With many cybercriminals choosing bitcoin as their currency of choice, the U.S. Department of Justice has naturally done its best to set up regulations that would prevent criminals from using the cryptocurrentcy for nefarious purposes.
But those regulations may be doing more harm than good, since they’re also keeping vigilante security consultants from doing business to protect their law-abiding clients from those same cybercriminals.
One might think that the enemy of their enemy is their friend, but not so for Night Lion Security’s Vinny Troia, whose security business sometimes involved paying digital ransom to hackers on behalf of clients harmed by cyberattacks like WannaCry. Troia also sometimes bought data from malicious hackers to verify database breaches.
Coinbase, an exchange for buying and selling cryptocurrency, caught wind of Troia’s methods and inquired whether he had U.S. Department of Justice authorization to carry them out. When Troia could not even confirm whether such authorization existed, Coinbase suspended his account and blocked him from creating accounts in family members’ names to continue conducting business.
Of course, from Coinbase’s perspective, allowing those transactions could violate regulations designed to prevent money laundering and criminal activity.
But the reality, according to cryptocurrency policy think tank Coin Center, is that more and more people have had to pay digital ransoms in recent years, from police departments to hospitals. Even the FBI has said that paying ransom is sometimes the smarter thing to do. When that’s the case, people like Troia need the access and freedom to act in the cryptocurrency sphere on behalf of the good guys.
With digital currency still relatively young, it will probably be a while before regulators get it right. Until then, differentiating the “good guys” from the “bad guys,” at least in a formal legal sense, will continue to be as complex as the blockchain on which bitcoin is built.