What I don't know about this is a lot, and I will admit to having a bias since I have ~25k in cryptocurrency on Gemini, but from a high level does this actually make sense?
If someone hires a hitman for $9,000, and then that person goes to Bank of America to withdraw money from their account, we don't typically hold BOA liable unless we assume that they know that the reason you're withdrawing the money is for something illegal.
The percentage doesn’t matter. I’m saying that HSBC has helped launder money for terrible people/organizations and the US government would stop more crime by appropriately punishing them vs a small exchange.
Edit: I can’t reply to the person who responded, but if you read my original comment, I say I think both should be punished instead of the government going hard against small fish while letting large-scale corruption thrive.
>The percentage doesn’t matter. I’m saying that HSBC has helped launder money for terrible people/organizations and the US government would stop more crime by appropriately punishing them vs a small exchange.
And so they (HSBC) did[0]. And quite blatantly too.
HSBC should have been smacked down hard. They were not. And that was wrong.
Is your argument that others doing the same should get a pass because HSBC only got a slap on the wrist?
Actually there is legitimate value in saying that all parties should receive the same punishment.
If there is precedent for a lesser punishment, then the guilty should all receive it, not just the guilty of with the right connections, wealth or… skin color.
There’s another similar argument to be made for mandatory minimum sentences.
>Actually there is legitimate value in saying that all parties should receive the same punishment.
I'd say that parties--when proven guilty--should receive similar punitive action relative to the scope of the issue.
But I don't see it as "HSBC got off lightly, so everyone else should too." I see it as "The DOJ dropped the ball with HSBC, and there should have been company-breaking fines/sanctions and those who knowingly assisted the cartels should do real prison time for money laundering and associated RICO charges.
That should be the standard, not "oh gee, HSBC got a slap on the wrist so no one should have to take responsibility for actions supporting global narco-traffickers (whether or not such drugs should be legal is another discussion) and state sponsors of terrorism.
If a case is handled inappropriately, the solution isn't to handle all similar cases inappropriately -- the solution is to do it correctly the next time and the time after that and the time after that, etc.
Being a chartered bank (or any corporation) is a privilege that can and should be revoked if those privileges are abused as HSBC did.
Or are you standing up for the banking system being allowed to knowingly profit from the death, murder and misery of other people?
The irony of HSBC's origins as the funder the opium trade in China isn't lost on me. But that was ~150 years ago and times have changed.
>Edit: I can’t reply to the person who responded, but if you read my original comment, I say I think both should be punished instead of the government going hard against small fish while letting large-scale corruption thrive.
Fair enough. And I don't disagree. At all.
IMNSHO, HSBC should no longer be allowed to operate as a bank and those who allowed this to happen should still be in 8x10 boxes somewhere.
The US government is having to address ransomware crime, a topical issue, in the middle of a gigantic rise in ransomware crime.
HSBC laundered money for cartels and helped eg Iranians avoid sanctions. Those are issues, but they aren’t directly related to ransomware crime like a crypto exchange facilitating payments for ransomware crime is. It’s somewhat off topic.
That's a good argument for punishing HSBC more than was done. In general in the USA we're really bad at holding the rich and powerful accountable. It's a serious issue.
I'm suspect that if 40% of HCBC's business was illegal, the regulatory actions taken may have been different. Generally, regulators don't run businesses with a quarter-million employees into the ground for the mistakes of a few, particularly when there's a path forward to compliance. Organizations that demonstrate they exist largely to facilitate crime don't get the same treatment. This makes practical sense.
At least until you do it at a scale large enough to make significant campaign contributions like, say, Bank of America or Wells Fargo. And those companies not only processed large relative amounts of criminal proceeds as companies they literally committed fraud themselves against their own customers.
Fair enough! As I said, I don't know a ton about this stuff, so always good to have knowledge shed for me.
Out of curiosity, what do regular banks (e.g. BOA in my example) do to avoid this problem? Just basic background checks and reporting suspicious behavior to the FBI or SEC or something?
Millions of these are filed per year. Obviously not all of these - probably not even most of these - are about actual crimes or end up in actual prosecutions, but the banks still have to file them.
Ah, I learned something today! Well then I think that cryptocurrency exchanges should probably have to do the same thing (and it's possible that some of the more reputable ones like Gemini and Coinbase already do).
