The Breakdown - Ransomware Is The Next Big Bitcoin FUD
Episode Date: June 3, 2021Today on the Brief: China’s next digital yuan trial More Bitcoin ETF delays Standard Chartered to open crypto prime brokerage Our main discussion focuses on the rise of ransomware. NLW examine...s: The real reasons ransomware is on the rise The factors beyond crypto payments that contribute to ransomware Why some are using ransomware as justification for crypto bans Why crypto bans would be painfully ineffective at stopping ransomware Why the Biden Administration’s response to ransomware should give the crypto industry cause for optimism -- Earn up to 12% APY on Bitcoin, Ethereum, USD, EUR, GBP, Stablecoins & more. Get started at nexo.io -- Enjoying this content? SUBSCRIBE to the Podcast Apple: https://podcasts.apple.com/podcast/id1438693620?at=1000lSDb Spotify: https://open.spotify.com/show/538vuul1PuorUDwgkC8JWF?si=ddSvD-HST2e_E7wgxcjtfQ Google: https://podcasts.google.com/feed/aHR0cHM6Ly9ubHdjcnlwdG8ubGlic3luLmNvbS9yc3M= Follow on Twitter: NLW: https://twitter.com/nlw Breakdown: https://twitter.com/BreakdownNLW The Breakdown is produced and distributed by CoinDesk.com
Transcript
Discussion (0)
Welcome back to The Breakdown with me, NLW.
It's a daily podcast on macro, Bitcoin, and the big picture power shifts remaking our world.
The breakdown is sponsored by nexus.io and produced and distributed by CoinDesk.
What's going on, guys? It is Wednesday, June 2nd, and I'm not going to lie, it's a little bit slow out there.
Maybe it's everyone getting together down in Miami or just enjoying the nice weather, but either way, the news is a little few and far between.
I suppose after the last couple weeks I should be thankful.
But today what we're going to do is talk about a theme which I see rising, why I think
ransomware is the next big fud of this Bitcoin cycle.
But before we do that, let's do a quick brief.
First on the brief, China continues to live test their digital yuan.
Each trial, they increase the size and scope a little bit, and the forthcoming is no different.
Announced yesterday, the Beijing Local Financial Supervision and Administration Bureau
will be giving away 200,000 red envelopes, each containing 200 digital yuan to local citizens.
That's about $31 per resident for a total trial size of 40 million yuan or 6.3 million U.S.
To use it, residents have to download apps from the Bank of China or the Industrial and Commercial Bank of China.
This is the second trial in Beijing this year.
The first was 10 million yuan, so this quadruples the size.
In total, China has now conducted 10 digital yuan lottery campaigns across five cities,
going back to October of last year. A total of 230 million digital yuan, about 36 million U.S.
has been given away. Now, a month or so ago, we got reports from some Chinese citizens that
these early tests weren't particularly impressive, particularly in light of sophisticated mobile
money like AliPay and WeChat pay that they already use, so we'll have to wait and see if
things have changed. In the U.S. meanwhile, the discussion of digital dollars continues, albeit at
a relative snail's pace. Timothy Mossad, the former CFTC chairman whose Bloomberg article on the Stable
act I discussed yesterday, came on CoinDesk TV and said that a digital dollar should be actively
explored. He said that any digital dollar should maintain users' privacy because, quote,
were not China, and also suggested something that sounded a lot like my conversation with
Jeremy Aller from Circle at Consensus, where Mossad suggested there should be more of a public-private
partnership approach, i.e. some sort of digital dollar operating platform on which private
companies could build applications. This would in his estimation, as well as Jeremy's estimation,
take advantage of the U.S. economy's unique strengths around innovation.
Next on the brief, more Bitcoin ETF delays.
No particular surprises here, but another one of the proposed Bitcoin ETFs,
this time from Wisdom Tree, has been delayed by the SEC.
It moved its decision timeline from May 30th to July 14th.
At the end of April, Van Ex-Ex ETF proposal got the same sort of delay.
Now, the SEC can delay for a very long time, months and months, in fact,
and most observers expect them to delay to the last possible moment.
Going into this year, many were excited about the prospects of a Bitcoin ETF in 2021, based on,
one, the ascension of Gary Gensler to the head of the SEC, given that he has been perceived
as generally pro-crypto, and two, a slate of Bitcoin ETFs that have listed on the Toronto
Stock Exchange in Canada, which are not only surviving, but in fact thriving.
More recently, those expectations have started to dwindle around increasing regulatory
language. I wonder to what extent Gensler's SEC is itself in a wait-in-sea mode about the
tenor of the Biden administration or the Congress. In appearances before Congress in the Senate,
Gensler has said that there are limits to what the SEC can do, but that Congress might want
to consider some additional regulation, particularly around crypto exchanges.
