Blockchain, or distributed ledger technology (“DLT”), is already proving to be a game-changer for businesses globally and across sectors. But is it secure? And can insurance help protect against risks and, thus, help advance the development of this technology?
Security of Blockchain?
Because changes to a blockchain are displayed in real time and no central user controls the record, blockchain is said to be much less susceptible to hacking than a traditional database. However, given the value and potential of high-profile transactions that may take place using blockchain technology, hackers will have incentive to invent new ways to infiltrate and use the technology for malicious purposes.
Thus, blockchain technology, like the Internet before it, will likely lead to unforeseen risks and exposures, particularly if the amount of commerce conducted using DLT continues to increase. Examples already exist. In 2013, for instance, Mt. Gox, a Bitcoin exchange handling 70 percent of all Bitcoin transactions at the time, suffered a technical glitch resulting in Bitcoin’s temporarily shedding a quarter of its value. In 2015, Interpol identified an opening in blockchain used for cryptocurrencies that hackers could exploit to transfer malware to computers. In addition, blockchain is only as secure as its entry points. If the access systems used for blockchain are vulnerable to attack, the security of DLT may be undermined. In sum, blockchain is not risk-free and may not be hacker-proof.
Insuring the Blockchain
Because blockchain technology is not risk-free, companies should consider how insurance, especially cyber insurance policies, will respond to risks arising out of the use of blockchain technology. For instance, one insurer’s cyber insurance policy form insures against disclosure of personally identifying information that results from unauthorized access into a system owned by either (1) an insured, or (2) “an organization that is authorized by an Insured through a written agreement to process, hold or store Records for an Insured.” Because blockchain is peer-to-peer, the insurer may argue it is not owned by any insured or any other “organization.” Thus, a policyholder experiencing losses due to the disclosure of personally identifying information arising out of the use of blockchain technology may face a coverage dispute with its insurer.
Another cyber insurance policy form protects against the “failure or violation of the security of a Computer System,” and defines “Computer System” to include “cloud computing” and “other hosted resources operated by a third-party service provider.” Would the insurer consider blockchain technology to fall within this definition? These provisions lack clarity, particularly because blockchains are peer-to-peer networks not operated by a central administrator. Policyholders using DLT should review their policies carefully, including those for accessing unsecure websites, self-inflicted losses, terrorism and others, to ensure they will respond as expected.
Finally, policyholders should consider the applicability of their traditional insurance policies for blockchain-related risks. Will technology professional liability policies, commercial crime policies and specialty coverage forms cover claims involving blockchain or DLT? Policyholders are well-advised to give close scrutiny to cyber, computer or technology, and data-related exclusions.
Conclusion
The complexity of the technology, the lack of understanding of how it works, and the scarcity of data about its use may impede the development of the market for insurance covering operations or transactions involving blockchain. Nonetheless, as insurers increasingly follow developments in blockchain and related technologies and improve their own understanding and analysis of blockchain’s risks, they will offer new policies covering such risks. In the meantime, policyholders looking to use DLT should consider consulting experienced coverage counsel and carefully reviewing policy forms to ensure that the policies they buy provide the insurance protection they need, and expect, for this game-changing technology.
- Partner
A nationally recognized insurance coverage litigator, Lorie handles all aspects of complex, commercial litigation and arbitration for policyholders. Chambers-ranked and recognized as a “top 10 Super Lawyer,” Lorie has ...
- Counsel
Patrick counsels clients on all aspects of insurance and reinsurance coverage. He assists clients in obtaining appropriate coverage and represents clients in resolving disputes over coverage, including in litigation and ...
The Hunton Andrews Kurth Blockchain Blog features opinions and legal analysis as we follow the development and use of distributed ledger technology known as the blockchain.