BoA would have a legal requirement to verify the identity of their customers and in some cases the source of their funds, and if they failed to meet those obligations they would indeed be held liable.
This action also has the side effect of making it illegal for a victim organization to pay a ransom that would run through this exchange, which may be desirable outcome from the government's POV.
I am strongly of the opinion paying cyber ransoms should be a felony punishable by jail time. It's the only cure.
Absent that, the question is only how the ransomer gets paid, not whether they hold assets for ransom.
Unless it is a worldwide law, it won't matter except for reducing targeted attacks. For broad, automated attacks it isn't worth it to disable just for the US, that actually takes more work. They will just still have it encrypt the drive and then not bother trying to collect manually if it is in the US.
The US is big enough and rich enough that that alone would make a major dent. "I Rob Banks Because That’s Where the Money Is" (https://quoteinvestigator.com/2013/02/10/where-money-is/ for investigation) When there is no money in it they won't do it.
Even if that doesn't work, the US alone will ensure that a lot more effort is put into prevention. If you can't pay a ransom anymore, then after a few high profile major losses companies will take security and backups more seriously which will make it even harder to attack anything - this will then be rolled out to the rest of the world because once you make good tools you may as well.
for soft criminals, the hard ones will take it as more exciting and things will get worse. the real question we should be asking is why people are doing this and where or what country are they aligned with, is it some random kid who thinks it's all a game or is it an actual state sponsored criminal network?
>"We recognize that the vast majority of activity that's happening in the virtual currencies is legitimate activity," Adeyemo told reporters during a briefing.
That is a bold assertion. Not sure how true it is.
I'd imagine what they actually meant was, "We recognize that the vast majority of activity that's happening in the virtual currencies can't be proven to be illegitimate or illegal."
There are plenty of companies and researchers that analyze cryptocurrency ledgers and publish reports about these kinds of stats. I'm sure the Treasury Department has read a few of them.
Interesting how you managed to turn "Not sure how true it is" into " they must be wrong". From an expression of incredulity to an expression of certainty. Impressive. Impressively moronic.
> "We recognize that the vast majority of activity that's happening in the virtual currencies is legitimate activity," Deputy Treasury Secretary Adeyemo told reporters during a briefing.
Welp, there goes most of HN’s arguments against cryptocurrency.
Just a matter of time before the EPA says the environmental impact argument is misinformation in favor of remarkably sustainable use of the energy.
I don't understand the analogy, they are saying the vast majority of cryptocurrencies were not stolen or part of anything illegal. Thats the point of my post. Did you misread, or do I just misunderstand what you are saying.
I think the point is 'vast majority' isn't relative. If 10% of cars get stolen every year that's a LOT, but 'the vast majority of cars did not get stolen'.
In this case we'd need to relate it to normal asset/currency transactions. Is the rate of illegitimate transactions the same? 10X? 1000X? It can have several orders of magnitude more illegitimate activity while the statement 'the vast majority....' remains true.
ah okay, so the goal post moves from imagining the vast majority was illegitimate use, to imagining "orders of magnitude" above other asset classes contains illegitimate transactions. now I understand. I don't personally care about that.
Its more important that the US Deputy Treasury Secretary has intelligently differentiated between sanctionable centralized institutions and the network itself. A lot of people have talked themselves out of cryptocurrency by imagining that the [US] government would attack or outlaw the networks themselves, instead of acknowledging their legitimacy, and supported that with the imagination that the vast majority of use was illegitimate.
> ah okay, so the goal post moves from imagining the vast majority was illegitimate use, to imagining "orders of magnitude" above other asset classes contains illegitimate transactions.
The only one who is moving goal posts is you, who have somehow setup this strawman that the collective position on HN was that the vast majority of crypto was illicit use.
I agree that the collective opinion on HN seems to be that crypto is pretty much only used for illegitimate use. I think it's great to see a government official directly challenging that assumption.
yes but how is it e.g. on a knife maker to control who uses it? it's up to the police to police it.
private payments just make ransomware payments easier. they don't create a new source of the criminal intent.
should we, therefore, not improve global access to food and healthcare because some of the people whose actions would be empowered by it are criminals?
plus, private payments are in theory a literal requirement for soundness of the money system due to fungibility concerns, and also, you might argue, a requirement to protect the freedoms of certain people such as abused spouses.
there might be some sufficiently important human rights issues that only a censorship resistant private money system can solve... and I'm not sure if ransomware increases are really much to do with the availability of digital currencies so much as a symptom of other social problems. it's somewhat a question of whether solving e.g. ransomware issues is worth the effort if it means we get the other humanitarian solutions and social benefits from something like Monero.
