The U.S. Department of Justice is filing criminal charges against several BitMEX executives: It says the bitcoin exchange failed to implement U.S. rules to prevent money laundering and verify customer identity. The Seychelles-based exchange’s technical director was even arrested while in the U.S. last week.
The US is not known as the world’s police for nothing. U.S. authorities like to see the entire world as their territory, and especially in finance, hardly any company is safe from their arm if it doesn’t go out of its way not to have U.S. citizens as clients. The latest victim of these ambitions is Bitcoin derivatives exchange BitMEX, registered in the Seychelles, an island nation in the Indian Ocean east of Africa.
Together with the FBI as well as the Commodity Futures Trading Commission (CFTC), a New York prosecutor is filing criminal charges against CEO Arthur Hayes, co-founders Benjamin Delo and Samuel Reed, and their first employee Gregory Dwyer. Reed, the chief technical officer (CTO), was arrested last Thursday in Massachusetts.
The case is unprecedented: never before has the U.S. government brought criminal charges against one of the major exchanges, and never before has a CTO of such an exchange been arrested for working at the exchange. One gets the feeling that the U.S. Department of Justice has taken the escalation spiral one step further with this move.
BitMEX is an exchange founded in 2014 to trade bitcoin derivatives. It is known for the fact that you can bet on the fall or rise of cryptocurrency prices with a huge leverage. Only bitcoins are accepted as bets, but you can bet on many currency pairs.
Since up to 100x leverage is allowed, you can profit massively from even the smallest price changes – or lose everything. With billions of dollars in daily trading volume, BitMEX is one of the largest crypto exchanges around; non-traders may know the exchange for its Fork Monitor or BitMEX Research.
In the shadows of the financial markets
However, BitMEX’s managers are not being charged because the extreme leverage is regulatory questionable and may encourage insider trading. Rather, they are charged with verifying customers and monitoring the flow of funds.
Employees, says New York Attorney General Audrey Strauss, “deliberately failed to implement even basic anti-money laundering measures.” This, she says, allowed BiMEX to “operate as a platform in the shadows of the financial markets.” BitMEX’s managers, adds the FBI’s William Sweeney, “willfully violated the Bank Secrecy Act (BSA) by undermining U.S. anti-money laundering measures.”
The BSA is part of the Patriot Act, which the U.S. used to respond to the terrorist attacks of Sept. 11, 2001. It has, the indictment explains, the clear goal of “preventing, detecting, and prosecuting international money laundering and the financing of terrorism.” It requires financial institutions to document, monitor, and report financial flows to authorities. It also requires institutions to establish an anti-money laundering (AML) program that includes, under the direction of a senior management representative, “practices, procedures, and controls that have the purpose of preventing the financial institution from being misused to launder money or finance acts of terrorism.” Part of this includes establishing a “Know-Your-Customer” (KYC) program that verifies the identity of customers.
Because BitMEX did not comply with the BSA’s requirements, the exchange lent itself as a “vehicle for money laundering and sanctions violations.” For example, in May 2018, Hayes was notified that BitMEX was being used to launder the spoils of a hack of a crypto exchange without Hayes responding with AML measures. Internal reports from BitMEX also revealed that the exchange had customers in Iran, violating U.S. sanctions.
Why the world’s police have tasted blood
But what business is it of the USA? BitMEX is based in the Seychelles, not the US. CEO Arthur Hayes once boasted that regulators in the Seychelles could be bribed “for a coconut.” That is anything but friendly and betrays a rather bad character. But this is not a matter for the U.S. Department of Justice. BitMEX is not in the jurisdiction of the U.S., neither the FBI nor a New York prosecutor nor the CFTC are likely to exercise or claim authority.
The problem now is that BitMEX is also used by US traders. It is a freely accessible platform on the Internet, which makes it difficult to prevent U.S. citizens from accessing the site and signing up. To be sure, BitMEX, like others, has used IP blocks to keep U.S. citizens off the exchange. But, as the indictment complains, they did not prevent access through the TOR network or VPNs, which allowed U.S. citizens to log onto BitMEX. Furthermore, Arthur Heyes had attended conferences in the U.S., which is understood as soliciting U.S. customers. Finally, the plaintiffs have evidence that BitMEX managers knowingly accepted U.S. citizens.
In late August of this year, BitMEX arguably attempted to accommodate U.S. regulators by introducing mandatory verification of its customers’ identities. However, according to the indictment, managers subsequently advised some U.S. customers to list another country as their origin in order to continue trading on the exchange. Traders don`t have to stick with Bitmex, there are a lot of alternatives on the market – find them at MarginBull.
Customers withdraw bitcoins
BitMEX is fighting back against the allegations, clarifying on the blog, “We are resisting the U.S. government’s hard-handed accusations and will defend ourselves vigorously. We have always tried to be compliant with U.S. law since our earliest days as a startup, as we were already aware of these laws at the time.” Meanwhile, the platform itself will continue to operate as normal; customers’ balances are safe, he said, and withdrawals will be made daily at 1 p.m. as usual.
The security of customer Bitcoins is more than an academic issue at BitMEX. The exchange holds about $2 billion worth of bitcoins in its wallets in multisig addresses, according to analysts, meaning transactions must be signed by multiple parties. This could prove to be a protection not only against hackers, but also against hasty seizures by U.S. authorities, for example if individual employees are arrested or individual servers are confiscated.
For BitMEX’s customers, however, the news of the CTO’s arrest is primarily troubling. They have already withdrawn around 40,000 Bitcoins (just over $400 million) since the announcement by the Department of Justice.
Consequences for other exchanges and DeFi
Many observers are now naturally trying to interpret what the event means for the crypto industry. That the U.S. does not stop at its borders to implement the law it has adopted has been known for a long time; however, a success against BitMEX will possibly confirm the country’s authorities to act even more forcefully against other crypto companies that do not comply with the myriad of regulations and sanctions. It will likely now be even more difficult for U.S. citizens to find an exchange that is not regulated by U.S. requirements; most financial institutions already refuse to accept U.S. citizens as clients.
Decentralized exchanges – be it a DeFi on Ethereum, be it local software like Bisq – appear to be ripe enough at just the right time to step in when U.S. regulation makes it impossible to operate. So will the DeFi market be the main beneficiary from the crackdown on BitMEX? Some observers think so; others suspect just the opposite.
Investor Adam Cochran, for example, says that you have to look at the intent of the law. If the intent of a law is to protect customers, such as from the exchange losing or misappropriating money, DeFis would not be affected because they do not have a custodian. This could apply to regulation by the SEC or even the CFTC. On the other hand, the situation is different for a law like the Bank Secrecy Act (BSA): This is not about protecting consumers, but about preventing and prosecuting money laundering.
At its core, the BSA says this: “If you knowingly, intentionally, or through a failure to adhere to industry standards, support, enable, or benefit from money laundering, we will hunt you down.” That a thing is “decentralized” is not a magic shield that protects against prosecution. For example, the U.S. Department of Defense has also charged or warned off individuals who worked for platforms like LocalBitcoins or PaxFul, both of which are exchanges for decentralized P2P trading that generally do not take bitcoins into custody for their customers.
DeFi apps on the Ethereum blockchain are also not automatically safe from this, he said. Again, there are often enough developers who have a master key to the smart contract, and if there isn’t, law enforcement can still “seize domains and servers, shut down the front end, and arrest developers.” If this happened, a large portion of users would stop using the app, “effectively destroying the protocol.”