<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=360133424683380&amp;ev=PageView&amp;noscript=1">

An open letter to EU cryptocurrency-related regulators, policy advisors and makers: Technology assurances are a must

Words by Dr. Joshua Ellul, Chairman of the MDIA and Director of DLT at the University of Malta. Catch up with him later this year in the Autumn edition of Block Magazine

I am writing this open letter to raise what I perceive to be a vital concern regarding cryptocurrency-related regulation. Across Europe, we have seen regulators take similar approaches to those used in traditional financial services, which lack adequate levels of technology-based assurances due to inherent high risks associated with specifically decentralised technology used in Blockchain, Smart Contracts and Cryptocurrencies.

Cryptocurrencies, other similar forms of tokens and related activities have inherent technological risks which could be detrimental to European regulatory frameworks and the EU’s reputation in this sector. In June 2020, a European country had taken a blow to its reputation (and perhaps indirectly Europe) with respect to regulatory oversight of financial and operational due diligence of the sector. Let us not let it take another potentially more serious blow from lack of technological due diligence and technology assurances.

Cryptocurrencies, tokens, virtual financial assets, utility tokens, ICOs, STOs, IEOs, or any other financial operation and technology built on or making use of blockchain and smart contracts are inherently high risk. Regulators are already familiar with the risks inherent in the operational and financial aspects, but this risk is intensified because of its dependence on blockchain or similar distributed ledger technologies (DLT).

Unlike traditional technology and systems, where a mistake in a transaction or bug in the data or code can be fixed, on a DLT, such errors frequently cannot be fixed, and the data cannot be reverted or manipulated to compensate for losses resulting from the unexpected behaviour. Neither the operator, nor the software developer, the responsible Authority, nor the justice system may be able to enforce such a recovery. To put this in context, consider the hypothetical scenario in which, due to a software bug, all clients’ accounts are reset to have no funds, effectively emptying millions of euros worth of cryptocurrency held by various clients.

Now consider this bug occurs in an EU licensed activity — it results in millions or billions worth of euros in losses and again it was licensed by an EU-based regulator, and it is found that adequate technological due diligence to minimise such bugs was not undertaken by the developer and/or operator, nor required by the Regulator. Not only will this be a blow to EU crypto-based licensed activity, but aggrieved parties may decide to initiate class-action lawsuits against the Regulator for not having had in place sufficient technology assurances that could have minimised such occurrences. It is worth adding that the hypothetical nature of this scenario is the latter part — the occurance of this happening to an EU licensed activity. However, when it comes to bugs and losses one can cite various instances of DLT technology failures which have led to the equivalent of hundreds of millions of euros.

The risks associated with the underlying technology is as high — much higher some would say — than the operational and financial ones. And yet, one can approach addressing such risks in a manner which mirrors the way in which operational risks are addressed — setting up a process of independent third-party system audits and a sufficient regulatory framework for ensuring technology-based assurances. This needs to be mandatory within the cryptocurrency space.

As part of Malta’s regulatory framework, the Malta Digital Innovation Authority addresses such technology-based assurances. We would like to reach out to the EU and other member states to initiate a forum for taking such assurances to an EU-level. If the EU does not implement adequate technology assurances, then it may only be a matter of time until it will have to face another blow to the credibility of its regulated services due to lack of technology-based assurances.

A list of such reported losses due to bugs and technology follow. Further details regarding the regulatory framework are discussed in the following paper: https://link.springer.com/article/10.1007/s12027-020-00617-7

List of a few reported bugs and losses

Sep 2020


Aug 2020



https://cointelegraph.com/news/rushed-upgrade-made-12-of-ethereum-clients-unusable (no direct loss of money, downtime though)

Jul 2020



June 2020


Mar 2020


Feb 2020




Sep 2019


June 2019


July 2018




Dec 2018


Sep 2018


Feb 2018


Jan 2018


Nov 2017


July 2017


Aug 2016


June 2016


Jan 2015


Feb 2014


Sep 2012


June 2011


SiGMA Americas:

Following the successful launch of SiGMA Europe (Malta) and SiGMA Asia (Manila), we’re now launching the inaugural SiGMA AMERICAS, covering all three major timezones. The inaugural edition is set for September 22-24, 2020 with a virtual summit focusing on two themes: SiGMA AMERICAS for the Gaming industry and AIBC AMERICAS for the Emerging Tech industry. We wanted to provide fresh content, to help you navigate through these turbulent times. If you’re exploring Americas as a new frontier or wondering which tech solutions to embrace, we've got you covered: tune in on September 22-24, 2020.


Related Posts

Tips to avoid information overload

Allan Petrilli, VP of Sales & Growth at Intelitics, tells SiGMA News that finding the right platform is key to operators leveraging the true ...