From the article, a government spokesperson: "We recognize that the vast majority of activity that's happening in the virtual currencies is legitimate activity,"
It seems like collective punishment? I am not sure about this.
It's perhaps worth pointing out that they have 2020 at 1% right now, but they also mentioned how they raised 2019 from 1.1% to 2.1% due to new discoveries (your first source mentions this). I question how effectively we can really quantify this if the number can double a year after being reported, at the very least it's hard to say how accurate the initial numbers are. It's probably more accurate to say 1% is a lower bound for 2020, but a lower bound is obviously not that useful.
Perhaps it would be better to try and gather the amount of crypto use that is definitely legitimate, since that would at least give a theoretical upper-bound. Give the assumption that it's such a larger group that may just be too much to work through.
Western societies should just ban the purchase of cryptocoins by deactivating the fiat onroads - it will provide a necessary boost post-pandemic from reduction in the ransomware attacks, savings in electricity and chip waste from mining, reallocating tech talents to productive areas of the economy, and making money laundering (including sanction evading) more difficult.
Sure, the coins will keep trading in Belarus or El Salvador or somewhere, but at a fraction of the value, and the overall objective will be achieved.
every major victim so far in the supply chain has paid because its not only relatively affordable ransom, but because they clearly lack the organizational technical competence to prevent or countermeasure this sort of attack in the first place. its no different than being made to pay a bribe to the warlord to drill in elbonia.
close the exchanges or encumber them and youll see an escalation from threat actors.
72 comments
[ 4.0 ms ] story [ 146 ms ] threadIf someone hires a hitman for $9,000, and then that person goes to Bank of America to withdraw money from their account, we don't typically hold BOA liable unless we assume that they know that the reason you're withdrawing the money is for something illegal.
Similarly, why sanction the crypto exchange?
I’m all for going after companies that are complicit in crime, but we shouldn’t give the big players an easier time than the small ones.
Because surely something would happen to them if that were the case.
Edit: I can’t reply to the person who responded, but if you read my original comment, I say I think both should be punished instead of the government going hard against small fish while letting large-scale corruption thrive.
And so they (HSBC) did[0]. And quite blatantly too.
HSBC should have been smacked down hard. They were not. And that was wrong.
Is your argument that others doing the same should get a pass because HSBC only got a slap on the wrist?
[0] https://www.investopedia.com/stock-analysis/2013/investing-n...
Edit: Added link to details of HSBC's bad behavior.
If there is precedent for a lesser punishment, then the guilty should all receive it, not just the guilty of with the right connections, wealth or… skin color.
There’s another similar argument to be made for mandatory minimum sentences.
I'd say that parties--when proven guilty--should receive similar punitive action relative to the scope of the issue.
But I don't see it as "HSBC got off lightly, so everyone else should too." I see it as "The DOJ dropped the ball with HSBC, and there should have been company-breaking fines/sanctions and those who knowingly assisted the cartels should do real prison time for money laundering and associated RICO charges.
That should be the standard, not "oh gee, HSBC got a slap on the wrist so no one should have to take responsibility for actions supporting global narco-traffickers (whether or not such drugs should be legal is another discussion) and state sponsors of terrorism.
If a case is handled inappropriately, the solution isn't to handle all similar cases inappropriately -- the solution is to do it correctly the next time and the time after that and the time after that, etc.
Being a chartered bank (or any corporation) is a privilege that can and should be revoked if those privileges are abused as HSBC did.
Or are you standing up for the banking system being allowed to knowingly profit from the death, murder and misery of other people?
The irony of HSBC's origins as the funder the opium trade in China isn't lost on me. But that was ~150 years ago and times have changed.
Fair enough. And I don't disagree. At all.
IMNSHO, HSBC should no longer be allowed to operate as a bank and those who allowed this to happen should still be in 8x10 boxes somewhere.
