New York mulling move to add crypto fraud to penal code

A New York state senator introduced a new bill that would add four different cryptocurrency-related crimes to the fraud section of the state’s penal code.

New York State Senator Kevin Thomas introduced Senate Bill S8839 this week and said the legislation was designed to “enhance consumer protections” within the cryptocurrency industry “by giving prosecutors a legal framework to pursue crypto crimes.”

The bill specifically names four crimes – virtual token fraud, illegal rug pulls, private key fraud and "fraudulent failure to disclose interest in virtual tokens" – and tags each with a maximum criminal fine of $5 million or 25 years in prison in most cases.

Officials in Thomas’ office said the bill is still in a “rough draft” form and was spurred by Assemblymember Clyde Vanel, who introduced a companion bill in the lower house. 

The bill is still being amended and the figures for fines and prison sentences are subject to change. They are still sketching out how the rules would work in terms of jurisdiction. 

“New York is the center for both the global financial system and a growing cryptocurrency industry,” Thomas said in a statement. 

“It’s crucial that we properly balance consumer protection with creating an environment that is ripe for investment and innovation. This future-forward legislation will protect consumers, enhance the security and reliability of the crypto ecosystem, and provide clearer guidance to allow companies to innovate and thrive in the crypto economy.”

Thomas, who chairs the Senate Consumer Protection Committee, noted that the Better Business Bureau said crypto-related scams tripled between 2019 and 2021 and losses from cryptocurrency scams reached $750 million in 2021, according to Federal Trade Commission data. 

For years, experts have raised alarms about the growing number of “rug pulls” – lucrative scams where cryptocurrency developers promote new projects to investors and then disappear with tens of millions or even hundreds of millions of dollars, leaving their investors with a valueless asset.

Nicole Hoffman, Senior Cyber Threat Intelligence Analyst with Digital Shadows, told The Record that this type of scam has been around for many years but skyrocketed in 2021, particularly with new coins. 

“Investors can prevent falling prey to rug pulls by performing in-depth research on the reputation of crypto projects before investing,” Hoffman said. 

“Laws like these are long overdue. Other states should follow in New York's footsteps. Investors will feel safer, and scammers will be held accountable for their crimes. It is difficult to say how effective the law will be without knowing how exactly it will be enforced. It will be interesting to see how the crypto exchanges handle the new law.”

Daniel Yurcho, a blockchain entrepreneur and NFT market investor, said the federal government has been slow to pass lasting and meaningful legislation to combat fraudulent cryptocurrency activity.  

The provisions need to be put in place to protect consumers, and the large fines are “a good place to start and a natural deterrent to people who could be committing these crimes,” Yurcho added. 

Blockchain research company Chainalysis tracked rug pulls in 2021 and found that $2.8 billion was lost through the scams.

The biggest rug pull involved Turkish exchange Thodex, whose CEO disappeared soon after the exchange halted users’ ability to withdraw funds. AnubisDAO was another prominent rug pull that took place in 2021, with developers stealing $60 million worth of funds. 

Chainalysis head of research Kim Grauer told The Record that crypto scams are arguably "the biggest barrier to building mainstream trust in cryptocurrency" – partially because they are consistently the most prevalent and lucrative type of crime abusing crypto year after year.

Yurcho noted that because of the distributed nature of the technology, New York officials may face issues putting the laws into practice.

“States will have a very difficult time enforcing these laws. They simply don’t have the resources or the cyber security teams to monitor and enforce within their jurisdictions," Yurcho said. 

"It is good to have these laws certainly, however until states can become more competent as far as cybersecurity and blockchain technology it will be difficult to make these laws practical. This may be a good band-aid until federal legislation is passed to help protect people nationwide with the ability to enforce in a greater capacity.”