth Anti-Money Laundering Directive, the European Commission (“Commission”) explicitly states that it did not want to bring virtual currency exchange platforms under the scope of the Second Payment Services Directive, as this would “submit them to broader consumer protection rules, licensing requirements and safeguarding requirements”.[64]

The fear behind this position was that it would legitimize virtual currencies and “drive consumers to believe VC are safe and sound products”.[65] As a result, third party cryptocurrency service providers are not, ab initio, covered by the EU legal framework on payment services. This was confirmed in the European Central Banks’s 2012 opinion on virtual currencies. Further, the European Banking Authority has noted that the Second Payment Services Directive is not suitable to address the specific risks posed by virtual currencies at large, and the technical risks posed by cryptocurrencies in particular.[66]

As a final remark, both Payment Services Directives include large sets of scope exemptions, meaning there are several cases where services are excluded from their scope, including relevant exemptions for virtual currency service providers. Some authors have suggested that cryptocurrencies could benefit from the limited networks scope exemption, however this is defined in a very narrow way under the Second Payment Services Directive, and would practically appear impossible. The money exchange exemption also does not appear to be appropriate since it targets physical exchanges, whereas cryptocurrency exchanges by nature appear online and require the use of an account. The added value exemption would, due to the Second Payment Services Directive’s narrowing down its scope to electronic communications providers, would also not be applicable to these service providers.

E-money Directive (1 and 2)

The last decade of the 20^th century saw the rise of multi-purpose stored-value cards.[67] The European Monetary Institute (the ECB’s predecessor) was concerned that this technology had the potential to disrupt the traditional finance institutions, which resulted in the adoption of the first E-money directive in 2000[68] that tried to regulate the provision of electronic services and ensure that E-money would not be detrimental to the traditional system.[69]

The EU recently replaced the initial directive with a revised Second E-money Directive.[70] The legal framework is focused solely on issues of e-money, however the second e-money directive also relies on the first PSD for several provisions, including scope exemptions. If certain exemptions could prevent virtual currency service providers from falling under the scope of the Payment Services Directives, they would also prevent them from being subject to the Second E-money Directive.

Other restrictions aside, the E-money directive has a limited scope in itself: its primary notion is e-money, which is defined as “electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions”[71] and which is accepted by a natural or legal person other than the electronic money issuer.[72] This requires e-money to be issued on receipt of funds, essentially establishing it as prepaid goods. While some forms of virtual currencies could be established as prepaid tokens, the ECB’s recent opinion created a consensus that cryptocurrencies do not fall into such scope. These forms of virtual currencies are therefore not subject to the E-money directive, and other elements of the definition would also prove problematic, including virtual currency schemes.

The Second E-money Directive was supposed to be reviewed by late 2012, to coincide with the review of the First PSD, however to date this has not happened. The question therefore remains whether the scope of the definition will be more expanded once the update occurs. The initial regulatory intention was connected to multi-purpose stored-value cards; these are now not widely used, meaning that this legal framework needs to either be updated, or otherwise it will become totally obsolete.[73] The addition of network-based e-money in the definition is a progress, however it does not clarify questions including whether account-based transfers do or do not fall under the scope of e-money.[74]

The UK Financial Services Authority (FSA) considers deposits as involving the creation of a debtor-creditor relationship, whereas e-money involves the purchase of a means of payment, albeit the European Commission does not agree with this reasoning.[75] With the development of payment services, and the diminishing differences with electronic payment transactions, it is interesting to see whether these two legal frameworks will merge or whether the e-money directive will expand to include cryptocurrencies in its scope. Several authors contend that the expansion of this framework toward virtual currencies could be the way forward.

On a last note, some virtual currency service providers voluntarily register as payment service providers.[76] There are a number of reasons for service providers to pursue this voluntary registration; by submitting themselves to a current legal framework, they could benefit from a transitional regime if new regulation would be adopted. [77] Another reason service providers use voluntary licensing is to foster user trust through regulatory oversight to which they will be submitted. Finally, this license could also serve as a marketing tool to offer a competitive advantage over unregulated market players.