But it's an imperfect world.
Edit: Fixed typo (IMNHSO vs. IMNSHO).
HSBC laundered money for cartels and helped eg Iranians avoid sanctions. Those are issues, but they aren’t directly related to ransomware crime like a crypto exchange facilitating payments for ransomware crime is. It’s somewhat off topic.
Out of curiosity, what do regular banks (e.g. BOA in my example) do to avoid this problem? Just basic background checks and reporting suspicious behavior to the FBI or SEC or something?
https://www.occ.treas.gov/topics/supervision-and-examination...
https://en.wikipedia.org/wiki/Suspicious_activity_report
https://www.fincen.gov/reports/sar-stats
Millions of these are filed per year. Obviously not all of these - probably not even most of these - are about actual crimes or end up in actual prosecutions, but the banks still have to file them.
> Just basic background checks and reporting suspicious behavior to the FBI or SEC or something?
yes that's part of it (FinCEN though I think, not necessarily direct to the fbi/sec)
This action also has the side effect of making it illegal for a victim organization to pay a ransom that would run through this exchange, which may be desirable outcome from the government's POV.
Even if that doesn't work, the US alone will ensure that a lot more effort is put into prevention. If you can't pay a ransom anymore, then after a few high profile major losses companies will take security and backups more seriously which will make it even harder to attack anything - this will then be rolled out to the rest of the world because once you make good tools you may as well.
which provides permission to rapidly iterate, permission to fail
which provides more egalitarian access and growth opportunities as well as failures
Not a particular currency.
That is a bold assertion. Not sure how true it is.
Welp, there goes most of HN’s arguments against cryptocurrency.
Just a matter of time before the EPA says the environmental impact argument is misinformation in favor of remarkably sustainable use of the energy.
Vast majority of cars did not get stolen last year.
In this case we'd need to relate it to normal asset/currency transactions. Is the rate of illegitimate transactions the same? 10X? 1000X? It can have several orders of magnitude more illegitimate activity while the statement 'the vast majority....' remains true.
Its more important that the US Deputy Treasury Secretary has intelligently differentiated between sanctionable centralized institutions and the network itself. A lot of people have talked themselves out of cryptocurrency by imagining that the [US] government would attack or outlaw the networks themselves, instead of acknowledging their legitimacy, and supported that with the imagination that the vast majority of use was illegitimate.
The only one who is moving goal posts is you, who have somehow setup this strawman that the collective position on HN was that the vast majority of crypto was illicit use.
private payments just make ransomware payments easier. they don't create a new source of the criminal intent.
should we, therefore, not improve global access to food and healthcare because some of the people whose actions would be empowered by it are criminals?
plus, private payments are in theory a literal requirement for soundness of the money system due to fungibility concerns, and also, you might argue, a requirement to protect the freedoms of certain people such as abused spouses.
there might be some sufficiently important human rights issues that only a censorship resistant private money system can solve... and I'm not sure if ransomware increases are really much to do with the availability of digital currencies so much as a symptom of other social problems. it's somewhat a question of whether solving e.g. ransomware issues is worth the effort if it means we get the other humanitarian solutions and social benefits from something like Monero.
It seems like collective punishment? I am not sure about this.
That's really really high compared to cryptocurrencies as a whole, of which, less than 1% are associated with illegal activity.
Where did you get this number from?
Chainalysis: https://blog.chainalysis.com/reports/2021-crypto-crime-repor...
Ciphertrace: https://ciphertrace.com/2020-year-end-cryptocurrency-crime-a...
Elliptic: https://www.elliptic.co/blog/cryptocurrency-money-laundering...
Perhaps it would be better to try and gather the amount of crypto use that is definitely legitimate, since that would at least give a theoretical upper-bound. Give the assumption that it's such a larger group that may just be too much to work through.
Sure, the coins will keep trading in Belarus or El Salvador or somewhere, but at a fraction of the value, and the overall objective will be achieved.
every major victim so far in the supply chain has paid because its not only relatively affordable ransom, but because they clearly lack the organizational technical competence to prevent or countermeasure this sort of attack in the first place. its no different than being made to pay a bribe to the warlord to drill in elbonia.
close the exchanges or encumber them and youll see an escalation from threat actors.
I don't get it.