Risky Business:

Bold idea: Financial regulators have taken important steps to mitigate crypto risks to consumers and the economy, but more action must be taken to address the sociotechnical threats experienced by over 35% of Canadian crypto-asset owners.

Executive Summary

From origins of blockchain technology decades ago to earliest use cases of digital or e-cash and the introduction of Bitcoin as the first cryptocurrency in 2008, few could have predicted the cultural phenomenon and dramatic market growth for Crypto-assets of the last few years — or the dramatic and wrenching collapse of Crypto-asset values and firms last year. While policymaking and oversight of Crypto-asset trading has understandably been through a financial regulatory lens, this report offers policymakers and policy-focused industry leaders and technologists a new perspective: assessing the technical cyber security risks and threats, as well as the sociotechnical security interactions between technological and human dynamics. 

As part of a basic primer for readers on blockchain and Crypto-asset trading, this report offers novel new insights from national representative survey conducted in October 2022 about the demographic profile of crypto users in Canada, levels of public trust in crypto asset platforms, and the types of harms purchasers of Crypto-assets report experiencing.

Key findings include:

• Only one in ten Canadians have owned a Crypto-asset such as Bitcoin, Ether or NFT.
• A larger share of self-reported crypto owners are men, younger, university educated and higher income.
• Owners do not express significantly different views on the political spectrum, or a greater likelihood to believe misinformation than other Canadians.
• One in three (35%) of owners reported experiencing crypto fraud or scams, with higher rates among lower-income and less-educated populations;
• Nearly one in five (19%) owners report having been targeted with online harassment that caused them to fear for their safety, compared to 6% of those who have not owned crypto; and
• Canadians generally express extremely low levels of trust in Crypto-asset exchanges, even before the collapse of the FTX exchange in late 2022.

Using a mixed method approach including an extensive literature review and a scan of Crypto-asset policy and regulatory government  initiatives, security risks and threats were assessed through two lenses. The first is more traditional cyber security - the technical threats and vulnerabilities related to blockchain or specific applications, typically targeted by purely malicious actors. The research identifies four categories of risk to the blockchain network, the crypto exchange, 3rd party services like crypto wallets, and to users directly, with numerous examples of cyber attacks and hacks exploiting technical vulnerabilities for financial theft, data breach, and other criminal purposes. Some attacks that are covered include spam attacks, deanonymization attacks, and crypto jacking attacks.

The second lens is sociotechnical security, which uses the terminology of cyber security but captures risks that reflect the interdependencies and entangled interactions of technology and social conditions. Here the research and numerous use cases from media and other sources were synthesized into four more categories: user anonymity, privacy and harassment; financial scams and fraud; high-risk behaviour, misinformation and deceptive promotion; and externalities and systemic threats. 

A policy scan through the aforementioned lenses reveals the policy landscape for crypto regulation through a security lens related to the findings above. The key finding is that there has been significant financial regulatory action in Canada for Crypto-asset trading, primarily in the application and enforcement of securities law, which is also having the effect of addressing certain cyber and STsec risks. There has, however, been little direct policy initiative related to cyber security for Crypto-assets, and Canada can learn from jurisdictions like the EU that are introducing more integrated regulatory packages for both Crypto-assets and distributed ledger technologies (DLTs), or the U.S. with a comprehensive Framework for digital assets directing federal government efforts. Standards-setting initiatives for DLTs and crypto offer potential to address security risks as well.

For policymakers and other stakeholders, the report concludes with the following recommendations:

1. Conduct further research on the security threats and harms associated with Crypto-asset trading, and increase public engagement with communities of crypto users to inform policymaking.
2. Ensure Crypto-asset policymaking is timely and iterative, to allow for innovation in blockchain and fintech while assuring market integrity, security and consumer protection. 
3. Enhance public transparency and cyber security-aligned consumer protection requirements for Crypto-asset investors and users. 
4. Align financial regulation of Crypto-assets with other Canadian policy and legal regimes, including cyber security, privacy and data protection, and online safety. 
5. Coordinate and collaborate on Crypto-asset policymaking with peer jurisdictions and transnational governance and standards bodies.

A Short Primer on Blockchain Technology and Crypto-asset Trading

Blockchain technology is, at its core, a records-management system. A type of distributed ledger technology (DLT), the development and maintenance of the digital database is carried out by participants connected through a peer-to-peer network, rather than held by a centralized third party.11Rauchs, M., Glidden, A., Gordon, B., Pieters, G., Recanatini, M., Rostand, F., Vagneur, K., Zhang, B. (2018). Distributed Ledger Technology Systems: A Conceptual Framework. University of Cambridge: Cambridge Centre for Alternative Finance. https://deliverypdf.ssrn.com/delivery.php?ID=523068119001022112010111070082091024031014039074069003068001078098007067064115097024025103012043047102119064075111096090097068044001045019044068023028010075100124120091020012017072121009102073002111070124093002124107103105073109012003084068021092067117&EXT=pdf&INDEX=TRUE on page 15. In addition to the Bitcoin blockchain, many other blockchain networks have emerged over the past decade, with some most active for crypto trading and other uses being Ethereum, Solana, BNB Chain, Arbitum and Avalanche.12See e.g. Bertagnoli, L. (2022, August 25). 20 Blockchain Platforms Driving the Industry. Builtin. https://builtin.com/blockchain/blockchain-platforms. While the original Bitcoin white paper did not use the term “blockchain,” referring instead to chains of blocks and digital signatures, many of the attributes described in the Bitcoin white paper are common in other blockchain networks.

These include: consensus-based transaction verification, user anonymity (or “pseudonymity”), transparency of the public ledger, and unalterable (“immutable”) records once added to the blockchain. These attributes, and their rationale, are explored in more detail below, with a Glossary of Terms for unique vocabulary we encounter in the report.A note for readers: in this report, the term blockchain is used to refer to the technology generally, rather than to specific networks such as Bitcoin or Ethereum.

The Unique Attributes of Blockchain for Crypto-asset Trading

When Nakamoto introduced the Bitcoin concept on what would later be called blockchain technology, it sought to address at least four particular challenges. 

The first was to reduce reliance on traditional finance. In the wake of the 2007-08 global financial crisis, there was heightened distrust of the financial system and its institutions. Bitcoin sought to reduce or eliminate the need to rely on traditional financial institutions that acted as centralized authorities for the processing, recording, and verification of financial transactions. Instead, Bitcoin would be a peer-to-peer electronic cash system, built on open-source software that would enable transactions to be facilitated by a decentralized network of computers.13About. (n.d.). Bitcoin Core. https://bitcoincore.org/en/about.