Anti-money Laundering Directive (4th)

The Fourth Anti-Money Laundering Directive was adopted on 20 May 2015 as one of the initiatives which was has put into effect since the first related Directive in 1990 in order to prevent the misuse of the financial system for the purpose of money laundering. The main focus of the Directive relates to property derived from criminal activity, meaning “assets of any kind, whether corporeal or incorporeal, movable or immovable, tangible or intangible, and legal documents or instruments in any form including electronic or digital, evidencing title to or an interest in such assets”. This is a rather broad definition that could, in theory, include virtual currencies as incorporeal assets. The questions then becomes whether the entities providing virtual currencies exchanges, are to be considered credit or financial institutions.[78]

However, legal and natural persons, as well as financial institutions, are defined in a way that virtual currencies do not fall into their scope.[79] Interestingly, one of the services under the 4^th AML relate to “issuing and administering other means of payment (e.g. travellers’ cheques and bankers’ drafts)” insofar such is not a payment service. The legislative procedure that led up to the Fourth Anti-Money Laundering Directive signals that it was never the intention to explicitly include virtual currencies under the scope of this legal framework.[80] Neither does the final text mention anything about virtual currencies nor can we indirectly infer that anonymous e-money instruments refer to virtual currencies.

Member States could still bring the virtual currencies under the explicit scope of the domestic laws since a Directive is a minimum harmonizing initiative and allows Member States to further specify the scope and introduce stricter requirements and procedures. The UK government was an example that vouched for the inclusion of virtual currencies[81] but exercised caution at the same time not to deter investments in the growing FinTech industry, a fear also expressed by the Financial Conduct Authority that stressed the importance of allowing the new technologies to thrive.[82]

Anti-money Laundering Directive (5th)

In February 2016, the European Commission presented its Action Plan to strengthen the fight against terrorism financing. There, the Commission explicitly acknowledged that virtual currencies were not regulated at the level of the EU, including the anti-money laundering framework, and expressed its clear intent to bring virtual currency service providers under the scope of that legal framework.

The European Commission’s proposal to amend the Fourth Anti-Money Laundering Directive was consequently published in July 2016. In its proposal, which led to the 5th AML Directive, the Commission recognized the potential benefits of virtual currencies, and in particular the possibilities emanating from the blockchain technology related to cryptocurrencies. Submitting those cryptocurrencies to anti-money laundering rules would arguably impose strict requirements on the virtual currency service providers, however the Commission did not find that the proposal would have negative effects to the benefits and technological advances of these currencies. On the contrary, the Commission felt that the use of virtual currencies for criminal purposes could diminish their credibility, which would turn anonymity more a hindrance than an asset for virtual currencies and their potential benefits spreading.  The Commission tried to further limit the anonymity around virtual currency transactions through the use of National Financial Intelligence Units (FIUs) in being able to associate virtual currency addresses to the identity of the owner of virtual currencies.

The European Central Bank objected to the use of the notion of ‘currency’, when discussing the AML directive, in the fear that the notion would imply a reference to legal tender. The ECB therefore pushed that virtual currencies would be clearly distinguished from legal tender.[83]  The ECB further warned that if the discrimination was not clear, this could be perceived as lending legitimacy to virtual currencies, which would be rather unwarranted since not all of the associated risks were addressed, including their volatility and potential to disrupt price stability. Including some of the virtual currencies in the anti-money laundering legal framework, without complementing that with consumer protection or prudential safeguards, may give a false impression of full regulation to consumers. ECB posited that there is a need for an all-encompassing regulation that addresses all the challenges of virtual currencies and that adequately shields consumers.[84]

The 5^th Anti-Money Laundering Directive is the latest addition to the Commission’s AML efforts. It provides that obliged entities must apply customer due diligence requirements when entering into a business relationship, for instance identify and verify the identity of clients, monitor transactions and report suspicious transactions. This legislation has been constantly revised to mitigate risks relating to money laundering and terrorist financing.

The 5^th Anti-Money Laundering Directive (Amendments to the 4^th Anti-Money Laundering Directive) was published in the Official Journal of the European Union on 19 June 2018. The Member States must transpose the Directive by 10 January 2020.

Part of the amendment to the 4^th AML relates to the Panama Papers revelations. The 5^th AML in brief aims to:

• Increase transparency about the true owners of companies for the purpose of preventing money laundering and terrorist financing through opaque structures;
• Facilitate the work of Financial Intelligence Unites with better access to information through centralized bank account registers;
• Tackle terrorist financing risks linked to anonymous use of virtual currencies and/or prepaid instruments;
• Improve the cooperation and exchange of information between anti-money laundering supervisors with the European Central Bank;
• Broaden the criteria for assessing high-risk third countries and ensure a common, increased, level of safeguards for financial flows from said countries.