Search
Recent Posts
Categories
Tags
- 2019 Leaders’ Declaration
- 2020 National Strategy for Combating Terrorist and Other Illicit Financing (the 2020 Strategy)
- Advancing Innovation to Assist Law Enforcement Act
- Airdrops
- AML compliance program
- AML/CFT
- anonymity-enhanced cryptocurrencies
- Anti-Money Laundering
- Anti-Money Laundering Act of 2020 (AMLA)
- Anti-Money Laundering Compliance
- Antifraud
- Aon and Marsh
- Arizona
- Arkansas
- Artificial Intelligence
- Artificial Intelligence (AI)
- Australia
- Australian Competition and Consumer Commission (ACCC)
- Australian Securities and Investments Commission (ASIC)
- Automated Clearing House (ACH)
- Bank of England
- Bank Secrecy Act
- Bank Secrecy Act (BSA)
- Bank Term Fund Program
- Bermuda
- Biden Administration
- BIS
- Bitcoin
- Bitcoin Cash
- Bitfinex
- BitLicense
- Blockchain
- Blockchain Incubators
- Blockchain Legislation
- Blockchain Regulatory Certainty Act
- Blockchain Technology Act
- Brazil
- Breach of Contract
- Broker-Dealer
- Broker-Dealers
- BSA
- BSA Enforcement
- BTFP
- Bureau of Economic Analysis
- California
- Canada
- Captive Insurance
- CCPA
- Celebrity Endorsers
- Central Bank
- Central Bank Digital Currency (CBDC)
- Centre for Information Policy Leadership (CIPL)
- CFTC
- Chapter 15
- China
- Christopher Giancarlo
- Civil Enforcement
- Class Actions
- Clearweb
- Colorado
- Commissioner
- Commodity Exchange Act
- Commodity Exchange Act (CEA)
- Commodity Futures Trading Commission
- Complaint Bulletin
- Compliance
- Compliance Note
- Congress
- Connecticut
- Consent
- Consumer Financial Protection Bureau (CFPB)
- Consumer Protection
- Convertible Virtual Currency
- Corporate Compliance
- Corporate Governance
- Corporate Transparency Act (CTA)
- Council of Institutional Investors
- Council of the European Union
- Countering the Financing of Terrorism (CFT)
- Cross-Border Data Transfer
- crypto arbitrage trading accounts
- Crypto Assets
- crypto bank
- crypto custody
- Crypto Hackers
- Crypto Mining
- Crypto-commodity
- Crypto-currency
- Cryptoassets
- Cryptocurrency
- Cryptopia Limited
- Cryptosweep
- CVCs
- cybercrime
- Cybersecurity
- Dalia Blass
- DAO Report
- Darknet
- darknet marketplaces
- Data Privacy
- Data Protection Authority
- Davos
- decentralized finance (DeFi)
- DeFi
- Del. Michael San Nicolas
- Delaware
- Department of Business and Industry
- Department of Justice
- Department of Treasury
- DFS
- Digital Asset
- Digital Asset Securities
- Digital Assets
- Digital Commodities Consumer Protection Act of 2022
- digital currency
- digital currency ATM operators
- digital currency exchangers
- digital currency flows
- Digital Financial Assets Law (the Act)
- Digital Token Act
- digital token sales
- Digital Tokens
- Distributed Ledger
- Documentary Stamp Tax (DST)
- Dodd-Frank
- DOJ
- Economic Sanctions
- EDPB
- Eleventh Circuit
- Endorsement Guides
- Enforcement Action
- ePrivacy
- Ether
- Ether Classic
- EU General Data Protection Regulation (GDPR)
- EU Regulation
- European Central Bank
- European Commission
- Exchange Act
- Exchange Traded Fund
- FDIC
- Federal Election Commission
- Federal Reserve
- Federal Reserve Board
- Federal Trade Commission
- FedNow
- fiat currency MSBs
- Fiat-Backed
- Fight Illicit Networks and Detect Trafficking Act
- Figure Lending LLC
- Final Guidance
- Financial Action Task Force (FATF)
- Financial Crimes Enforcement Network (FinCEN)
- Financial Privacy
- Financial Stability Board
- Financial Stability Oversight Council
- Financial Stability Report
- Financial Technology Protection Act
- FinCEN
- FINRA
- FinTech
- Florida
- Foreign Corrupt Practices Act (FCPA)
- Foreign Extortion Prevention Act (FEPA)
- Form BE-12
- fractional interests
- FTC
- Gemini Dollar
- Gemini Trust Company
- Global Consortium for Digital Currency Governance
- Group of Seven
- Group of Twenty (G20) Finance Ministers
- H.R. 5635
- Hard Fork
- Heath Tarbert
- Her Majesty’s Revenue & Customs (HMRC)
- HM Revenue & Customs (HMRC)
- home equity lines of credit (HELOCs)
- Homeland Security Assessment of Terrorists’ Use of Virtual Currencies Act
- House of Representatives
- House of Representatives’ Financial Services Committee
- Howey
- Howey test
- IEO
- iFinex Inc.
- Illinois
- India
- Information Sheet 225
- Initial Chain Offering
- initial exchange offerings (IEOs)
- Insurance
- Intellectual Property
- International
- International Monetary Fund (IMF)
- Investor Protection
- IRS
- Jefferies Funding LLC
- Kenneth Blanco
- KYC/AML requirements
- Lael Brainard
- Large Platform Utility
- Legislation
- Legislature
- Liechtenstein Parliament
- liquidity
- Litecoin
- Litigation
- Louisiana
- Ltd.