The second was to establish a trusted verification system for peer-to-peer transactions. In place of a centralized authority for validating transactions, cryptographic technology would allow “chains'' of transactions to be formed into “blocks'' of data that are posted to the blockchain ledger at regular time intervals. Each transaction or block is affixed with a unique identifier that confirms the sender and receiver (called a “signature” or cryptographic “hash”). Transactions are time stamped and publicly accessible to provide transparency and address the problem of ‘double-spending’ (i.e. using the same electronic cash twice).14All transactions can be viewed online. See Bitcoin. (n.d.). Blockchain.com. https://www.blockchain.com/explorer?view=btc. Multiple computers (called “nodes”) temporarily store information about proposed transactions as a verification step, prior to the permanent record posting on the blockchain.

The third was to address risks of fraud and tampering through consensus verification. To address the risk of editing or insider tampering with transaction blocks in an effort to steal from users, verification of each block occurs through a decentralized “consensus mechanism.” Blockchain network users must contribute their computational energy (called “mining”) to solving “moderately hard, but not intractable” cryptographic equations to verify transactions.15Quote from this piece: Dwork, C., Naor, M. (2001). Pricing via Processing or Combatting Junk Mail. Advances in Cryptology - Crypto '92. CRYPTO 1992. Lecture Notes in Computer Science, vol. 740. (pp.139-147). Springer. doi:10.1007/3-540-48071-4_10. In this “proof-of-work” consensus model, users are incentivized through the potential cryptocurrency payments, as block rewards or transaction fees.16See also: Interestingly, the proof of work system was originally proposed to prevent spam email and denial-of-service (DDoS) attacks on websites. Finney, H. (n.d.). Reusable Proofs of Work. Nakamoto Institute. https://nakamotoinstitute.org/finney/rpow/index.html. Once verified and posted to the blockchain, records are then non-reversible (or “immutable”), so they cannot be altered later.

The fourth was ensuring the privacy of transactions and the ‘pseudonymity’ of users. The solution was the use of a “public key” (username) and “private key” (password) model. Each user is represented by a string of random numbers, functioning like a self-generated username and password that are not stored by a centralized intermediary.17Walker, G. (n.d.). How does Bitcoin work?. Learn me a bitcoin. https://learnmeabitcoin.com. To complete a transaction, a user’s private key generates their digital ‘signature,’ which demonstrates their ownership of a public key without requiring them to reveal their private key. Each transaction requires the use of a unique digital signature, which cannot be reused. While the identity of a user is not revealed, the record of the transaction on the public blockchain reveals their unique cryptographic ‘signature’, representing a type of virtual pseudonym (if not complete anonymity).

Variations in the Design of Blockchain Projects

While Bitcoin has informed the design of blockchain and distributed ledger technologies since its introduction in 2009, there have been significant variations in the design of blockchain networks over time. 

• Consensus mechanisms. Common to the trust and verification for blockchain networks, other consensus mechanisms have been introduced in addition to the initial Bitcoin ‘proof-of-work’ protocol.18The most common are proof of work and proof of stake, but other variations include delegated proof of stake, proof of activity, proof of authority, proof of burn, proof of capacity or proof of space, proof of elapsed time, proof of history, and proof of importance. What is Consensus? A Beginner’s Guide. (2022, May 13). Crypto.com. https://crypto.com/university/consensus-mechanisms-explained. The most widely used variation is ‘proof-of-stake’, where users “stake” digital currency (rather than “mining” it) as collateral in a smart contract to verify transactions on the blockchain, incentivized by digital currency rewards.19Napoletano, E., and Broverman, A. (2022, July 12). Proof of Stake Explained. Forbes. https://www.forbes.com/advisor/ca/investing/cryptocurrency/proof-of-stake. A primary benefit of ‘staking’ is that it does not demand the energy intensive hardware systems and computing capacity for ‘mining’, reducing electronic waste, energy consumption and carbon dioxide pollution.20Platt, M., Sedlmeir, J., Platt, D., Xu, J., Tasca, P., Vadgama, N., Ibañez, J.I. (2021). The Energy Footprint of Blockchain Consensus Mechanisms Beyond Proof-of-Work. IEEE. doi:10.1109/QRS-C55045.2021.00168. In September 2022, the largest blockchain network, Ethereum, transitioned to proof of stake through a process they called The Merge.21Chow, A. (2022, September 7). Why the Ethereum Merge Matters. TIME. https://time.com/6211294/ethereum-merge-preview.; The Merge. (2022, September 15). Ethereum.org. https://ethereum.org/en/upgrades/merge.
• Public versus private blockchains. Bitcoin and Ethereum are public blockchains, where peer-to-peer transactions are posted on a publicly accessible ledger and users can participate in consensus verification.22Guegan, D. (2017). Public Blockchain versus Private blockchain. HAL Open Science, 1-6. https://halshs.archives-ouvertes.fr/halshs-01524440/document. Other networks have been developed as private or semi-private blockchain projects, limited to a certain group of users.23Jayachandran, P. (2017, May 31). The difference between public and private blockchain. IBM. https://www.ibm.com/blogs/blockchain/2017/05/the-difference-between-public-and-private-blockchain. Private blockchains are more comparable in concept to a traditional financial intermediary, with examples including R3 Corda and Hyperledger.
• Pseudonymous versus anonymous. Privacy is an attribute of the Bitcoin blockchain and other public networks where users do not have to provide name and identity information. Yet, users’ cryptographic public key does represent a form of pseudonym that can be traced, as multiple transactions can be linked to a single user and could potentially be linked to a legal identity.24Schinckus, C., Nguyen, C.P., Chong, F.H.L. (2021). Are Bitcoin and Ether Affected by Strictly Anonymous Crypto-Currencies? An Exploratory Study. Economics, Management and Financial Markets 16(4), 9-27. doi:10.22381/emfm16420211. As a result, variations such as Monero, Dash, and Bitcoin Private have emerged that use technical features to provide full anonymity.25Fauzi, P., Meiklejohn, S., Mercer, R., Orlandi, C. (2018). Quisquis: A New Design for Anonymous Cryptocurrencies. In Advances in Cryptology - ASIACRYPT 2019, 25th International Conference on the Theory and Application of Cryptology and Information Security. (pp 649-678). doi:10.1007/978-3-030-34578-5_23.
• Immutable versus alterable records. Blockchain’s cryptographic protocols typically apply the attribute of “immutability,” where recorded data cannot be modified or manipulated.26Shin, D. and Ibahrine, M. (2020). The socio-technical assemblages of blockchain system: how blockchains are framed and how the framing reflects societal contexts. Digital Policy, Regulation and Governance 22(3), 245-263. https://www.emerald.com/insight/content/doi/10.1108/DPRG-11-2019-0095/full/html#abstract. However, some experts note that there have been work-arounds to this principle, such as when Ethereum was “hard forked”27When a blockchain project is “forked”, this splits the blockchain into two separate networks. Intentional forks and hard forks are used to implement new consensus mechanisms, and require nodes to be upgraded to new consensus mechanisms, respectively. - or re-coded - through a software update to reset the funds for users that had been stolen during a hack.28White, M. (2022, January 9). Blockchain-based systems are not what they say they are. Molly White. https://blog.mollywhite.net/blockchains-are-not-what-they-say.; Ore, J. (2016, August 28). How a $64M hack changed the fate of Ethereum, Bitcoin’s closest competitor. CBC News. https://www.cbc.ca/news/science/ethereum-hack-blockchain-fork-bitcoin-1.3719009.