The 5^th AML marks the first time ever in EU legislation that directly targets the use of virtual currencies. The rules apply to entities which provide services and which are in charge of holding, storing and transferring virtual currencies, to persons who provide similar services to those provided by auditors, external accountants and tax advisors and who are already subject to the 4^th AML directive and to persons trading in works of art. Said actors will need to identify their customers and report any suspicious activity to the Financial Intelligence Units.

Certain provisions explicitly deal with aspects of virtual currencies. Specifically, recital 8 explains the rational of the Directive mentioning that, currently, providers engaged in exchange services between virtual currencies and fiat currencies (i.e. “coins and banknotes that are designated as legal tender and electronic money, of a country, accepted as a medium of exchange in the issuing country”) are under no Union obligation to identify suspicious activity, which in turn facilitates terrorist groups to transfer money into the Union financial system or within virtual currency networks. This legal gap, the Directive contends, makes it essential to extend its scope to also include virtual currencies,[85] fiat currencies and custodian wallet providers.[86]

Recital 9 also points to the misuse of the virtual currencies’ anonymity as a way to pursue criminal goals. The Directive recognizes that including providers engaged in exchange services between virtual currencies and fiat currencies and custodian wallet providers will not entirely address the issue of anonymity since a large part of the virtual currency environment will remain anonymous because users can also transact without such providers. The Directive actively puts National Financial Intelligence Units (FIUs) in the process, saying that they should be able to obtain information allowing them to associate virtual currency addresses to the identity of the owner of virtual currency.

The Directive makes an important distinction regarding the use of virtual currencies (Recital 10) and that they should not be confused with electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC of the European Parliament and of the Council, nor with the larger concept of ‘funds’ as defined in point (25) of Article 4 of Directive (EU) 2015/2366 of the European Parliament and of the Council, nor with monetary value stored on instruments exempted under points (k) and (l) of Article 3 of Directive (EU) 2015/2366, nor with in-game currencies that can be used exclusively within a specific game environment. The Directive recognizes that virtual currencies can frequently be used as a means of payment, but they could further be used for other purposes and broader applications such as means of exchange, investment, store-of-value products or use in online casinos. The Directive adopts an all-encompassing approach and attempts to cover all the potential uses of virtual currencies.

Finally, the 5^th AML has consequences for the users of virtual currencies- the amendments touch on the core of what users tend to consider a major benefit, which is anonymity. Given how most users acquire cryptocurrencies through exchange platforms, or use the services of custodian wallet providers in their payments, they will now be required to verify their identity toward those service providers. This would arguably limit the risk posed to users by that anonymity.[87] Creating a central database that includes all the users of cryptocurrencies would further inhibit users from using this new technology.

5. Conclusion

Cryptocurrencies have largely changed the way we perceive the global economy, the value of money, anonymity and privacy online, and online services altogether. They are a novel concept and we are still trying to comprehend how it works and how it can be used on a daily basis. The etheric nature of online currencies makes it even more difficult to effectively regulate them, since in essence we need to regulate something that we do not fully understand, and which is a work in progress. While their uses can be wide, and blockchain can also be used in a number of sectors, cryptocurrencies can also be misused. They are an infant notion that can be easily manipulated while its increased privacy-by-design can backfire and feed in a number of illicit activities ranging from market manipulation to drug trafficking and terrorism financing.

At the same time, regulation needs to be thoughtful and laws need to be carefully crafted, or else they are nothing more than a Pandora’s box. Placing cryptocurrencies under the aegis of law comes with a great opportunity, which is that we can determine the basic rules of the game. However,  this also comes with a non-eliminable risk: citizens will perceive that since cryptocurrencies are regulated, and even though this regulation may be partial and limited in scope, they are now safe to use and handle payments with. How much regulation is good enough for cryptocurrencies is therefore the million dollar question, since regulating something so perplexed may create the misconception of security to consumers.

When all is said and done, the next years will determine whether cryptocurrencies will evolve into a mainstream payment tool that can also be used for investments, or whether they will end up being associated with illicit activities and fraudulent schemes. Either way, they are currently enjoying the middle status of uncertainty; their future could eventually grant them the desirability found in a Monet painting, or could equally annihilate the demand for them and effectively turn them into firewood.