- Malicious Cyber Activity
- Malicious Cyber Actor
- managed stablecoin
- Martin Act
- Maryland
- Metaverse
- model rule
- Monetary Policy
- Money Laundering
- Money Service Business
- money services businesses (MSBs)
- Mortgages
- Multi-Level Marketing Program (MLM)
- Mutual Fund
- Nakamoto
- narcotics
- NASAA
- Nebraska
- network maturity
- Nevada
- New Jersey
- New York
- New York Attorney General
- New York Department of Financial Services (DFS)
- New Zealand
- NFT (Non-Fungible Token)
- NFTs
- Non-fungible tokens
- North Dakota
- North Korea
- NY Department of Financial Services
- OFAC
- Office of Investor Education and Advocacy
- Office of the Comptroller of the Currency (OCC)
- Ohio
- Oklahoma
- Patent
- Paxos Standard
- Paxos Trust Company
- peer-to-peer exchangers
- Penalty
- Pennsylvania
- Personal Data
- Personal Information
- President’s Working Group (PWG)
- Privacy
- privacy coins
- Provenance.io
- Proxy Voting
- Public Blockchain
- rapid settlement
- real estate
- Regulation and Enforcement
- Rep. Sylvia Garcia
- Rescission
- Retail
- Ripple
- Ripple Labs
- Rule 233-1
- Russia
- Sanctions
- Sanctions Compliance Program (SHP)
- SAR lookback review
- SD8 coins
- SDN List
- SEC
- SEC crypto-securities
- SEC registration
- Securities
- Securities Act
- Securities Act of 1933
- Securities and Exchange Commission
- Securities and Exchange Commission (SEC)
- Securities Exchange Commission
- security tokens
- Self-disclosure
- Senate Committee on Banking Housing and Urban Affairs
- Shareholder
- Shareholders
- SIFI
- Signature Bank
- Silicon Valley Bank
- South Carolina
- South Dakota
- Spencer Dinwiddie
- stablecoins
- Stablecoins are Securities Act of 2019
- State-Sponsored Malicious Cyber Groups
- Suspicious Activity Report
- suspicious activity reporting (SARs)
- SVB
- SWIFT messaging system
- Swiss Financial Market Supervisory Authority (FINMA)
- Switzerland
- synthetic hegemonic currency
- Taxation
- Templum
- Tennessee
- Terrorist Financing
- Tether Limited
- Texas
- Texas Business Organizations Code (TBOC)
- Texas Senate Bill 1859
- Texas Senate Bill 1971
- The World Bank
- three-year safe harbor
- Token and TT Service Provider Act
- token developers
- token transfer limits
- tokenization
- tokenized assets
- Trademark
- Travel Rule
- Trump Administration
- TT Identifier
- TT System
- TVTG
- U.S. Virtual Currency Market and Regulatory Competitiveness Act of 2019
- UCC Article 12
- UK Tax Rules
- unhosted wallets
- Uniform Commercial Code
- United Kingdom (UK)
- United Specialty Insurance Company
- United States Bankruptcy Code
- United States Patent and Trademark Office
- US central bank digital currency (US CBDC)
- US Department of the Treasury
- US Department of the Treasury’s Office of Foreign Assets Control (OFAC)
- US dollar
- US Treasury
- USTR
- Utah
- Vermont
- Virginia
- Virtual Asset Service Providers
- Virtual currencies
- Virtual Currency
- Virtual Currency Consumer Protection Act of 2019
- Virtual Currency Exchange
- virtual currency license
- Virtual Currency Tax Fairness Act of 2020
- Virtual Markets Integrity Initiative
- Washington
- Weapons of Mass Destruction Proliferators Sanctions Regulations
- World Economic Forum
- Wyoming
- XRP
Authors
- Jimmy Bui
- Mayme Donohue
- Nicholas Drews
- Andrew Feiner
- Jason Feingertz
- Hannah Flint
- Kevin E. Gaunt
- Armin Ghiam
- Carleton Goss
- Gregory G. Hesse
- Scott H. Kimpel
- Marysia Laskowski
- Michael S. Levine
- Phyllis H. Marcus
- Lorelie S. Masters
- Patrick M. McDermott
- Uriel A. Mendieta
- Alex D. Pappas
- Daryl B. Robertson
- Natalia San Juan
- Caitlin A. Scipioni