What are Crypto-assets?

“Crypto-asset” is a widely-used umbrella term that refers to digital assets that are issued and transferred on blockchain and other distributed ledger technology systems.34Blandin, A., Cloots, A.S., Hussain, H., Rauchs, M., Saleuddin, R., Allen, J.G., Zhang, B.Z., Cloud, K. (2019). Global Crypto-asset Regulatory Landscape Study. University of Cambridge Faculty of Law Research Paper No. 23. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3379219. Designed to be used as a medium of exchange and a store of value,35Crypto Assets. (n.d.). Canadian Securities Administrators. https://www.securities-administrators.ca/investor-tools/Crypto-assets. they include cryptocurrencies (e.g., Bitcoin, Ether, CBDCs), non-digital assets like utility and governance coins, security tokens, and non-fungible tokens (NFTs). Crypto-assets can be transacted on exchanges, marketplaces, and during online games.36What is Crypto Gaming? (2023, January 23). Bitbuy. https://bitbuy.ca/guides/what-is-crypto-gaming. They are held in wallets. Key actors in the Crypto-asset ecosystem include its users, miners and stakers, cryptocurrency exchanges, brokers, wallet providers, coin inventors (who develop the technical foundations of a cryptocurrency), and coin offerors (who offer coins to users, for free or for a fee, upon a coin’s initial release).37Houben, R. and Snyers, A. (2018). Cryptocurrencies and blockchain: Legal context and implications for financial crime, money laundering and tax evasion. European Parliament, Policy Department for Economic, Scientific And Quality of Life Policies. https://www.europarl.europa.eu/cmsdata/150761/TAX3%20Study%20on%20cryptocurrencies%20and%20blockchain.pdf.

How Crypto-assets Are Traded

Crypto-assets are traded on exchanges, which are digital platforms for buying and trading cryptocurrency and other digital assets. NFTs are traded on marketplaces, rather than exchanges.38This report uses the terms ‘exchange’ and ‘trading platform’ interchangeably. Forbes’ 2022 report on global crypto exchanges reported approximately 600 cryptocurrency exchanges operating worldwide.39Paz, J. (2022, March 16). The Best Global Crypto Exchanges. Forbes. https://www.forbes.com/sites/javierpaz/2022/03/16/the-best-global-crypto-exchanges. There are broadly two types of exchanges:

1. Custodial exchanges, which function like traditional stock or foreign exchange brokers but for Crypto-assets, and manage wallets on behalf of users. These exchanges tend to require account registration and identity verification, similar to other types of online trading platforms for financial products.40Woods, J. (2018, March 18). Crypto Exchanges: Custodial vs. Non-Custodial vs. Decentralized. Medium.com. https://medium.com/@jacobrobertwoods/crypto-exchanges-custodial-vs-non-custodial-vs-decentralized-3d1d04cf205. Examples include large global exchanges such as Binance, Kraken and Coinbase, and Canadian exchanges Coinsmart and Bitbuy.
2. Non-custodial or peer-to-peer exchanges, where no centralized platform facilitates interactions. Users transact directly with each other and must manage their own wallets, safeguarding their private and public keys, in order to access and trade their assets.41See also Non-custodial crypto exchange. (n.d.). PC Mag. https://www.pcmag.com/encyclopedia/term/non-custodial-crypto-exchange. Accounts are generally not needed to trade on non-custodial exchanges, nor is there a need to provide personal information to an exchange.42Woods, J. (2018, March 18). Crypto Exchanges: Custodial vs. Non-Custodial vs. Decentralized. Medium.com. https://medium.com/@jacobrobertwoods/crypto-exchanges-custodial-vs-non-custodial-vs-decentralized-3d1d04cf205. Uniswap, IDEX, SimpleSwap, and Localbitcoins are examples of non-custodial exchanges.

Others have described an emotional and peer-driven “lean in” philosophy among crypto enthusiasts. The scholar Simon Mackenzie describes how the risk-taking culture in Crypto-asset markets has been an attractive feature for many participants: the “society of traders [...] celebrate their ‘degeneracy’ and make investment decisions based on motifs like ‘yolo’ (you only live once) into ‘moonshots’ (risky bets on crypto with potentially huge upside).”44Mackenzie, S. (2022). Criminology Towards the Metaverse: Cryptocurrency Scams, Grey Economy and the Technosocial. The British Journal of Criminology 62(6), 1537-1552. doi:10.1093/bjc/azab118. A study by the UK financial regulator in 2019 found that many crypto users find the market risks attractive, though few have explicit strategies in place to manage the financial risks.45Financial Conduct Authority (2019). How and why consumers buy Crypto-assets. FCA. https://www.fca.org.uk/publication/research/how-and-why-consumers-buy-Crypto-assets.pdf.

In Canada, there has been little substantial analysis to date of the attitudes or experiences of Crypto-asset users. Last year, however, the Bank of Canada published a report on Bitcoin ownership and use in Canada between 2016 and 2020, finding that users tend to be younger, educated men with higher than average household income and lower levels of financial literacy.46Balutel, D., Felt, M., Nicholls, G., Voia, M.C. (2022). Bitcoin Awareness, Ownership and Use: 2016-20. Bank of Canada. doi:10.34989/sdp-2022-10. Like the UK study, the Bank of Canada report found that participants sought to invest in and profit from Crypto-assets without a comprehensive understanding of the technology and the financial associated risks, including price crashes, lost funds, or scams.47Ibid.

