Behind the blocks

Charlie Shrem was atop the cryptocurrency world as CEO of pioneering bitcoin exchange BitInstant when he was arrested for indirectly facilitating drug sales on the dark web. Now post-prison, Shrem talks to Fraud Magazine about his transformation into an evangelist for compliance and regulation in crypto and where he thinks the industry will go next.

In the ever-changing world of cryptocurrency, few figures have experienced the highs and lows of the industry as intensely as Charlie Shrem. In the early days of the bitcoin boom, Shrem emerged as a prominent figure in the community. As the co-founder of early crypto exchange BitInstant, Shrem earned recognition for his pioneering efforts to make bitcoin accessible to the masses. (See “Meet the Bitcoin Millionaires,” by Max Raskin, Bloomberg, April 12, 2013.)

His meteoric rise, however, was cut short in 2014 when he was arrested by U.S. law enforcement for money laundering and operating an unlicensed money transmitting business. The allegations were related to his involvement with Robert Faiella, who used BitInstant to traffic drugs on the dark-web marketplace Silk Road. Shrem was eventually convicted and spent two years in prison. (See “Former CEO Of Bitcoin Exchange Company Sentenced,” United States Department of Justice, Dec. 19, 2014.)

Post-incarceration, Shrem’s story has evolved into a cautionary tale for the industry, and he’s become an outspoken compliance advocate, pushing the complex network of crypto companies and regulators to collaborate. In the wake of recent high-profile crypto cases involving major platforms like FTX and Binance, the need for a robust conversation on compliance and ethical conduct within the industry has never been more critical.

Shrem himself is still heavily immersed in the world of bitcoin. He’s currently general partner of crypto-based venture capital fund Druid Ventures, and host of his own crypto-focused podcast, “The Charlie Shrem Show.” In this exclusive interview, Shrem gives Fraud Magazine his two cents (or rather, 0.0000004 bitcoin, as of early 2024) on his past, his insights into the cryptocurrency landscape, and the profound lessons he’s learned along the way against the backdrop of a crypto industry grappling with its own challenges and controversies.

Tell us about the early part of your journey into the world of cryptocurrency.

I grew up in Brooklyn, New York, at a time when my whole social world was through the internet. I didn’t have a lot of friends in real life. As a young college kid, about 21 or 22 years old, I started an internet e-commerce business to help pay my way through college. I stumbled onto crypto in an IRC (Internet Relay Chat) group in late 2010, during the last days of Satoshi. [Satoshi Nakamoto is the pseudonym of the creator of bitcoin who disappeared from the public eye in December 2010.] People were talking about bitcoin as this phenomenal new idea. We weren’t living in a peer-to-peer payments world at the time. PayPal was the only peer-to-peer game in town. We had also just come out of the great financial crisis. A lot of banks barely had online banking. Sending a transfer from one account to another involved sending a wire transfer or going into the bank.

The bitcoin idea really clicked with me in that early IRC group. The idea that there wasn’t just a ledger kept by a centralized banking database, but by everyone running the software. There was no power structure to rely on to freeze or reverse a payment or do any of these things that I was dealing with at my startup, like scammers trying to steal our money through chargebacks. I saw this as a cool new payment system, but I started to dig even deeper into what Nakamoto envisioned for bitcoin as a decentralized financial system and using decentralized computing for sharing data and having smart contracts in the ledger.

As I got more excited about bitcoin, I met Gareth Nelson in the BitcoinTalk forum [an online discussion forum for people to share information about all things related to bitcoin], and we decided to start an exchange that would allow people to buy and sell bitcoin in a simple and easy manner. We ended up founding BitInstant, which became one of the first crypto exchanges.

Pretty quickly we were taking up a huge percentage of the total transactions in the bitcoin blockchain. Soon after that, in 2012, I helped found the Bitcoin Foundation, and we grew and fostered this community of people who just wanted to help make the world a better place. The exchange and the foundation grew and grew. And then, on Jan. 26, 2014, I got arrested, and my whole world changed.

Tell us about your legal case and everything that happened at BitInstant.