NOTES
[1] Stratiev, O., 2018. Cryptocurrency and Blockchain, How to Regulate Something We Do Not Understand, Banking & Finance Law Review, 33(2): 173-212
[2] Pseudonymity, instead of anonymity, was evidenced after the shutdown of Silk Road and the numerous arrests that followed. The users of the online community realized that while there is increased anonymity, cryptocurrencies were not impossible to track. As a result, many people created add on programs to increase anonymity in their crypto-currency transactions. Users have ever since used anonymizers that have made all transactions very difficult to trace, albeit again not impossible.
[3] Cian, H., Li, Z., 2016. The Role Decentralised Non-Regulated Virtual Currencies Play in Facilitating Unlawful Financial Transactions.
[4] Academic studies have also been able to create user profiles based on collected transactions records and other public data in the ledger. Several digital currency organizations dispute associating the term anonymity with digital currency, and instead propose the term “pseudonymous”.
[5] Vandezandem N., 2017. Virtual currencies under EU anti-money laundering law, Computer Law & Security Report, 33(3)
[6] For example when you mine a bitcoin using the power of your personal computer. You can then exchange your bitcoin to buy other virtual currencies, e.g. Ethereum.
[7] For example when you pay Euros to purchase travel miles for your frequent flyer program. A legal tender (EUR) is then converted to a virtual currency (air miles) that you can use to purchase goods or services (e.g. redeem your miles for a business class upgrade) but you cannot convert them back to a legal tender (EUR).
[8] For example when you pay Euros to purchase a Bitcoin and you then sell the Bitcoin to purchase Euros at a later stage.
[9] E.g. World of Warcraft.
[10] E.g. An airline loyalty program where the miles earned were initially only redeemable for booking flights; the scope of such programs has largely expanded, including redemption in hotels, retail stores etc.
[11] The terminology used here follows that proposed by the European Central Bank. ECB, Virtual Currency Schemes (ECB 2012) 13–16.
[12] See: https://darkwebnews.com/bitcoin/14-interesting-facts-bitcoin/
[13] See: www.cryptocoinsnews.com/1-bitcoin-communicty-controls-99-bitcoin-wealth/
[14] For instance, on 11 October 2010 one bitcoin was worth $0.10.
[15] Bitcoin mining is the process of adding transaction records to Bitcoin's public ledger of past transactions or blockchain. This ledger of past transactions is called the block chain as it is a chain of blocks. The block chain serves to confirm transactions to the rest of the network as having taken place. Bitcoin nodes use the block chain to distinguish legitimate Bitcoin transactions from attempts to re-spend coins that have already been spent elsewhere. Bitcoin are mined in units called "blocks." When Bitcoin was first mined in 2009, mining one block would earn you 50 BTC. In 2012, this was halved to 25 BTC. In 2016, this was halved to the current level of 12.5 BTC. In 2020, the reward size will be halved again to 6.25 BTC. In the beginning of its inception, mining a bitcoin was relatively easy. At the moment, it is practically impossible to mine anything significant with non-specialized hardware (e.g. regular PCs). For example, it will take approximately 98 years to mine one block. This has led users to combine their forces and create joint ventures that attempt to mine bitcoins, consequently sharing the profits. Chinese mining pools have been particularly active in bitcoin mining, controlling approximately 80% of the overall bitcoin activity.
[16] On 11 December 2017.
[17] Last update 2 December 2018.
[18] The use of bitcoins has surpassed the daily transaction volume of PayPal and Western Union in terms of monetary value transfers. The turnover of bitcoins supports the notion that bitcoins are not a method of storing value, but merely a medium of exchange.
[19] Also celebrated as Bitcoin pizza day.
[20] In Bitcoin’s peak in 2017, these coins were worth $175 million.
[21] The University of Nicosia Cyprus was the first university to accept tuition fees paid in Bitcoins: https://digitalcurrency.unic.ac.cy/