This report provides a new contribution to our understanding through a representative survey of 2,000 Canadian residents aged 16 and older, conducted online in October 2022. The profile of crypto users closely reflects the Bank of Canada’s findings. Our research found that, even by late 2022 after the crypto market peak, a minority (9%) of Canadians reported having purchased a Crypto-asset, such as Bitcoin, Ethereum or an NFT. A larger share of crypto owners were men (14% of Canadian men compared with only 5% of women), and in particular men between 25 and 35 years old (26%). A higher percentage were university-educated (13%) than college or below (8%), and are from households with incomes of over $100,000 (14%).

Profile of Crypto-asset users in Canada

In terms of political orientation or ideology, owners of crypto reported very similar views to the overall population — despite some public perceptions connecting crypto enthusiasm to right wing ideologies or protest movements like the Truckers’ Convoy.48These findings were taken from a representative survey of 2,000 Canadian residents aged 16 and older, conducted in October 2022. These survey findings contributed to a published report released in March 2023. See more: Andrey, S. (2023). Survey of Online Harms in Canada. Leadership Lab. https://www.ryersonleadlab.com/survey-of-online-harms-in-canada. We also sought to understand the relationship between Crypto-asset ownership and belief in misinformation. We asked survey respondents about their belief in eight statements concerning vaccines, immigration, climate change and the Russian invasion of Ukraine, and somewhat surprisingly found no significant difference between those who have and have not owned Crypto-assets (owners of crypto average 5.1 correct answers out of eight, compared to 5.2 of non-owners).49For more information on methodology, see https://www.ryersonleadlab.com/survey-of-online-harms-in-canada.

The survey also sought to understand Canadians’ levels of trust in cryptocurrency exchanges to offer secure and responsible technology, compared with other types of businesses and public institutions. The findings were revealing. Across the full sample of respondents, about half (49%) reported “low trust” in cryptocurrency exchanges, far higher levels than for all other categories. While crypto-asset owners did report ‘high trust’ in exchanges more than the general population, a greater proportion of owners still reported ‘neutral’ (43%) or ‘low trust’ (27%). It is important to note that these survey responses were collected before the FTX collapse and other related crypto events in late 2022, which presumably has further eroded trust in crypto exchanges and markets. The FTX failure also reportedly resulted in financial losses for an estimated 30,000 Canadian users and numerous businesses.50Schecter, B. (2022, November 16). How regulation slowed FTX’s growth, limiting the toll of its collapse in Canada. Financial Post. https://financialpost.com/fp-finance/cryptocurrency/regulation-slowed-ftx-growth-canada-limiting-toll-crypto-collapse; Rolfe, K. (2023, February 28). FTX includes more than 30 Canadian firms in sprawling creditors list. The Logic. https://thelogic.co/news/ftx-includes-more-than-30-canadian-firms-in-sprawling-creditors-list.

Figure 1
Canadians Trust in Offering Secure and Responsible Technology

The Policy Landscape: A Security Lens on Crypto-asset Regulation

In recent years, efforts at regulation and industry standards-setting for Crypto-asset markets, exchanges and firms have become a major priority for policymakers, regulators and the financial services industry. The collapse of major crypto exchanges and platforms in 2022, and the resulting billions of dollars lost, has only amplified urgency for governments and transnational bodies to establish regulatory regimes. Crypto market integrity firms like Elliptic, Chainalysis, and Ciphertrace have emerged to support regulators and financial institutions with detection and prevention of financial crime and compliance violations. There have been significant enforcement actions in Canada and worldwide related to crypto financial crime, with significant seizures or recovery of illicit assets.105Financial and Consumer Services Commission. (2022, May 9). Canadian Anti-Fraud Centre Bulletin: CAFC and WPS Recover $17000 in Bitcoin. https://fcnb.ca/en/news-alerts/canadian-anti-fraud-centre-bulletin-cafc-and-wps-recover-17000-in-bitcoin#:~:text=On%20March%2017th%2C%202022%2C%20the,both%20CAFC%20and%20local%20police.; Northcott, P. (2022, May 10). Police help victim of crypto-fraud get money back. RCMP. https://www.rcmp-grc.gc.ca/en/gazette/police-help-victim-crypto-fraud-get-money-back.; United States Department of Justice. (2022, November 7). U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure and Conviction in Connection with Silk Road Dark Web Fraud. U.S. Attorney’s Office, Southern District of New York. https://www.justice.gov/usao-sdny/pr/us-attorney-announces-historic-336-billion-cryptocurrency-seizure-and-conviction.

To date, however, regulatory initiatives in Canada and other major jurisdictions have focused primarily on cryptocurrency and digital assets through a financial services lens. There has been less policy attention on the cyber and sociotechnical security of blockchain technology and Crypto-asset trading explored in this report. This section provides a scan of the Crypto-asset regulatory landscape through this security lens, focusing on cyber security policy specifically for Crypto-assets and financial regulatory policy where it seeks to address the cyber and sociotechnical security threats surveyed in the previous section. It surveys the policy landscape in Canada and two other jurisdictions of particular relevance for Canadian policymakers — the European Union and United States — as well as security-related industry standard-setting that is emerging for blockchain and distributed ledger technologies.

Canada

To date, regulatory oversight of Crypto-assets in Canada has largely been under securities legislation. Provincial securities regulators — and collectively under the Canadian Securities Administrators (CSA) — were relatively early movers in pursuing actions with Crypto-asset exchanges, due in part to the collapse of Quadriga, then Canada’s largest exchange, and the shocking revelations of mismanagement that followed.106Ontario Securities Commission. (2018). Downfall of Quadriga (2018). https://www.osc.ca/quadrigacxreport/downfall-of-quadriga.html. Other key actors in Canada’s policy landscape for Crypto-asset trading include the Self-Regulatory Organization of Canada (formerly IIROC, the Investment Industry Regulatory Organization of Canada) that oversees investment dealers and trading activity in Canada, the Bank of Canada, the federal Department of Finance, provincial finance ministries, Financial Consumer Agency of Canada (FCAC), Office of the Superintendent of Financial Institutions (OFSI), the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), and other federal agencies who have proactively monitored risks posed by Crypto-asset activities.107Derk, C., Bogle, J., Gomez, I. (2022, February 22). Cryptocurrency outlook in Canada - Where we are and where we are going. BLG. https://www.blg.com/en/insights/2022/02/cryptocurrency-outlook-in-canada-where-we-are-and-where-we-are-going.; Sia Partners. (2021, October 14). Canadian Securities Regulations for Crypto Businesses. Sia Partners. https://www.sia-partners.com/en/news-and-publications/from-our-experts/canadian-securities-regulations-crypto-businesses.; Grant, S., Lim, K., Peters, M. (2022). Blockchain & Cryptocurrency Laws and Regulations 2022. Global Legal Insights. https://www.globallegalinsights.com/practice-areas/blockchain-laws-and-regulations/canada.; Government of Canada. (2022, November 16). Statement to entities engaging in Crypto-asset activities or crypto-related services. https://www.canada.ca/en/financial-consumer-agency/news/2022/11/statement-to-entities-engaging-in-Crypto-asset-activities-or-crypto-related-services0.html.