I was very young back then and didn’t understand how the world worked, and capital markets worked, and how the integrity of these systems needed to be kept safe. I didn’t understand the complexities of the financial world to fix it and try to make it better, more efficient, more transparent, and less corrupt, even though that’s what I thought I was trying to do. I didn’t understand that you can’t just “move fast and break things” in the financial system like a lot of entrepreneurs think they’re supposed to do. You can’t just go on television and say the government sucks, and we need to abolish the Fed [the U.S. Federal Reserve]. That’s not realistic. BitInstant was running for three years when the government said in 2013 that bitcoin companies need money-transmitter licenses, and we didn’t have one. We shut down our company, and I was arrested six months later. In hindsight, I felt like I was really trying to get those licenses, doing my best to come under compliance. There wasn’t an 800 number that you can call in the government. There aren’t any lawyers that you can pay to give you a perfect answer. There’s not much clarity even today in the crypto world, but there was even less back then. We were flying by the seat of our pants, which was reckless. Should I have been a 21-year-old CEO of a billion-dollar bitcoin startup? Probably not, but it put me where I am today.

So, I got arrested. I had charges like money laundering, not filing suspicious activity reports [SARs are filed with the Financial Crimes Enforcement Network (FinCEN), which is part of the U.S. Treasury. FinCEN enforces the Bank Secrecy Act, which requires certain financial institutions to file reports of suspicious financial activity on their customers], and not having money-transmitter licenses. I was the CEO of the company. I was the compliance officer. I cleaned the toilets ... but I ran the company out of my parents’ basement. It wasn’t until the end that we were a real business of 20 or 30 people. But we were doing our best, and I didn’t care why people were buying bitcoin. But you can’t do that in a modern-day compliant world. Today, Bitcoin and other crypto companies must ask people for the source of their funds. You must investigate why people are transacting with the money they have. All I cared about was that they had identification. I didn’t care what they did with their money. Many people really believe in that, but to be a compliance officer, you can’t do that, and that was my crime.

Before we get into the fintech world and all the regulations that come into play there, let’s talk about your time in prison.

I quickly realized that I was guilty, so I chose to move through the justice system as fast as possible and pled guilty. I was sentenced to two years for aiding and abetting the operation of an unlicensed money transmitting business. I self-surrendered to federal prison in Pennsylvania and served 18 months.

Prison was bad in all the ways you’d think. It’s a mixed bag where you end up going. All those really bad things that you think are there, are there. But if you keep your head down, you learn the ways of the world. You can get through it and come out of it a much better person. I came out of it with a better appreciation for food and friendship and things like that. I completely changed who I was for the better. I read 137 books, which was awesome. I met some really cool people and witnessed some really bad things that I wish I never saw.

What are some of the key compliance challenges that crypto companies face today?

The biggest problem that companies face today is knowing which regulations apply to them. From the minute that a bitcoin or crypto company starts, they first ask themselves, “What do we do? What type of company are we? What laws do we need to follow? How should we follow them? Who do we call? How much will our lawyers cost?” And, frankly, nine out of 10 companies won’t start because they can’t answer these questions. There’s no clarity when it comes to enforcement from the U.S. Securities and Exchange Commission and the Department of Justice. So, the way they’re doing it today, it’s regulation by enforcement. I don’t know how that changes until it changes.

If your business is issuing tokens, no matter what your token is, whether it’s a meme token, security token or platform token, there’s regulation you’ll need to understand and know, and you’ll need to know what records you need to keep and which citizens you can’t accept. You can’t allow self-certification for accreditation. And this is one of the biggest problems with crypto today — most of these crypto companies launch with a token. For all the crypto tokens today, the biggest problem with them paying employees with them and running a compliant token program, is that there are no laws for tokens. Everyone’s trying to figure out what to do. A lot of them end up acting as if they’re a security token. So, if they’re a security token, since securities laws and regulations surrounding crypto are lacking, it’s impossible to be in compliance. [See sidebar below.] The issue today is, until those good regulations start flowing to the rest of the crypto community, there are going to be issues, and if you want to truly stay in compliance, you must obey every rule and every law.

A few platforms like Securitize X and INX One got permission from the Commodity Futures Trading Commission to issue security tokens on a blockchain. But what happens is your wallet becomes whitelisted. [In cryptocurrency parlance, whitelisted refers to a list of approved members for certain events like issuing non-fungible tokens (NFTs).] So, you register, upload your ID, and certify your accreditation. But I think there should be a better accreditation system, a test, or way to show that you’re a savvy investor to prevent people from investing in a token that they shouldn’t and then losing all their money. [See “What is a whitelist in crypto?” by Team CoinSwitch, Switch, July 27, 2023.] Your readers are probably asking themselves, “Wow Charlie, you went from being one way [arrested for compliance failures] to completely embracing compliance?” Well, first, I don’t want anyone to go to prison, and people in crypto are still going to prison. I don’t want anyone to get fined, which can be worse because you can lose your whole company and everything that you’ve built. If you’re not in compliance with regulations, then you’re not going to be in compliance with all those other laws, you’re not going to be in compliance with tax laws. And if you’re not in compliance with tax laws, those are the most serious laws — you always want to comply with tax codes.

