Mapping the Intersection of Cryptocurrency Exchanges, Users, and Regulation
Lead Research Organisation:
University College London
Department Name: Computer Science
Abstract
The advent of cryptocurrency exchanges developed a convenient route and access to
cryptocurrencies for the mass population. Currently, exchanges are entrusted with the
safekeeping and the daily facilitation of millions worth of funds on a global scale. However,
their rapid propagation and prospering turned exchanges into attractive targets for criminals
and cyberattacks. This can be attributed to many factors, including the long-lasted absence
of globally coordinated, standardised, and suitable legal frameworks, comprehensive of all
aspects covering cryptocurrencies. Most current domestic and regional regulations comprise
Anti-Money laundering (AML) and Countering the Finance of Terrorism (CFT) rules, and often
neglect other vital areas that urgently mandate intervention, such as consumer protection,
financial crime, privacy, and security compliance.
The ramifications attributed to this abundant situation are numerous and diverse. As a start,
regulators rushed into imposing the same AML/CFT measures tailored to suit the
conventional financial/banking system, onto the divergent environment of cryptocurrencies.
This poses major privacy and cybersecurity risks, as the level of legal and security compliance
of exchanges is unclear/unknown. Due to regulatory shortcomings, and lack of proper legal
and security compliance, not only exchanges are becoming victims of cybercriminals, but
many can easily facilitate such crimes. Consumers, on the other hand, are growingly turning
into the prime victims of these crimes, attacks, and sundry other risks arising from the self regulation of exchanges.
In this Ph.D. thesis, we aim to study and unravel the multidimensional factors and the risks
arising from the intersection of exchanges, consumers/users, and regulators within the
cryptocurrency sphere. This will be achieved by employing both multidisciplinary and
interdisciplinary research methods that incorporate legal, computer science, and crime
science research instruments.
The primary goals of this research are 1) to produce scientific evidence that would aid
legislators in the policymaking process; this is especially true in light of studying and assessing
the adequacy of newly adopted regulations such as the Markets in Crypto-Assets regulation
(MiCA) and other AML/CFT policies; 2) assist law enforcement agencies in identifying
potential exchanges that might appeal to criminals, and/or acting as crime
facilitators/channels; 3) advocate the creation of a safer and secure environment for
consumers based on the principles of accountability, liability, compliance, transparency, and
privacy.
cryptocurrencies for the mass population. Currently, exchanges are entrusted with the
safekeeping and the daily facilitation of millions worth of funds on a global scale. However,
their rapid propagation and prospering turned exchanges into attractive targets for criminals
and cyberattacks. This can be attributed to many factors, including the long-lasted absence
of globally coordinated, standardised, and suitable legal frameworks, comprehensive of all
aspects covering cryptocurrencies. Most current domestic and regional regulations comprise
Anti-Money laundering (AML) and Countering the Finance of Terrorism (CFT) rules, and often
neglect other vital areas that urgently mandate intervention, such as consumer protection,
financial crime, privacy, and security compliance.
The ramifications attributed to this abundant situation are numerous and diverse. As a start,
regulators rushed into imposing the same AML/CFT measures tailored to suit the
conventional financial/banking system, onto the divergent environment of cryptocurrencies.
This poses major privacy and cybersecurity risks, as the level of legal and security compliance
of exchanges is unclear/unknown. Due to regulatory shortcomings, and lack of proper legal
and security compliance, not only exchanges are becoming victims of cybercriminals, but
many can easily facilitate such crimes. Consumers, on the other hand, are growingly turning
into the prime victims of these crimes, attacks, and sundry other risks arising from the self regulation of exchanges.
In this Ph.D. thesis, we aim to study and unravel the multidimensional factors and the risks
arising from the intersection of exchanges, consumers/users, and regulators within the
cryptocurrency sphere. This will be achieved by employing both multidisciplinary and
interdisciplinary research methods that incorporate legal, computer science, and crime
science research instruments.
The primary goals of this research are 1) to produce scientific evidence that would aid
legislators in the policymaking process; this is especially true in light of studying and assessing
the adequacy of newly adopted regulations such as the Markets in Crypto-Assets regulation
(MiCA) and other AML/CFT policies; 2) assist law enforcement agencies in identifying
potential exchanges that might appeal to criminals, and/or acting as crime
facilitators/channels; 3) advocate the creation of a safer and secure environment for
consumers based on the principles of accountability, liability, compliance, transparency, and
privacy.
Planned Impact
The EPSRC Centre for Doctoral Training in Cybersecurity will train over 55 experts in multi-disciplinary aspects of cybersecurity, from engineering to crime science and public policy.
Short term impacts are associated with the research outputs of the 55+ research projects that will be undertaken as part of the doctoral studies of CDT students. Each project will tackle an important cybersecurity problem, propose and evaluate solutions, interventions and policy options. Students will publish those in international peer-reviewed journals, but also disseminate those through blog posts and material geared towards decision makers and experts in adjacent fields. Through industry placements relating to their projects, all students will have the opportunity to implement and evaluate their ideas within real-world organizations, to achieve short term impact in solving cybersecurity problems.
In the longer term graduates of the CDT will assume leading positions within industry, goverment, law enforcement, the third sector and academia to increase the capacity of the UK in being a leader in cybersecurity. From those leadership positions they will assess options and formulate effective interventions to tackle cybercrime, secure the UK's infrastructure, establish norms of cooperation between industries and government to secure IT systems, and become leading researcher and scholars further increasing the UK's capacity in cybersecurity in the years to come. The last impact is likely to be significant give that currently many higher education training programs do not have capacity to provide cybersecurity training at undergraduate or graduate levels, particularly in non-technical fields.
The full details of our plan to achieve impact can be found in the "Pathways to Impact" document.
Short term impacts are associated with the research outputs of the 55+ research projects that will be undertaken as part of the doctoral studies of CDT students. Each project will tackle an important cybersecurity problem, propose and evaluate solutions, interventions and policy options. Students will publish those in international peer-reviewed journals, but also disseminate those through blog posts and material geared towards decision makers and experts in adjacent fields. Through industry placements relating to their projects, all students will have the opportunity to implement and evaluate their ideas within real-world organizations, to achieve short term impact in solving cybersecurity problems.
In the longer term graduates of the CDT will assume leading positions within industry, goverment, law enforcement, the third sector and academia to increase the capacity of the UK in being a leader in cybersecurity. From those leadership positions they will assess options and formulate effective interventions to tackle cybercrime, secure the UK's infrastructure, establish norms of cooperation between industries and government to secure IT systems, and become leading researcher and scholars further increasing the UK's capacity in cybersecurity in the years to come. The last impact is likely to be significant give that currently many higher education training programs do not have capacity to provide cybersecurity training at undergraduate or graduate levels, particularly in non-technical fields.
The full details of our plan to achieve impact can be found in the "Pathways to Impact" document.
Organisations
People |
ORCID iD |
| Marilyne Ordekian (Student) |
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/S022503/1 | 01/04/2019 | 23/11/2028 | |||
| 2576213 | Studentship | EP/S022503/1 | 01/10/2021 | 30/09/2025 | Marilyne Ordekian |