Lessons in Handling Digital Assets, Cyber Security
The intersection of digital assets and existing regulatory schemes, such as the federal securities laws and those involving money laundering, are critical issues as reflected by the announcement from the Treasury Secretary yesterday regarding money laundering and FinCEN and as discussed earlier here. The intersection of those assets and various regulatory schemes will be unfolding in the coming months and years, presenting difficult questions and issues. The recent case of Jon Montroll and his firm is a text book study in how not to handle questions regarding digital assets and a related question involving cyber-security.
Jon Montroll was the operator of WeExchange Australia, Pty, Ltd. and BitFunder.com The former was a bitcoin depository and currency exchange service. The latter facilitated transactions in virtual shares of entities that listed on BitFunder.
Over about seven months, beginning in December 2012, Mr. Montroll misappropriated a portion of investor bitcoins on WeExchange. Several months later he began promoting Likyo.Loan, a security that Mr. Montroll urged investors to view as “a sort of round-about investment” in BitFunder and WeExchange, as well as a loan. The interests could also be redeemed at face value.
Hackers penetrated BitFunder’s programing code during the summer of 2013. The hackers caused the program to credit their accounts. Following the hack Mr. Montroll did not have the bitcoins necessary to cover obligations to users. Mr. Montroll chose not to disclose the hack to investors. Rather, he continued to promote Likyo.Loan, telling at least one investor that it was a commercial success – an incorrect statement.
Subsequently, the SEC opened an investigation. During testimony Mr. Montroll displayed a screen shot that supposedly documented the total number of bitcoins available to BitFunder users in the WeExchange Wallet as of October 13, 2013. The representations in the screen shot were false. During the testimony that followed Mr. Montroll falsified the details of the hack.
The result: Mr. Montroll pleaded guilty to one count of securities fraud and one count of obstruction of justice. U.S. v. Montroll, No. 1:18-cr-00520 (S.D.N.Y.). Last week he was sentenced to serve 14 months in prison followed by three years of supervised release. He was also ordered to pay forfeitures in the amount of $167,480. The SEC filed a parallel enforcement action which is pending. SEC v. Montroll, Civil Action No. 1:18-cv-01582 (S.D.N.Y. Filed Feb. 21, 2018).