TRM Talks: Securing Crypto with Fireblocks Jason Allegrante

In this TRM Talks, Ari Redbord sat down with Fireblocks’ Chief Legal and Compliance Officer Jason Allegrante to discuss:

• The challenges of crypto asset compliance in a rapidly evolving ecosystem;
• How policy makers can work with industry to develop sound regulatory frameworks and protect the crypto ecosystem from hacks and other exploits;
• How Fireblocks works with blockchain intelligence companies like TRM;
• How first moving jurisdictions are shaping the global crypto asset regulatory rulebook.

Despite the so-called "crypto winter," we have seen a flurry of institutional adoption. But, as the ecosystem grows so does the need to keep funds safe. In this TRM Talks we discuss protecting the crypto ecosystem from hacks and other exploits, how Fireblocks works with Blockchain Intelligence like TRM Labs, and how policy makers can work with industry to craft sound regulatory frameworks. Mr. Allegrante, who began his legal career at the Federal Reserve Bank of New York and practiced law in private practice, has spent his career focused on the intersection of financial regulation, compliance and digital assets.

In addition to regulation, policy and compliance, in this TRM Talks, we also discuss the threat landscape including the cyber threat from North Korea. According to a recent TRM report, over the past five years, North Korean hackers have stolen over USD 2 billion in cryptocurrencies in over 30 attacks. In 2023, although the total amount stolen in cryptocurrency attacks is down from a record-setting 2022, North Korea has maintained its focus on the crypto ecosystem. Year-to-date, North Korea has stolen USD 200 million in cryptocurrency, accounting for over 20% of all stolen crypto this year. 

The history of Fireblocks is very much rooted in North Korea's shift from traditional money laundering to the digital space. In 2017, when the Lazarus Group hacked into four South Korean exchanges and stole $200M of Bitcoin, the would-be founders of Fireblocks were part of the task force that investigated the attack. According to the company, "The shift and motivation of cybercriminals from hacking traditional finance to digital assets, and the complexity and the lack of solutions for securing digital assets in an enterprise environment [inspired the founders to create a solution] to secure the blockchain."

In this TRM Talks we dig into the cyber threat from North Korea and how the industry can work together to mitigate the threat. As Mr. Allegrante explains, "When one individual suffers a hack, the cost of that falls potentially on the collective and it falls on the industry. There is a need to start a conversation around standard setting and a need to start holding everyone else within the ecosystem to account because I don't think it's enough for the long term health and integrity and reputation of the industry for us to say, ok, great Fireblocks wasn't hacked today. We all have an interest."

Watch the full recording for much more or read our recap below:

‍Ensuring crypto assets compliance is a major challenge

In the fast-paced world of crypto, new innovations and exciting business opportunities are constantly emerging. However, as Mr. Allegrante explained, these raise complex legal and compliance questions.

Though as a software company Fireblocks does not fall under the same regulatory obligations as financial services entities, Mr. Allegrante explained, the company takes compliance, security and reputational risk seriously. Spearheaded by its legal and compliance departments, the company aims to work closely with regulators and its clients to bring increased legal clarity to the space while ensuring support for innovation.

‍Industry stakeholders need to agree on effective regulatory solutions

Echoing the sentiment expressed in an earlier TRM Talks, in Mr. Allegrante’s view, it is the responsibility of the industry at large to seize control of the regulatory environment. “It is incumbent on us to build a better mousetrap” when it comes to financial crime compliance. He added that “expending energy to try to get rules in place that are more tailored to what it is that we’re doing” is also in the interest of businesses in the sector.

Crypto businesses, standard-setting organizations and regulators should come together to agree on the way forward, he explained. They should harness emerging technologies and higher transparency levels to improve the regulatory environment and establish a clearer operating context. In his view, this would create ”a much better result for the industry as well as for law enforcement and other concerned individuals.”

‍Blockchain intelligence companies can help identify illicit on-chain activity and shape the regulatory environment 

Blockchain intelligence companies, according to Mr. Allegrante have a role to play in highlighting illicit activity and aiding industry participants navigate a shifting regulatory landscape.

For instance, Fireblocks integrates blockchain intelligence tools into its wallets and user interface. This allows its customers to screen the wallets and check the provenance of the assets for links to illicit activity. As Mr. Allegrante explained, “[Fireblocks’] customers really are desirous of these services … [and] seek them out.” 

The discussion touched on other ways blockchain intelligence companies can boost transparency and help drive regulation in the sector. For example, TRM runs Chainabuse, a publicly available, crowd-sourced fraud and scams database. By reporting malicious on-chain activity to the platform, customers help raise awareness of typologies of crime in the ecosystem, which in turn helps industry players and law enforcement offer better protection. 

‍The persistent cyber threat calls for collective responsibility to eliminate ecosystem vulnerabilities 

This TRM Talks included a segment on the threat landscape and the cyber threat from North Korea. Preventing digital asset hacks conducted by hostile state actors is “top of mind” for Fireblocks, according to Mr. Allegrante. Fireblocks’ origins are rooted in North Korea’s shift from traditional money laundering to the digital space. The company’s founders formed part of the task force that investigated the 2017 theft of USD 200 million in bitcoin from four South Korean exchanges by North Korea-linked Lazarus Group. 

The persistence of hacks and exploits on digital assets weighs heavily on the viability of the entire ecosystem, Mr Allegrante explained. “When one individual suffers a hack … the cost falls potentially on the collective, and it falls on the industry,” he said. 

In Mr Allegrante’s view, this means that the onus should not be solely on individual entities to ensure robust cybersecurity controls. Instead, standards should be set across the ecosystem. “We need to start … holding everyone else within the ecosystem to account … for the long-term health, integrity and reputation of the industry.”

‍Opportunity lies in tracking the “regulatory waterfall”

The conversation concluded with a few words on where U.S. and global crypto regulation is headed. Mr Allegrante spoke about what Fireblocks has termed the “regulatory waterfall.” That is, the notion that a handful of influential jurisdictions define the regulatory frameworks that are later replicated around the world. 

“Because it’s easier for the less sophisticated or less involved to take what’s already out there, … the [regulations of] the first movers actually trickle down and become law or regulation in [other] jurisdictions,” he said.

Fireblocks has been tracking international regulatory developments to identify the first movers and where they should focus their resources and attention. The passing of the Markets in Crypto-Assets (MiCA) legislation in the EU was a landmark moment in this respect, Mr. Allegrante acknowledged. He noted that MiCA is already being discussed as a blueprint for other jurisdictions to follow.

Where the U.S. is concerned, the crypto operating context has become challenging over the past twelve months, Mr Allegrante continued. Yet he expressed cautious optimism that the climate is improving. Potential game-changers, in his view, could include the approval of bitcoin ETFs or stablecoin legislation by early 2024. However, these events are far from certain, and industry participants should continue to monitor regulatory developments around the world to assess the likely future global operating context in the space.