Cryptocurrencies are not deemed a legal tender in Canada,108Sia Partners. (2021, October 14). Canadian Securities Regulations for Crypto Businesses. Sia Partners. https://www.sia-partners.com/en/news-and-publications/from-our-experts/canadian-securities-regulations-crypto-businesses.; Hills, N. (2021, December 20). Canada: A Legal Guide to Cryptocurrency in Canada. and there has been policy uncertainty across jurisdictions about whether Crypto-assets should be treated as securities or derivatives for regulatory purposes.109Derk, C., Bogle, J., Gomez, I. (2022, February 22). Cryptocurrency outlook in Canada - Where we are and where we are going. BLG. https://www.blg.com/en/insights/2022/02/cryptocurrency-outlook-in-canada-where-we-are-and-where-we-are-going. Yet, CSA Staff Notices dating back to 2017 have provided regulatory guidance regarding the trading of Crypto-assets on centralized platforms, applying traditional investment dealer, marketplace and clearing rules in a hybrid fashion.110Canadian Securities Administrators. (2017). Staff Notice 46-307. Cryptocurrency Offerings. https://www.asc.ca/-/media/ASC-Documents-part-1/Regulatory-Instruments/2018/10/5366029-CSA-Staff-Notice-46-307-Cryptocurrency-Offerings.ashx.; Canadian Securities Administrators. (2018). Staff Notice 46-308. Securities Law Implications for Offerings of Tokens. https://www.asc.ca/-/media/ASC-Documents-part-1/Regulatory-Instruments/2018/10/5404970-CSA-Staff-Notice-46-308.ashx. For Crypto-asset trading platforms (CTPs), requirements have included registration with IIROC, a focus on disclosure and reporting of assets, advertising and marketing, reporting suspicious transactions, and ‘Know-Your-Client’ (KYC) verification requirements to enforce anti-money laundering (AML) provisions.111Canadian Securities Administrators. (2021). CSA Staff Notice 51-363 - Observations on Disclosure by Crypto Assets Reporting Issuers. https://www.osc.ca/sites/default/files/2021-03/csa_20210311_51-363_observations-disclosure-Crypto-asset.pdf.; Canadian Securities Administrators. (2021). Staff Notice 21-330. Guidance for Crypto-Trading Platforms: Requirements relating to Advertising, Marketing and Social Media Use. https://www.osc.ca/sites/default/files/2021-09/csa_20210923_21-330_crypto-trading-platforms.pdf.; Grant, S., Lim, K., Peters, M. (2022). Blockchain & Cryptocurrency Laws and Regulations 2022. Global Legal Insights. https://www.globallegalinsights.com/practice-areas/blockchain-laws-and-regulations/canada. Regulatory sandboxes have also been introduced by the CSA and Alberta government to encourage innovation and development of the technology.112Canadian Securities Administrators. (2016). CSA Regulatory Sandbox. https://www.securities-administrators.ca/resources/regulatory-sandbox/.; Government of Alberta. (2022). Innovating the finance sector. https://www.alberta.ca/innovating-the-finance-sector.aspx. Dr. Ryan Clements’ comprehensive expert report for the national Public Order Emergency Commission provides an authoritative assessment of the Crypto-asset financial regulatory landscape.113See Clements, R. (2022). Commissioned Paper: Cryptocurrency: Challenges to Conventional Governance of Financial Transactions. Public Order Emergency Commission. https://publicorderemergencycommission.ca/files/documents/Policy-Papers/Cryptocurrency-Challenges-to-Conventional-Governance-of-Financial-Transactions-Clements.pdf. He highlights a number of other CSA Staff Notices (21-327, 21-329, 21-330, 21-332, 46-307, 46-308) that further establish regulatory guidance for Crypto-asset trading and exchanges, addressing CTP pre-registration requirements to protect investors, compliance and risk identification, advertising, marketing and social media requirements, the application of securities law to tokens, and other related areas such as the distribution of crypto-investment funds, derivatives on Crypto-assets, and custodial controls.

Through the security lens, key federal institutions for cyber security, such as lead department Public Safety Canada and the Canadian Centre for Cyber Security (CCCS) within Canada’s national cyber intelligence agency, do not appear to have established policies or programs specifically aimed at addressing cyber risk associated with cryptocurrency and trading. CCCS ransomware awareness briefs address cryptocurrency as a common form of payment, and the 2018 National Cyber Threat Assessment identified unauthorized crypto mining as a threat and digital currency as an AML risk.114Canadian Centre for Cyber Security. (2021, September). Ransomware: How to prevent and recover (ITSAP.00.099). Government of Canada. https://www.cyber.gc.ca/en/guidance/ransomware-how-prevent-and-recover-itsap00099.; Canadian Centre for Cyber Security. (2018). National Cyber Threat Assessment 2018. Government of Canada. https://www.cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2018.; Public Safety Canada. (2015) Organized Crime. https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/2015-h001/index-en.aspx. The most recent National Cyber Threat Assessment for 2023-2024 likewise acknowledges the ways in which decentralized finance and related tools (e.g., privacy coins, mixers) are used to facilitate crime by users and state actors.115Communications Security Establishment. (2022). National Cyber Threat Assessment 2023-2024. https://cyber.gc.ca/sites/default/files/ncta-2023-24-web.pdf.