[22] Levin B., 2017. ‘‘Boomer Dad Jamie Dimon Can’t Stop Trashing Bitcoin” Vanity Fair (October 13, 2017), online: <https://www.vanityfair.com/news/2017/10/jamie-dimonbitcoin-stupid>.
[23] Redman, J., 2017. ‘‘After the Boss Calls Bitcoin a ‘Fraud’ — JP Morgan Buys the Dip” Bitcoin News (September 16, 2017), online: <https://news.bitcoin.com/after-the-bosscalls-bitcoin-a-fraud-jp-morgan-buys-the-dip/>.
[24] That said, Bitcoin is still under development since its technology is limited to around 7 transactions per second, which is significantly less than the 2,000 per second a company like Visa carries out.
[25] At the moment, it is estimated that around 25% of all bitcoins have been forever lost.
[26] E.g. Wannacry
[27] The total value of which largely fluctuates.
[28] During the Silk Road investigation, network activity comprised 148,000 US users per day and 900,000 users per day worldwide. Current network activity amounts to about 363,000 US users per day and 2,000,000 users per day worldwide.
[29] When a block stores new data it is added to the blockchain. Blockchain, as its name suggests, consists of multiple blocks strung together. In order for a block to be added to the blockchain, however, four things must happen: 1. A transaction must occur (e.g. an individual makes an online purchase); 2. That transaction must be verified (the network of computers connected to blockchain checks that the transaction is valid, confirms the details and time of purchase, amount due and delivery details); 3. That transaction must be stored in a block (once the agreement is validated, the transaction’s dollar amount, the digital signature and the vendor’s digital signature are all stored in a block). The transaction then joins thousands of others that are also validated; 4. That block must be given a hash (a unique identifying code). Once hashed, the block can be added to the blockchain. When that new block is added to the blockchain, it becomes publicly available for anyone to view.
[30] Blockchain has also been defined as “An incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.”, in Don and Alex Tapscott, Blockchain Revolution (2016).
[31] For instance, fingerprints, CCTV footage, footprints and DNA may be used for the identification of the criminal.
[32] In practice fiat currency, when converted to bitcoins, or another digital currency, enables simple overseas transfers outside of formal banking institutions. Users within a criminal organization can repatriate criminal proceeds to other countries without fear of interdiction or detection by law enforcement. Conversely, currency can be converted to bitcoins in foreign jurisdictions with limited money laundering controls, then transmitted to receivers in the U.S. Moreover, foreign and domestic actors may utilize bitcoins for terrorist funding. Transactions in foreign jurisdictions may be outside the reach of law enforcement for investigative purposes in certain jurisdictions (FATF, 2015).
[33] According to Coin ATM Radar: https://coinatmradar.com/charts/growth/
[34] In this method, if person A was sending person B ten bitcoins, the bitcoins arrive from multiple senders. Person B may receive ten separate transfers, from multiple, completely different senders utilizing the tumbler, which equal ten bitcoins. In this manner, transaction masking occurs between the sender and receiver in the bitcoin exchange.
[35] Gautham, 2016. “Bitcoin Exchange OKCoin Fined in Money Laundering Case,” 15 Aug. 2016; https:// www.newsbtc.com/2016/08/15/china-okcoin-exchange-fined.
[36] Pagliery, J., 2014. “Bitcoin Exchange CEO Arrested for Money Laundering,” CNN Tech, 28 Jan. 2014; http:// money.cnn.com/2014/01/27/technology/security/bitcoin-arrest.
[37] Conti, M., Gangwal, A., and Ruj, S., 2018. “On the Economic Significance of Ransomware Campaigns: A Bitcoin Transactions Perspective,” arXiv: 1804.01341v4 [cs.CR], 27 Apr. 2018.
[38]“CryptoShuffler: Trojan Stole $140,000 in Bitcoin,” Kaspersky Lab Daily, 31 Oct. 2017; https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer /19976.
[39] Osena, M., 2018. “Cryptocurrency-Mining Malware: 2018’s New Menace?,” Trend Micro blog, 28 Feb. 2018; https://blog.trendmicro.com /trendlabs-security-intelligence /cryptocurrency-mining-malware -2018-new-menace.