Third and finally on the brief, standard chartered is the next big bank to get into the crypto game.
They're offering institutional crypto brokerage and building an exchange for UK and European clients.
It's a new unit of the bank that comes as a joint venture between Standard Charter's Venture Group and BC Group,
who is the parent of Hong Kong regulated exchange OSL.
Here's the key quote from Alex Manson, the head of SC Ventures.
We have a strong conviction that digital assets are here to stay and will be adopted by the institutional market as a highly relevant asset class.
The new company will provide a brokerage and exchange platform to enable safe adoption and trading by the world's largest and most demanding investors.
Any individual one of these stories at this point isn't necessarily surprising anymore.
What's about them is that they show the continued marching trend of institutional adoption
of Bitcoin and crypto that just doesn't react to price in the same way that we all do.
But with that, let's shift to our main topic ransomware,
and I want to be clear that this is the start of the conversation, not the end.
Looking for the best way to unlock your crypto's liquidity,
nexo.io is exactly what you need.
borrow against her digital assets at just 6.9% APR, earn passive income with yields of up to 12%,
and swap between more than 100 market pairs with the Instant Nexo Exchange.
Try the Nexo Wallet app to get the whole 360 degrees of crypto banking.
Get started at nexo.io. That's N-EXO.io to get started today.
So here's the TLDR. Ransomware is setting up to be the obvious next big fud.
the next argument for Bitcoin and Crypto-critics to holler that the whole industry needs to go.
I am not the first to have said this.
On May 24th, Caitlin Long tweeted, having lived through waves of different FUD,
my prediction is that ransomware is the next FUD wave.
So I want to set the stage just a bit.
Why is this happening now?
Hasn't ransomware been around forever?
Yes, yes, it has.
What has changed is the profile of some of the attacks
and the media's coverage of this as a distinct thing.
The most significant event this year so far around ransomware was the Colonial Pipeline
shutdown. In early May, hackers breached Colonial Pipelines' company's systems.
When the company found out about the breach, it shut down other key parts of their system
because it wasn't sure how extensive the breach was or how long it would take to get back online.
Really importantly, this had actual significant impact on people's lives.
Those images and videos you saw last month of people around the southeastern U.S.
waiting in huge lines for no gas or filling up shopping bags with gasoline, that was all fallout
from this attack. It later came out that the company had paid $4.4 million in ransom to get their
systems restored. This kicked off a national conversation, and when people and media started
paying attention to it, they started to see ransom attacks everywhere. On May 20th, Bloomberg broke
a story that CNA Financial Group, a huge U.S. insurer, had paid $40 million in late March to regain
control of its network. Then just over the last week, JBS, one of the world's largest meat production
companies came under attack as well. It shut down all operations in Australia on Monday and halted all
cattle slaughter in the U.S. on Tuesday. Now, this is roughly 20% of the slaughter capacity in the
US for cattle and pork, so there could be massive impacts on both prices and availability.
Then today, the Twitter account of the Steamship Authority, aka the Martha's Vineyard Ferry,
tweeted, quote, The Woods Hole, Martha's Vineyard and Nantucket Steamship Authority has
been the target of a ransomware attack that is affecting operations as of Wednesday morning. As a result,
customers traveling with us today may experience delays. A team of IT professionals is currently assessing
the impact of the attack. Additional information will be provided upon completion of the initial
assessment. As Bloomberg's Joe Wisenthal put it, quote, oh wow, now it's a crisis. It's one thing to
hit gas lines and meat production, but now ransomware attackers have disrupted the ferry that takes people
out to Martha's Vineyard. Around all of this, there is a rising chorus of voices saying that this
should be the straw that breaks the camel's back and gets us to ban crypto for good.
The Bloomberg editorial board wrote how crypto abets ransomware attacks.
Quote, this is one area where a lazai fair attitude towards technology innovation cannot apply.
Then there was the executive director of the Global Financial Market Center at Duke,
who wrote an op-ed in the Wall Street Journal called Ban Cryptocurrency to fight ransomware.
Quote, we can live in a world with cryptocurrency or a world without ransomware,
but we can't have both.
It's time for the adults to tell the children.
party's over. Of course, he failed to disclose that his center has some big, bold crypto addresses
where you can donate it to, if you like, hanging out on their website. And so on and so forth. I could
point to another half dozen Twitter threads and things like that. But the point of all of this is that
this is patently absurd, and it's patently absurd for a couple of reasons. First, and I don't know
how to be any clearer about this, ransomware is an exploit of security vulnerabilities. To address it,
it is those security vulnerabilities that must be addressed. Second, the discussion of
crypto banning is particularly absurd in this context unless, for some reason, you expect that shadowy
cabals of Russia-related hackers are going to respect a U.S. crypto ban. I don't know how this isn't
clear. Perhaps I've been staring at Fudd for too long, but it's just so insane that it boggles the
mind. However, let's talk maturely, like adults, about the actual problem. And we can acknowledge that
ransomware is a growing problem. A task force of security experts and law enforcement estimates that
ransomware victims paid about 350 million in ransom last year, which was up 311% since 2019.