Still, numerous areas of current and emerging financial policy intersect with the cyber and sociotechnical security risks identified in this paper. This is particularly the case for financial fraud and scams, deceptive promotion, financial consumer protection and increasing user awareness of the financial risks of crypto trading and the range of hacks and social engineering threats targeting users. For example, the application of KYC and AML provisions will require greater scrutiny of malicious actors using crypto for criminal purposes. In early 2023, the CSA announced further strengthening of crypto trading platform investor protection commitments in the wake of the insolvencies and market turmoil in late 2022.116Ontario Securities Commission. (2023, February 22). Canadian securities regulators strengthen oversight, enhance expectations of crypto asset trading platforms operating in Canada. https://www.osc.ca/en/news-events/news/canadian-securities-regulators-strengthen-oversight-enhance-expectations-Crypto-asset-trading. The FCAC Financial Consumer Protection Framework, released in June 2022, set out strengthened or new requirements relating to crypto, such as notification and information sharing requirements for regulated entities offering Crypto-assets.117Government of Canada. (2022, November 16). Statement to entities engaging in Crypto-asset activities or crypto-related services. https://www.canada.ca/en/financial-consumer-agency/news/2022/11/statement-to-entities-engaging-in-Crypto-asset-activities-or-crypto-related-services0.html. The FCAC has also released an informative page on digital currency, with basic definitions, risks, and general tips for using digital currency.118Financial Consumer Agency of Canada. (2021). Digital currency. Government of Canada. https://www.canada.ca/en/financial-consumer-agency/services/payment/digital-currency.html. There have also been initial steps to address environmental externalities, such as Hydro-Québec’s imposition of energy restrictions on crypto miners.119Grant, S., Lim, K., Peters, M. (2022). Blockchain & Cryptocurrency Laws and Regulations 2022. Global Legal Insights. https://www.globallegalinsights.com/practice-areas/blockchain-laws-and-regulations/canada.; Arsenault, J. (2018, July 16). Hydro-Québec allowed to charge cryptocurrency miners increased rates. Montreal Gazette. https://montrealgazette.com/news/local-news/hydro-quebec-allowed-to-charge-cryptocurrency-miners-increased-rates.

Other emerging policy initiatives offer the potential to incorporate cyber and STsec lenses. In Fall 2022, Finance Canada announced a public consultation on the digitization of money, focused on ensuring financial sector stability and security, and minimizing use of Crypto-assets for illegal activities.120Department of Finance. (2022, November 3). Government consults Canadians to advance key priorities. Government of Canada. https://www.canada.ca/en/department-finance/news/2022/11/government-consults-canadians-to-advance-key-priorities.html. The Bank of Canada has been conducting initial exploration of a Central Bank Digital Currency (or CBDC), in response to the changing digital society but also concern about systemic risks, and trust and security of money, with cryptocurrency. In 2021, the Ontario government was considering new legislation, called the Capital Markets Act, that would provide the provincial securities regulator greater discretion and authority to enforce rules over cryptocurrency, which reportedly received considerable pushback from crypto companies including Wealthsimple, Shakepay and Dapper Labs.121Government Ontario. (2021). Capital Markets Act - Consultation Draft. Ontario’s Regulatory Registry. https://www.ontariocanada.com/registry/view.do?postingId=38527&language=en; Victor, J. (2022, August 26). “Startups push back on proposal to give Ontario regulators new authority over crypto.” The Logic. https://thelogic.co/news/startups-push-back-on-proposal-to-give-ontario-regulators-new-authority-over-crypto. Provincial securities regulators across the country have been stepping up public awareness campaigns to warn about crypto fraud, focusing on social engineering-type tactics, use of social media platforms, and targeting of vulnerable population groups.122Ontario Securities Commission. (2022, March 11). Fraud Prevention Month: Canadian Securities Administrators encourages Canadians to invest in asking questions before investing in crypto assets. https://www.osc.ca/en/news-events/news/fraud-prevention-month-canadian-securities-administrators-encourages-canadians-invest-asking.

There is another important point of intersection for addressing crypto security-related issues with other foundational technology policy legislative initiatives, including the Consumer Privacy Protection Act (Bill C-27) and related provincial laws, the cyber security act (Bill C-26) that is focused on critical industries including financial services, and the forthcoming online safety bill for regulating large social media platforms. While Crypto-asset trading is not central to any of them, there are opportunities for alignment with the financial and other policymaking efforts.

The European Union

The European Union appears to be the most advanced jurisdiction in developing policy regimes that directly assess both Crypto-assets and trading, and the digital technology and cyber security related risks. In 2020, the European Commission announced a package of digital finance initiatives to address Crypto-asset regulation, digital security, and regulatory innovation for blockchain.123European Commission. (2020, September 24). Digital finance package. European Commission. https://finance.ec.europa.eu/publications/digital-finance-package_en. A first element, the Markets in Crypto Asset Regulation (MiCA), is among the most comprehensive regulatory frameworks covering Crypto-assets and their issuers and service providers. MiCA, to be voted on in 2023, builds on the EU’s financial directive from 2014, which covered virtually all aspects of financial investment and trading.124Directive 2014/65/EU. On markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32014L0065. Key financial sector actors include the European Securities and Markets Authority (ESMA), European Banking Authority (EBA), the Financial Stability Board, the European System of Central Banks (ESCB), and Crypto-asset service providers (CASPs).125European Council. (2022, June 30). Digital finance: agreement reached on European Crypto-assets regulation (MiCA) [Press release]. https://www.consilium.europa.eu/en/press/press-releases/2022/06/30/digital-finance-agreement-reached-on-european-Crypto-assets-regulation-mica.; Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020PC0593.

MiCA’s broad aims are protecting investors, preserving financial stability, and enabling the use of innovative technology, covering market abuses related to transactions or services, setting guidelines for Crypto-asset service providers, and addressing the environmental and climate footprint of actors in Crypto-asset markets. Specific provisions relating to STsec risks aim to limit deceptive promotion and protect consumers by requiring crypto service providers to share accurate, transparent, and fair information with clients, and provide warnings about crypto trading risks.126Ibid. Entities offering services under MiCA would be required to follow existing EU anti-money laundering regulations.127Ibid. To address environmental impacts, ESMA and EBA would develop technical regulatory standards tied to sustainability indicators for crypto mining and various types of consensus mechanisms.128Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020PC0593. 

Related legislation, the Digital Operational Resilience Act (DORA), which takes effect in 2025, focuses on financial sector ICT requirements for the security of network and information systems of companies and third-party organizations.129European Council. (2022, November 28). Digital finance: Council adopts Digital Operational Resilience Act [Press release]. https://www.consilium.europa.eu/en/press/press-releases/2022/11/28/digital-finance-council-adopts-digital-operational-resilience-act. The requirements set out in DORA are applicable to all financial institutions, including Crypto-asset service providers and issuers of asset-referenced tokens. Areas mentioned in DORA include ICT risk management, ICT-related incident reporting, updating ICT systems, and encouraging the exchanging of cyber threat information and intelligence among financial entities.130Regulation 2022/2554. On digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) 909/2014 and (EU) 2016/1011. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554.

