Cryptocurrency exchanges and any businesses holding crypto assets should be required to have minimum cyber security standards in order to protect Australian investors, a committee has told the government.

On Wednesday, the cyber security Industry Advisory Committee (IAC) – created by the Department of Home Affairs in 2020 – published its recommendations for how the government can protect Australians from risks related to cryptocurrency.

It offered five recommendations including mandatory cyber security standards, extra resources for law enforcement cybercrime divisions, and more ways for consumers to understand the risks and evaluate the integrity of cryptocurrency products and vendors.

Andy Penn, chair of IAC and CEO of Telstra, said the government should offer increased support and education for Australian cryptocurrency investors.

“Every day there are headlines about new crypto billionaires alongside those losing their life savings by betting on crypto or being caught in a scam,” he said.

“Cryptocurrencies are more vulnerable to scams, confidence tricks and online ‘rug pulls’, which could easily see Australians lose their investments.

“Now that more and more ordinary Australians are investing in such currencies, there is an urgent need for more education about how to stay safe when trading and using cryptocurrency.”

‘Rug pull’ describes the nefarious practice of a cryptocurrency project that looks legitimate and encourages people to buy-in and drive up the price before the creators quickly cash out, making the coin worthless.

There are ways to spot a rug pull but this type of due-diligence can be esoteric and lost on people who are rushing in to buy a crypto asset quickly as the price rises.

The cyber security IAC wants to see the government produce educational programs that have “accurate, consistent messaging” to help investors “understand both the investment and cyber security risks” inherent in cryptocurrency.

Clarify regulation

It is also calling on the government to build a regulatory framework that “provide[s] greater clarity and confidence about how the cryptocurrency market can operate in Australia and how consumers can be best protected”.

This framework would function beyond existing anti-money laundering and counter-terrorism financing (AML/CTF) legislation that cryptocurrency exchanges must already follow.

At last week’s ACS Reimagination Thought Leaders’ Summit 2022, Senator Andrew Bragg said the government was undergoing a policy shift around how it treats cryptocurrency, and is aiming to put more regulatory levers in the hands of government in order to encourage capital and skilled workers to Australia.

This follows an announcement from Treasurer Josh Frydenberg late last year in which he said legislative reform aimed at cryptocurrency and digital assets could begin by the middle of the year.

But while they welcome a drive toward increased education, local cryptocurrency businesses are wary of tightened regulation.

Jonathon Miller, Australian Managing Director of the Kraken exchange, said the company broadly supports IAC’s recommendations.

“Minimum standards for security, and greater resourcing to fight sophisticated cybercrime will go a long way to protecting investors,” he said.

“Regulatory settings however is something that should be very cautiously approached.

“Australia has built a reputation for being a crypto-savvy and friendly jurisdiction which goes a long way to ensuring crypto businesses remain onshore in Australia.

“Onerous regulation such as market licensing and/or a crypto asset custody/deposit regime could risk driving these innovative businesses offshore, repeating the mistakes of the past when it comes to encouraging local innovative businesses onshore.”

Likewise, Ian Lowe, CEO of cryptocurrency investment firm Dacxi, said heavy regulation could “stifle innovation” within the maturing local industry.

“What's really needed is a drive on public education,” he said.

“Digital assets are fundamentally different from their traditional counterparts. Many have a select utility, for example facilitating payments, some represent real physical assets through tokenisation, and others are entire ecosystems – like Ethereum.”