Direct Blockchain Scrutiny Can Spot Financial Hacks, but Not Easily, German Study Says

Officials can cut out the middleman by examining public ledgers, a report published by the BaFin financial regulator said – but at a cost.

AccessTimeIconJul 27, 2022 at 1:28 p.m. UTC
Updated May 11, 2023 at 3:39 p.m. UTC

Regulators can better fight cybercrime by looking directly at the blockchain – but it will take a lot of extra effort, a study written for the German financial regulator BaFin has found.

Lawmakers and financial supervisors across the world are seeking to bring crypto technologies into the regulatory net, but some officials are now getting worried about taking on duties that lie way outside their usual wheelhouse.

Web3 advocates argue that distributed technologies can actually help public policy goals like collecting tax or fighting financial crime – as long as regulators learn how to use them properly. But the study suggests it may take some changes to working practices.

“In the field of crypto custody, it is quite possible to collect and automatically process public ledger data such as blockchain data,” said the report, which was written by researchers at the University of Innsbruck in Austria and published Tuesday. And the highly formulaic nature of the information makes it easy to process.

“Even data that is not collected from the supervised entities, but rather from public sources, can add value for IT supervision,” the researchers added, meaning regulators can spot cyberattacks directly rather than waiting for routine reporting.

But the resources needed to maintain and interpret the information stream is high, it noted – requiring a small team of officials working round the clock. Coping with that kind of workload could require BaFin to work with other German regulators such as the BSI, which is responsible for cybersecurity, or the finance ministry, the report said.

BaFin has long been responsible for supervising conventional financial institutions, such as banks, and more recently took crypto custodians like wallet providers under its wing.

The regulator said in a statement posted Tuesday that it had already implemented initial findings from the project, which examines more widely how digital technology is changing finance, such as allowing innovative payment providers to access banking data, with consequent risks of data hacks and power concentrated in a few big tech firms.

In an interview published Wednesday, EU bank regulator José Manuel Campa said he was worried he didn’t have the expertise needed to undertake new duties set out in the bloc’s Markets in Crypto Assets (MiCA) law, given the high demand for specialists in the field.

Quotes have been translated from original German.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Jack Schickler

Jack Schickler was a CoinDesk reporter focused on crypto regulations, based in Brussels, Belgium. He doesn’t own any crypto.