A third initiative, called the Distributed Ledger Technology (DLT) Pilot Regime Regulation, is designed to develop and test Crypto-assets and market infrastructures based on blockchains. Taking effect in March 2023, it allows for temporary exemption of certain DLT market infrastructures from financial services legislation that could hinder the development of the technology, requiring these DLT market infrastructures and operators to have safeguards protecting investors and clients. The ESMA and other authorities will also be able to draw lessons from the pilot regime related to risks and opportunities from Crypto-assets that qualify as financial instruments, to aid in refining legal regulations for DLT financial instruments.131Regulation 2022/858. On a pilot regime for market infrastructures based on distributed ledger technology, and amending Regulations (EU) No 600/2014 and (EU) No 909/2014 and Directive 2014/65/EU. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R0858.

The United States

In 2022, the Biden Administration released the country’s first comprehensive Crypto-assets policy guidance, through a Presidential Executive Order called the Framework for Responsible Development of Digital Assets.132The White House. (2022, September 16). FACT SHEET: White House Releases First-Ever Comprehensive Framework for Responsible Development of Digital Assets. The White House. https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/16/fact-sheet-white-house-releases-first-ever-comprehensive-framework-for-responsible-development-of-digital-assets. The Framework focuses on consumer and investor protection, promoting financial stability, countering illicit finance, the country’s leadership in the global financial system, financial inclusion, and responsible innovation across various federal agencies. In the United States, key federal regulatory and oversight bodies for Crypto-assets include the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), Federal Trade Commission, Department of the Treasury, Internal Revenue Service (IRS), Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency (OCC), and Financial Crimes Enforcement Network (FinCEN).133Dewey, J. (2022). Blockchain & Cryptocurrency Laws and Regulations 2022 | USA. Global Legal Insights. https://www.globallegalinsights.com/practice-areas/blockchain-laws-and-regulations/usa.; O’Neal, S. (2018, May 26). SEC, CFTC, IRS And Others: A Guide to US Regulating Bodies. CoinTelegraph. https://cointelegraph.com/news/sec-cftc-irs-and-others-a-guide-to-us-regulating-bodies.

Specific actionable elements of the Framework that directly or indirectly address cyber and sociotechnical security include direction to:

• the Treasury Department to work with financial institutions to address cyber vulnerabilities, and analyze strategic risks with digital asset markets;
• the Financial Literacy Education Commission (FLEC) to lead awareness-raising efforts for consumer protection related to digital assets;
• the US Federal Reserve to assess benefits, consequences, and potential future use of a central bank digital currency (CBDC);
• the Department of Commerce to assess the establishment of an expert forum to coordinate and consult on federal regulation, standards, and research for digital assets;
• the National Science Foundation (NSF) to support research to support the design of usable, inclusive, equitable, and accessible digital asset ecosystems; and
• establish tracking of digital assets’ environmental impacts.

Importantly, while the Executive Order directs activity through the federal government, the Framework does not have the permanence of law. Consequently, there is regulatory uncertainty in the United States, with little success to date in passing legislative initiatives for Crypto-assets and related technology policy such as consumer privacy and data protection. For instance, two bills that were not passed by the last Congress — the Digital Commodities Consumer Protection Act of 2022 and the (Lummis-Gillibrand) Responsible Financial Innovation Act — both sought to enhance consumer protections, with the latter proposing cyber security standards for digital asset intermediaries.134Digital Commodities Consumer Protection Act of 2022, S.4760, 117th Congress, 2022. https://www.congress.gov/bill/117th-congress/senate-bill/4760/text.; Lummis-Gillibrand Responsible Financial Innovation Act, S.4356, 117th Congress, 2022. https://www.congress.gov/bill/117th-congress/senate-bill/4356/text. Another legislative proposal aimed at protecting consumers and markets by classifying and setting regulatory provisions for stablecoins also failed to pass.135Stablecoin Transparency Act, S.3970, 117th Congress, 2022. https://www.congress.gov/bill/117th-congress/senate-bill/3970/all-info.; Versprille, A. and Weinberger, E. (2022, July 20). Stablecoins Face US Scrutiny as House Lawmakers Craft Rules. Bloomberg UK. https://www.bloomberg.com/news/articles/2022-07-20/stablecoins-face-scrutiny-as-lawmakers-aim-to-advance-plan.

There are other ongoing federal initiatives of note. The SEC has been active and growing in their pursuit of enforcement actions related to fraudulent and unregistered Crypto-asset offerings and platforms, levying significant fines in high profile pump-and-dump and other deceptive promotion cases.136U.S. Securities and Exchange Commission. (2022, May 3). SEC Nearly Doubles Size of Enforcement’s Crypto Assets and Cyber Unit [Press release]. https://www.sec.gov/news/press-release/2022-78. In early 2023, federal agencies joined forces in issuing a statement to the financial sector warning of liquidity risks resulting from Crypto-asset market vulnerabilities.137Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency. (2023, February 23). Agencies issue joint statement on liquidity risks resulting from Crypto-asset market vulnerabilities [Press release]. https://www.federalreserve.gov/newsevents/pressreleases/bcreg20230223a.htm. An illicit finance risk assessment on decentralized finance was expected to be completed by early 2023, with an assessment of non-fungible tokens to follow in July 2023.138U.S. Department of the Treasury. Action Plan to Address Illicit Financing Risks of Digital Assets. https://home.treasury.gov/system/files/136/Digital-Asset-Action-Plan.pdf.