I would also say that when we see things like the colonial pipeline, which is not just energy
infrastructure, but I believe in many ways national security infrastructure, the targets of
these attacks are growing more concerning. But we need to ask why. Why is it that these attacks are
on the rise? To listen to the critics, it's entirely about Bitcoin and crypto, and I simply
don't see that being the case, given that these technologies have been easily available to them
for a decade now. So what else could it be? Well, part of it is that the expertise of attackers is
growing. As the industry matures, it gets more professionalized, more skilled at doing what they do.
Second, and I can't stress this enough, it's growing because companies actually pay the ransoms.
Remember that old movie trope where the government will not negotiate with terrorists? Well,
companies do negotiate with ransomware attackers. Melissa Hathaway was a security.
advisor to George W. Bush and Barack Obama and said that the average demand is now between
50 and 70 million per attack. It's negotiated down, she estimates, to an average payment of between
10 million and 15 million. And part of why companies pay is that they have cyber insurance policies
to cover it. I'm not saying at all that cyber insurance policies are wrong, but their existence
increases the likelihood of attackers getting paid. And you start to see a spiral where attacks
are more successful and more publicized, let's not forget that, which leaves you.
to more hackers getting involved in the space, et cetera, et cetera, et cetera.
And of course, there's a whole additional geopolitical dimension to this.
Colonial pipeline was shut down by a group affiliated with Darkside,
which is effectively a software development network that sells ransomware as a service.
And the craziest thing is that after the colonial hack,
Darkside posted a message that it was one of their customers behind the attack
and that they promised to do a better job vetting customers going forward.
Quote, we are apolitical.
We do not participate in geopolitics.
to make money and not creating problems for society. From today, we introduce moderation and check
each company that our partners want to encrypt to avoid social consequences in the future. There is a reason
they're making this statement. Many of these sorts of cyber attacks are connected to regions that have
combative relationships with the U.S. A Reuters article on the JBS attack was titled,
U.S. says ransomware attack on Meatpacker JBS likely from Russia. A White House spokesperson said
the White House is engaging directly with the Russian government on this matter and delivering the message
that responsible states do not harbor ransomware criminals. So there is a cybersecurity dimension to this,
a geopolitics dimension, a growing professionalization of the industry in terms of both incentives and
skill set. But what about crypto? Let me be really, really clear. It's okay for crypto to be a part
of the ransomware discussion. The same openness, global nature, and permissionlessness that make it
such a powerful tool for people fleeing oppressive regimes, for example, makes crypto good for
these types of uses as well. What's not okay is blaming the entire thing on crypto, or in turn,
thinking that you're going to ban crypto in the U.S., and somehow that's going to stop this.
But I have some good news on that front. That same White House press secretary, Corrine Jean-Pierre,
explained that, quote, President Biden had already launched a rapid strategic review to address the
increased threat of ransomware to include four lines of efforts, including expanding cryptocurrency
analysis to find and pursue criminal transactions. Other lines of inquiry that also include
evaluating how ransomware actually gets distributed and out into the world, as well as also working
with other nations to, quote, hold countries who harbor ransom actors accountable. So the order one
knee-jerk reaction is no, no, no, not another thing that government is going after crypto for.
But that's not what I see at all. I see two very different things. The first is that they're
treating the crypto payment side of this as just one of a larger set of considerations.
including the actual distribution of the software, including the geopolitics side.
There is, of course, the whole actual cybersecurity investment from company's side, but that's not
really for the government. The point is that I'm completely fine with a sophisticated,
dispassionate examination of the entire ransomware ecosystem that includes looking at
crypto's role in facilitating transfers. I would wager heavily that that sort of examination will not
lead to bannings. Instead, what it leads to is the other thing that I see in these quotes,
which is more contracts for companies like chain aliasis.
I mean, the White House Secretary literally said expanding crypto analysis to find and pursue
criminal transactions.
This is what companies like Elliptic and chain alices are already paid by various government
agencies to do.
We can have, by the way, a whole separate conversation about on-chain surveillance,
but my point is that this isn't really a boogeyman for crypto when viewed in this light.
As Caitlin Long said,
P.S., our industry has tools to police ransomware,
almost certainly better than the traditional banking industry does, given how our plumbing works.
Bitcoin will almost certainly be fine through this next round of fud too.
So the point is, yes, this fud is coming.
No, it is an existential, but yes, be prepared to talk about it a lot.
Until tomorrow, guys, be safe and take care of each other.
Peace.