A major U.S. Bitcoin exchange, responding to regulations intended to stop criminals, appears to be suspending the accounts of “white hat” security consultants who use Bitcoin to help law-abiding clients.
As reported by CoinDesk, Night Lion Security’s Vinny Troia was contacted last year by Coinbase, an exchange for buying and selling cryptocurrency. The exchange wanted to know how he was using his Bitcoin. Troia told Coinbase that his security business sometimes involved either paying digital ransom on behalf of clients impacted by attacks like WannaCry, or verifying database breaches by buying data from malicious hackers—all with client permission.
Get Data Sheet, Coins2Day’s technology newsletter.
Coinbase, after asking whether Troia had U.S. Department of Justice authorization for those methods—authorization which Troia couldn’t confirm even exists—Coinbase suspended his account. When he tried to open new accounts under the names of family members so he could continue conducting business, Coinbase shut those down, too.
The situation illustrates the growing pains of Bitcoin as its ecosystem matures. While there are plenty of good reasons that legitimate businesses might need to conduct Bitcoin transactions with shady characters—including, say, unlocking vital systems infected by a clever virus—enabling such transactions could put an actor like Coinbase in conflict with regulations intended to prevent money laundering (often referred to by the acronym AML, for “anti-money laundering”) and criminal activity (KYC, for “know your customer”).
In a related incident in Dec. 2016, prosecutors in New York charged the operator of a Bitcoin exchange with violating anti-money laundering laws specifically because it facilitated ransomware payments. Coin Center, a cryptocurrency policy think tank, came out strongly against that move, pointing out both that everyone from police departments to hospitals have had to pay such ransoms in recent years, and that even the FBI has said that sometimes paying ransom is the sensible choice.