As in Canada, state governments play an important policymaking and regulatory role with Crypto-assets. In the majority of the states (37), legislation to regulate ‘digital assets’ has been proposed, though not always passed.139Morton, H. (2022, June 7). Cryptocurrency 2022 Legislation. National Conference of State Legislatures. https://www.ncsl.org/research/financial-services-and-commerce/cryptocurrency-2022-legislation.aspx. These state bills have addressed general issues such as Crypto-assets definitions, tax treatment, and licensing and registration; as well as issues that intersect more directly with security issues, such as consumer protections, disclosure rules to limit deceptive advertisements, specific crypto-related offenses such as money laundering, virtual token fraud, illegal rug pull scams, and other forms of fraud, and environmental impact assessments and moratoriums on proof-of-work authentication. However, research finds that only a handful of states, including Connecticut, Missouri, and New York, have taken meaningful legislative steps to address consumer protection and digital asset-related offenses.140Relevant state bills include: Substitute House Bill No. 5320, An Act Concerning Virtual Currency, February Session, (Connecticut 2022).; House Bill No.1638, An Act to repeal section 574.105, RSMo, and to enact in lieu thereof one new section relating to the offense of money laundering, with penalty provisions, 2nd Regular Session, 101st General Assembly, (Missouri 2022).; Bill No. S08838, An Act to amend the general business law, in relation to requiring certain disclosures in advertisements involving virtual tokens, U.S.C. § 350-b-2. (2022). The state of Wyoming has introduced the most legislative measures to date for digital assets, including a special purpose depository framework for Crypto-assets, establishing a select committee on blockchain, technology and innovation, and a regulatory sandbox.141Bill No. HB0074, Special purpose depository institutions, 65th Legislature of the State of Wyoming. (2019).; Bill No. HB0027, Select committee on blockchain, technology and innovation, 65th Legislature of the State of Wyoming. (2020).; Bill No. HB0057, Financial technology sandbox, 65th Legislature of the State of Wyoming. (2019).

Industry Initiatives and Standard-Setting

Beyond state-led actions, industry groups and standard-setting bodies have been playing an important role in establishing national and transnational rules and technical guidance for distributed ledger technologies (DLT) and Crypto-assets, including for addressing security vulnerabilities. Some initiatives have focused on the financial regulatory side. The Financial Stability Board (FSB), a body that oversees the global financial system, has been proactively monitoring the decentralized finance (DeFi) ecosystem supporting the international regulatory activities for Crypto-assets.142Financial Stability Board. (2023). The Financial Stability Risks of Decentralised Finance. https://www.fsb.org/wp-content/uploads/P160223.pdf. The summary report of the February 2023 G20 summit, held in India, identified a series of ongoing crypto market analysis and policy coordination initiatives of the FSB, International Monetary Fund (IMF), and Bank for International Settlements (BIS).143G20. (2023). G20 Chair’s Summary and Outcome Document, First G20 Finance Ministers and Central Bank Governors Meeting. https://www.g20.org/content/dam/gtwenty/gtwenty_new/document/1st%20FMCBG%20Chair%20Summary.pdf.

A number of other initiatives focus on standard-making for blockchain and its security. The most prominent is the International Standards Organization (ISO) standards for Blockchain and distributed ledger technologies (ISO/TC 307). It covers, for example, technical standards for security management of digital asset custodians, governance guidelines, and identity management.144International Organization for Standardization. (2016). Blockchain and distributed ledger technologies (ISO/TC 307). https://www.iso.org/committee/6266604.html. The technical committee leading this work is developing on other standards for blockchain and DLT, such as smart contracts and security practices. Other examples include the Institute of Electrical and Electronics Engineers (IEEE) Blockchain Initiative and the International Electrotechnical Commission (IEC)’s working group on the integration of IoT and DLT/blockchain use cases.

In Canada, the Digital Governance Council, a membership-based body representing technology leaders with governments and large companies, is developing standards for the design and operation of digital assets and non-fungible tokens, among many other standards for the digital economy.145Digital Governance Standards Institute. Standards in Digital Assets and Nonfungible Tokens. https://ciostrategycouncil.com/standards/find-a-standard/standards-in-digital-assets. Other national or regional standards-making bodies, such as the European Telecommunications Standards Institute (ETSI), British Standards Institution (BSI) and Standards Australia, have been both contributing to ISO standards and developing their own blockchain-related standards proposals and committees.146Antipolis, S. (2018, December 18). ETSI Launches new Industry Specification Group on blockchain. ETSI. https://www.etsi.org/newsroom/press-releases/1473-2018-12-press-etsi-launches-new-industry-specification-group-on-blockchain.; Deshpande, A., Stewart, K., Lepetit, L., Gunashekar, S. (2017). Distributed Ledger Technologies/Blockchain: Challenges, opportunities and the prospects for standards. British Standards Institution. https://www.bsigroup.com/en-GB/Innovation/dlt.; Standards Australia. Blockchain. Standards Australia. https://www.standards.org.au/engagement-events/sectors/blockchain#:~:text=Standards%20Australia%20is%20playing%20an,a%20public%20and%20secure%20manner. A recent white paper by the World Economic Forum mapped the numerous examples of blockchain standards development initiatives globally, and their alignment to cyber security as well as other issues like interoperability, governance, internet of things, and technical taxonomies and terminologies.147World Economic Forum. (2020). Global Standards Mapping Initiative: An overview of blockchain technical standards. https://www3.weforum.org/docs/WEF_GSMI_Technical_Standards_2020.pdf.

Appendix 1: Survey Methodology

The survey was conducted online with 2,022 residents in Canada aged 16 and older, from October 24 to 28, 2022 in English and French. A random sample of panelists was invited to complete the survey from Leger’s research panel, with response quotas set by region, language, age and gender to ensure the sample reflected Canada’s population. The data were weighted according to Census data to ensure that the sample matched Canada’s population according to age, gender and region. This project was conducted by our team with Pollara Strategic Insights and supported by the Government of Canada.

Q1. Have you ever owned a cryptoasset, such as Bitcoin, Ethereum or an NFT?

Q2: (n=1,979) Have you ever been targeted with online harassment that caused you to fear for your safety?

Crypto-owners (n=186): 19% yes
Not crypto-owners (1,793): 6% yes

Q3: (n=2,022) On a scale of 1-9, where 1 means you have no trust at all and 9 means you have a high degree of trust, how do you feel about each of the following when it comes to trusting them to offer secure and responsible technology:

• federal government
• your provincial government
• your municipal government
• Canadian start-up businesses
• Large Canadian technology companies
• Canadian banks
• Cryptocurrency exchanges
• Canadian telecommunications providers
• Canadian healthcare providers

Q4: (n=186) Have you ever experienced any of the following incidents related to cryptoassets (e.g., Bitcoin, Ethereum, NFTs)? 

• I shared my cryptoasset wallet information through a request for information (e.g., by email or text) that turned out to be a scam
• A person claiming to be an experienced crpytoasset investment manager stole the fee for using their services
• The price of a cryptoasset I purchased was artificially inflated through false information
• I purchased a cryptoasset and lost my funds from a person who later disappeared
• A cryptoasset exchange stole my funds
• I was encouraged to recruit new investors for a cryptoasset exchange in exchange for money