[See sidebar: “Know your tokens” at the end of this article.] 

What are the differences between the U.S. regulatory environment for crypto and other governments? Do they have the same problems that we see with complex regulations? How are those differences affecting the industry?

There are a lot of conversations about this and how different countries are regulating crypto, but one big problem is that people never talk about specific rules, which is interesting. Outside the U.S., in Europe for example, the regulations are comprehensive and unified. Here in the U.S., if you’re a crypto ATM company, there’s heavy compliance there, and you need a money-transmitter license in every single state that you operate in — that’s what I went to jail for. [Crypto ATMs are kiosks where people can make financial transactions with cryptocurrency rather than cash.] In Europe, you only need one license. You can operate from the U.K. to Latvia to Greece. You have multinational growth there because the regulations are unified, and the difficulty here in the U.S. is that they’re not. If someone wanted to tackle inefficiencies in our financial system, unifying the money transmitter and the banking code across the country would just be brilliant. That’s where a lot of compliance issues are, and that would save the financial system a lot of money.

How can the industry work collaboratively with regulators and foster an environment conducive to both innovation and compliance?

That won’t happen until crypto becomes as boring as any other industry. Right now, crypto and bitcoin are in the news every day. It’s a voting conversation. It’s still popular. It’s too politicized. Once people move on and look to AI or something else, then the real work can be done. You can have real members of the industry engaging with law enforcement where they’re not afraid of being political pawns. You do see amazing work between [the government] and Chainalysis.

This is the funny thing, bitcoin and crypto are the worst ways to launder money. It’s a big fat honey pot. And so, whenever a criminal does something in crypto — stealing money, hacking, drug or sex trafficking — it’s a thread you can’t cut. It’s impossible because of the public blockchain. That thread is on everyone’s computer in real time, barring you removing and backing a ledger with cash. So, laundering bitcoin and crypto is difficult. It’s almost impossible. We didn’t create bitcoin to be anonymous pirates. We created bitcoin because all these opportunities were taken away from us in the financial crisis. I went to college for high finance, and I thought these guys on Wall Street were corrupt and they took all the money for themselves. They created all these fake mortgage products, and they all got away with it.

Almost no one went to jail. And here I’m a college kid, and I’m pissed off. I wasn’t angry at the government; I was angry at Wall Street. And so, bitcoin and crypto were created, and it’s funny how now Wall Street is embracing crypto in such a big way. Bitcoiners, we were misfits. We were the kids in the schoolyard who were picked last. We just wanted an equal playing field. And that’s all we were trying to build. We weren’t trying to end the Fed. We were trying to transcend the Fed.

How do you think recent scandals like FTX impact the overall perception of crypto, and what measures can we take to mitigate these scandals down the road?

There’s a lot to unpack there, because at first I thought that maybe better regulations would’ve prevented something like FTX. But no matter what regulations were in place, it was another Bernie Madoff-type situation. Bernie was running multiple sets of books, and even though Bernie’s scheme wasn’t crypto-related it was how he ran his dollar assets. He was robbing Peter to pay Paul in a classic Ponzi. FTX was similar in that they were using customer funds to cover bad crypto bets. In fact, the only reason that any assets were left recoverable [with FTX] is because the crypto assets are recoverable. All the dollar assets were given to almost every politician; they haven’t gone after any of that. It’s really a blight and we’ve not gone after anything. [In December 2023, U.S. prosecutors decided not to try Bankman-Fried on charges that he made unlawful campaign contributions.] [See “The many lies of Sam Bankman-Fried,” by Emma Roth, Elizabeth Lopatto, and Makena Kelly, The Verge, Dec. 13, 2022 and “Prosecutors say Sam Bankman-Fried will not face a 2nd trial,” by Aaron Katersky, ABC News, Dec. 29, 2023.]

