Gone are the days when cryptocurrency could remain largely ignored and safely relegated to a dark corner of the internet: Today, even telephone and mortgage companies are beginning to accept payments in cryptocurrency. Yet simultaneously, 2020 saw a four-fold increase in ransom payments to cyber criminals, exceeding $400 million, with this sum primarily paid in cryptocurrency. As the threat posed by malicious cyber-actors continues to grow, so too must the vigilance of organizations that deal in crypto in various ways as the government's enforcement aspirations and capabilities concurrently expand. In the latest attempt to combat growing criminal activity in this area, on Oct. 6, 2021, Deputy Attorney General Lisa Monaco of the Department of Justice (DOJ) announced the formation of the National Cryptocurrency Enforcement Team (NCET). The NCET's formation heralds a focus of enforcement resources towards the financial ecosystem that allows ransomware and similar threats to flourish. Simultaneously, the government has sought to increase private-sector reporting of cyber-attacks, and signaled that enforcement actions may be brought against companies that fail to report such attacks. Prudence dictates that any entity dealing with cryptocurrency stay abreast of rapidly developing regulatory and enforcement efforts in this space, and that victims of cyber-attacks remain equally vigilant.

The NCET's Creation Was Likely Prompted by Growing Cyber-Attack Threats. The increasingly frequent ransomware attacks on American companies, particularly those with a connection to critical infrastructure, are a likely impetus behind the NCET's creation. In the summer of 2021 alone, ransomware attacks disrupted oil supplies, threatened a major metropolitan police department, and imperiled one of the world's largest beef suppliers, among others. Recently, Deputy AG Monaco remarked that ransomware threats carry national security implications, and the government is focused on holding not only the hackers accountable, but the money launderers and cryptocurrency companies that make ransomware profitable. Ransomware hackers frequently demand, and often receive, payment in cryptocurrency. While it is not illegal to pay ransom in connection with ransomware attacks, the FBI has specifically stated that it does not support such payments because it does not guarantee the organization's data will be returned, and it encourages perpetrators. Overall, the FBI's views, combined with other agency's guidance, suggests that if payments are necessary companies should report the incident to allow law enforcement to investigate and stop the attackers. It appears that the government is weighing in more frequently on this issue, likely due to the increase in ransomware attacks.

Even prior to the NCET's formation, the government had already begun to crack down on cryptocurrency exchange entities that engagement in misconduct directly, but also those that fail to implement adequate compliance measures. In August 2021, a convertible virtual currency derivatives exchange was assessed a $100 million civil monetary penalty by the Financial Crimes Enforcement Network (FinCEN) for violations of the Bank Secrecy Act based on its failure to implement an anti-money laundering and customer identification program, among other things. September 2021 saw the Treasury Department sanction a cryptocurrency exchange for facilitating financial transactions for ransomware actors. With the creation of the NCET, further prosecutions of this kind are likely.