When Malta set out to provide a regulatory framework for the cryptocurrency sector, policymakers and advisers recognized how blockchain, distributed ledger technology and smart contracts, as well as related technologies, imposed new challenges to providing consumer protection and to fitting within existing legal structures.
Immutability of data — and subsequently code, or rather smart contracts — is a desirable feature to provide guarantees to users that data (and smart contracts) cannot be tampered with. However, this also poses a critical challenge: Often, it is impossible, or infeasible, to change code once it has been written to such a distributed ledger. This potentially means that code can be deployed that ends up managing millions to billions of dollars worth of funds, and if a bug is found, it may be impossible to update the code to get rid of it.
Cryptocurrencies, tokens, initial coin offerings, security token offerings, etc., are built on this type of technology. In order to provide consumer protection, regulators around the world have focused on implementing a regulatory regime that ensures due diligence is undertaken regarding the individuals behind such operations, and regarding the financial and legal aspects of the operations, which is great.
Yet, minimal effort has gone into ensuring that there are adequate levels of due diligence regarding the technology. In traditional financial systems, this is not much of a problem, as when something goes wrong, authorities and other centralized stakeholders can reverse actions and/or data as required. However, when it comes to decentralized systems, this is not an option. Neither the crypto operator, users, regulators, enforcement entities nor even the courts can do anything to revert the decentralized transactions. If a bug causes losses of billions in crypto, the tokens are lost forever.
Some argue that such responsibility and risks should be borne by users. Being a computer scientist and programmer…