[40] Matzutt, R.; Hiller, J.; Henze, M.; Ziegeldorf, J. H.; Müllmann, D.; Hohlfeld, O. and Wehrle, K., 2018. A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin. In Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC), Nieuwpoort, Curaçao, Springer, 2018
[41] Rhumorbarbe, D., Staehli, L., Broséus, J., Rossy, Q., Esseiva, P., 2016. Buying drugs on a Darknet market: A better deal? Studying the online illicit drug market through the analysis of digital, physical and chemical data. Forensic Sci. Int. 267, 173–182. https://doi.org/10.1016/j.forsciint.2016.08.032
[42] K. Kruithof, J. Aldridge, D. Décary Hétu, M. Sim, E. Dujso, S. Hoorens, 2016. Internetfacilitated Drugs Trade: An Analysis of the Size, Scope and the Role of the Netherlands, CA, Rand Corporation, Santa Monica. An extensive research in just one of the darknet search engines revealed more than 48,000 listings and around 2,700 vendors claiming to send illicit drug substances from 70 countries.
[43] An encrypted part of the Web.
[44] A DDoS attack occurs when extorters use multiple devices to overload and disable a subject’s ability to conduct legitimate business. The extorters demand a ransom and continue to keep the subject’s servers overwhelmed until the ransom is paid.
[45] Financial Times, 2015, Greek banks hit by bitcoin ransom demand, available at: https://www.ft.com/content/13f9f65c-978a-11e5-95c7-d47aa298f769
[46] Brown, S.T., 2016. Cryptocurrency and criminality: The Bitcoin opportunity, The Police Journal, Volume 89(4):327.
[47] Jacquez, T., 2016. Cryptocurrency the new money laundering problem for banking, law enforcement, and the legal system - ProQuest [WWW Document], URL https://search.proquest.com/docview/1868415314 (accessed 11.22.18).
[48] FinCEN, 2013, p. 1, available at: https://www.fincen.gov/sites/default/files/shared/FIN-2013-G001.pdf
[49] FATF, 2014, p. 3., available at: https://www.fatf-gafi.org/media/fatf/documents/reports/Virtual-currency-key-definitions-and-potential-aml-cft-risks.pdf
[50] According to the Internal Revenue Service (IRS) on March 21st 2014, notice 2014-14 defines virtual currency as property not money.
[51] Denial of Defense Motion: Opinion & Order, United States of America v. Ulbricht, Forrest, Doc. 14-cr-68 (S.D.N.T., July 9, 2014) at 48.
[52] United States v. Ulbricht, 2014 US Dist. LEXIS 93093 (S.D.N.T.) [Silk Road].
[53] See also Rob Wile, ‘‘CEO of Bitcoin Exchange Arrested” Business Insider (January 27, 2014), online: <http://www.businessinsider.com/report-ceo-of-major-bitcoin-exchange-arrested-2014-1>; Cadie Thompson, ‘‘CEO of Bitcoin exchange arrested” CNBC (January 27, 2014), online: <https://www.cnbc.com/2014/01/27/ceo-of-bitcoinexchange- arrested.html>.
[54] U.S. v. Faiella, 2015, p.2, para. 2.
[55] U.S. v. Murgio, 2016, p. 4, para. 2
[56] U.S. v. Murgio, 2016, p. 5, para. 4
[57] U.S. v Murgio, 2016, p. 5, para. 4
[58] U.S. v. Murgio, 2016, p. 5, para. 4
[59] Campbell-Verduyn, M., 2018. Bitcoin, crypto-coins, and global anti-money laundering governance, Crime Law and Social Change.
[60] Shcherbak, S., 2014.  ‘How should Bitcoin be regulated?’, European Journal of Legal Studies, 41:56–61.
[61] ACPR, ‘Position de l’ACPR relative aux opérations sur Bitcoins en France Position’ 2014-P-01. This position was earlier signalled at by the French national bank: Banque de France, ‘Les dangers liés au développement des monnaies virtuelles: l’exemple du bitcoin’ [2013] Focus 1, 5–6.
[62] De Vauplane, H., 2015. ‘La fascination autour du Bitcoin et des « monnaies virtuelles » : comment les définir?’ Alternatives Economiques.
[63] Directive 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/ 36/EU and Regulation (EU) No. 1093/2010, and repealing Directive 2007/64/EC [2015] OJ L337/35 (hereinafter: Second Payment Services Directive or PSD2).
[64] Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No. 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC [2015] OJ L141/73 (hereinafter: Fourth Anti-Money Laundering Directive or AMLD4).
[65] European Commission, ‘Impact assessment accompanying the document Proposal for a Directive of the European Parliament and the Council amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directive 2009/101/EC’ SWD(2016) 223 final, 30–31.
[66] European Banking Authority, ‘Opinion of the European Banking Authority on the EU Commission’s proposal to bring Virtual Currencies into the scope of Directive (EU) 2015/849 (4AMLD)’ (EBAOp- 2016-07 2016) 4–5.
