The recent implosion of the major cryptocurrency exchange FTX has reignited debates about how—and how heavily—to regulate cryptocurrencies. While the fallout for all those connected to FTX will likely linger, there are steps that policymakers and the industry can take now to build transparency and trust—thereby protecting consumers and avoiding a repeat of this disaster.
Everyone is still trying to figure out precisely what went wrong and why. But the revelations thus far are stunning. For starters, FTX was not only the world’s third-largest crypto exchange—which is a website where customers deposit, buy, and sell various sorts of tokens and derivative products—but it also had close ties to an affiliated trading firm run by FTX’s CEO called Alameda Research. To make matters more complicated, FTX had also minted a token of its own called FTT.
That overlap is where the trouble began. At some point this year, FTX CEO Sam Bankman-Fried allegedly transferred ten billion dollars in customer funds to Alameda Research to make up for trading losses incurred there. On November 6, FTX’s major competitor, another exchange called Binance, announced that it owned a large amount of FTT tokens and was going to sell them all, which could crash the price and imperil the balance sheet of FTX. Customers became spooked and began withdrawing their funds from FTX by the billions. Binance briefly floated a plan to swoop in and acquire FTX, but promptly abandoned that. Things went downhill from there: FTX froze withdrawals and most of FTX’s legal and compliance teams quit. Other serious allegations came to light, including that there may be a secret backdoor in FTX software that eluded auditors and led to some $1.7 billion going missing. The drama was heightened by the persona at the heart of it, Bankman-Fried, who was once considered a wunderkind of crypto, testified before Congress, and was an active political donor. He has been live-tweeting the entire episode (sometimes enigmatically) and continues giving detailed and disconcerting interviews. All told, thousands of FTX customers have billions in funds that they cannot withdraw, and the crisis has spread to other companies.
The fallout has been swift. In a single day, FTX filed for bankruptcy, Bankman-Fried formally resigned, and someone (potentially a hacker) absconded with over three hundred million dollars in assets. Federal officials at the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission, and Manhattan US Attorney’s Office are all reportedly investigating the matter. Congressional hearings are planned, and US Senator Elizabeth Warren, a leading Democrat on the banking committee, called for “stronger rules and stronger enforcement.” Commentators are suggesting that this is a death knell for crypto generally. Cryptocurrency proponents are reeling, and some partly blame regulators for failing to catch wind of irregularities earlier.
All of this litigation, investigation, and regulation will take several years to unfold. And it seems unlikely that Congress will pass a legislative fix anytime soon—particularly because a draft bill previously under consideration was supported by Bankman-Fried.
In the meantime, however, there are some steps that policymakers and industry can take to prevent a calamity like this from recurring.
First, financial regulators and industry leaders should move toward what is known as “proof of reserves,” meaning that large, centralized exchanges and custodians have to actually prove (and document) their assets and liabilities. In other words, they cannot baldly assert that they possess one billion dollars in customer funds while quietly using those funds to make other risky investments and loans. Already, a movement is afoot across the sector to adopt this measure voluntarily. Policymakers could strengthen it by encouraging periodic reporting, audit standards, and other guidelines to avoid gamesmanship (e.g., moving money around right before a report is due).
Second, the industry needs to step it up in terms of self-policing. In traditional finance, there are groups known as self-regulatory organizations that have the power to establish and enforce industry standards. No such body yet exists with respect to cryptocurrency, although several trade associations that have emerged in Washington are doing good work and might join forces on this. Recent crises also underscore why the sector needs to proactively blow the whistle on bad actors, not just advocate for favorable legislation.
Third, regulators should reaffirm—and where needed, clarify—that US regulations still apply to products and services that are regularly sold in the United States. Currently, some big, centralized cryptocurrency companies essentially argue that they are everywhere but nowhere. The CEO of the largest exchange, Binance, has repeatedly insisted that he has no headquarters whatsoever. It is hard to see how that position is legally sustainable for a centralized, for-profit entity—particularly now. Going forward, dizzying corporate structures and unsupported assertions about decentralization will not readily escape established principles about regulators’ jurisdiction. Already, we are likely to see agencies such as the SEC redouble their crypto enforcement activities. Existing federal laws might be adequate to pursue claims of outright fraud and extraordinary financial misconduct, and it is not yet clear that new legislation or new regulation would stem the root causes of FTX’s implosion.
In addition to the significant harms to customers, the sad irony of the FTX crisis is that some prominent cryptocurrency projects were born out of a true desire to avoid the excesses and errors of the 2008 financial collapse. Indeed, the first Bitcoin ever minted literally embedded a 2008 headline about the bailout of big banks. If the industry wants to preserve that vision, it must improve transparency, rebuild trust, and get its own house in order.
JP Schnapper-Casteras is a nonresident senior fellow at the Atlantic Council’s GeoEconomics Center and a practicing attorney.