[67] Jacobs, E., 2011. ‘Bitcoin: A Bit Too Far?’, Journal of Internet Banking and Commerce 1, 3.
[68] Directive 2000/46/EC of the European Parliament and of the Council of 18 September 2000 on the taking up, pursuit of and prudential supervision of the business of electronic money institutions [2000] OJ L275/39 (hereinafter: First E-money Directive or EMD1).
[69] Houben, R. 2015. ‘Bitcoin: there are two sides to every coin’ Tijdschrift voor Belgisch Handelsrecht 139, 156
[70] Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC [2009], OJ L267/7 (hereinafter: Second E-money Directive or EMD2).
[71] As defined in point 5 of Article 4 of Directive 2007/64/EC.
[72] Kubát, M. 2015. ‘Virtual currency bitcoin in the scope of money definition and store of value’, Procedia Economics and Finance 409, 411–412.
[73] Vardi, N., 2016. ‘Bit by Bit: Assessing the Legal Nature of Virtual Currencies’ in Gabriella Gimigliano (ed), Bitcoin and Mobile Payments: Constructing a European Union Framework (Macmillan Publishers 2016) 61.
[74] Guadamuz González, A., 2004. ‘PayPal: The legal status of C2C payment systems’, Computer Law & Security Review 293, 297.
[75] Financial Services Authority, ‘Implementation of the second Electronic Money Directive: supplement to HM Treasury’s consultation – Feedback on CP10/25 and part of CP10/24, and final rules’ (Policy Statement PS11/2) 73.
[76] For example in France the Paymium cryptocurrency exchange relies on HiPay, an e-money institution authorized in Belgium. Similar examples are seen in Luxembourg (SnapSwap that operates a mobile messenger payment service via blockchain technology licensed as an e-money institution) and the UK (Circle- a payments application provider that utilizes cryptocurrencies).
[77]Valcke, P., Vandezande, N., Van de Velde, N. 2015. ‘The Evolution of Third Party Payment Providers and Cryptocurrencies Under the EU’s Upcoming PSD2 and AMLD4’ (SWIFT Institute Working Paper 2015-001) 56–59.
[78] Künnapas, K., 2016. ‘From Bitcoin to Smart Contracts: Legal Revolution or Evolution from the Perspective of de lege ferenda?’ in Tanel Kerikmäe, Addi Rull (eds), The Future of Law and eTechnologies (Springer 2016) 119–120.
[79] Services included in Annex I to Directive 2013/36/EU.
[80] While the European Commission did acknowledge that virtual currency exchange platforms were not included under the directive, it did propose “to look again into virtual currencies”. Payment Systems Market Expert Group, ‘Minutes of the meeting of 28 April 2015’ (PSMEG/005/15) 3.
[81] HM Treasury, ‘Digital currencies: response to the call for information’ (HM Treasury 2015) < gov.uk/government/uploads/system/ uploads/attachment_data/file/414040/digital_currencies_response_to_call_for_information_final_changes.pdf>
[82] Woolard, K., 2016. ‘UK FinTech: Regulating for innovation’ (FinTech: Regulating for innovation event, London, February 2016) <www.fca.org.uk/news/uk-fintech-regulating-for-innovation>.
[83] In Greece the National Bank issued the report: “1/02/2014 - Ενημέρωση για τη χρήση εικονικών νομισμάτων, Με δεδομένο ότι τα εικονικά νομίσματα, όπως είναι για παράδειγμα το Bitcoin, εξακολουθούν να βρίσκονται στο προσκήνιο της δημοσιότητας και με γνώμονα την ενημέρωση του κοινού για τους κινδύνους που σχετίζονται με τη χρήση τους, συμπεριλαμβανομένου και αυτού της απώλειας χρημάτων, η Τράπεζα της Ελλάδος παραπέμπει στην πρόσφατη σχετική ανακοίνωση της Ευρωπαϊκής Αρχής Τραπεζών (EBA) με τίτλο: «Προειδοποίηση προς τους καταναλωτές για τα εικονικά νομίσματα».”
[84] ECB, Opinion of 12 October 2016 on a proposal for a directive of the European Parliament and of the Council amending Directive (EU) 2015/ 849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directive 2009/ 101/EC (ECB 2016) 3.
[85] The Directive defines “virtual currencies” as a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically.
[86] The Directive defines “custodian wallet provider” as an entity that provides services to safeguard private cryptographic keys on behalf of its customers, to hold, store and transfer virtual currencies.
[87] ECOLEF, 2013, ‘The Economic and Legal Effectiveness of Anti-Money Laundering and Combating Terrorist Financing Policy’ (European Commission) < www2.econ.uu.nl/users/unger/ecolef_files/ Final%20ECOLEF%20report%20(digital%20version).pdf>.