It’s kind of interesting too, because now that crypto is going up again, all these FTX holders are now recovering like 80% of their losses at this point. But there’s no regulation that could’ve prevented something like that. If tomorrow there was a unified comprehensive regulatory framework for crypto companies, the capital formation, the compliance structure, it would make everyone’s lives a lot easier and bring about an amazing bull market in crypto.

What do you think the next wave of crypto digital asset adoption is going to look like, especially in terms of business operations, compliance and fraud risks?

You still have a lot of smaller issues happening like wash-trading in the NFT market. People are buying and selling NFTs just to launder money. You have a lot of compliance issues still if you’re in compliance at a crypto company.

Probably the biggest thing people are dealing with right now is related to the Office of Foreign Assets Control and compliance as it relates to the Israel-Hamas war, Russia-Ukraine war, and things like that. You’re probably dealing with tax compliance, maintaining customer and transaction records, sources of funds, and suspicious activity reports [SARs]. It’s a lot of work. You’re probably also dealing with regulators coming at you who don’t really understand these things. Although, that’s changed a lot. You’d be surprised how educated regulators can get very quickly on their subject matter. They’re really starting to get it, especially some of the federal agencies.

You were one of the earliest adopters of bitcoin. Do you see any parallels between your own experience with BitInstant and all the new hype for generative AI?

It’s interesting because so many of the early crypto companies in 2015 wanted to use crypto for generative content creation purposes, like automatic task-related stuff such as smart contracts. When you’re thinking of smart contracts, you’re thinking AI, but when the term smart contract was coined, no one foresaw ChatGPT. [Smart contracts are programs stored on a crypto blockchain that execute when predetermined conditions are met.]

A lot of people argue that, like crypto, even the internet, it’s all a daisy-chain precursor to each other. Internet led to bitcoin, bitcoin leads to crypto and smart contracts, and smart contracts lead to AI. You know, the creator of ChatGPT, Sam Altman, created a crypto company before called WorldCoin, where he aimed to unify the world through this cryptocurrency. And it’s definitely one and the same. AI compliance is going to revolve around the same things as crypto compliance, but instead of money, it’s words. Think privacy. Think of content and data as important as people’s money. When we regulate money to protect consumers, law enforcement and regulators, that’s their mandate. AI is probably going to be regulated in the same way. How do we protect the consumers and their data? A lot of it will revolve around your medical data. It’ll revolve around your mortgage data, your financial data, your credit card data. Because there’ll be companies that’ll come at you soon, that’ll say, “Hey, give me your data and I’ll do this for you. I’ll pay you. I’ll analyze it.” This is just the start of AI. We didn’t even get to where it could be.

What advice do you give to compliance officers on how to sell the importance of compliance within their companies?

Compliance officers, when I meet them at different companies, they’ve got a bit of a chip on their shoulders, where they feel like they have to show that they’re cool people. And I always say, “I know you’re cool. I know you have the hardest job.”

When I consulted for a bitcoin ATM company in Florida, I ran into a compliance officer. It was a three-person compliance office, because you need more than one person. And I told them, “You guys have the most important job in the company. You guys are the coolest people here. You don’t get enough credit.” I just want to create some joy because I know that compliance officers really don’t get enough credit and get that bad rap for being the people who always say, “no.” But they’re really an asset. I work for institutional capital, helping them invest in certain large businesses. And the first thing they look at when it comes to crypto or any financial services company, is the stronger their compliance department, the multiple you’ll get when selling the business. When you invest in a good compliance department, and when you end up seeking liquidity, selling your business, or going public, the strength of your compliance department, your wins, the times that you’ve worked with regulators, the good relationships you’ve fostered, that’s what you want. I can’t tell you how many businesses I’ve passed on because they don’t take compliance seriously.

And I feel like that’s one of the issues that these companies need to overcome. They don’t reward compliance. I’ve noticed that in many situations, like when you find the insider who found a way to fudge the balance sheet, but with crypto, everything that person was doing with the money, whether they were given a long leash to invest it, you could see in real time how all that money was being spent without needing that other person to feel like they were looking over their shoulder. You’re not dealing with defensive compliance anymore. You’re not enforcement. You’re building and maintaining these tools that are doing the work for you. And you’re almost like an overseer of compliance tools rather than the bearer of bad news. The tool is the bad news. The tool will spit out the report. You just operate it. That’s the future of compliance. What’s attractive about a public blockchain to a money launderer? You can do washing, but overall, it just seems like hiding assets. It doesn’t seem like an attractive place. It only works when the criminal doesn’t care, as you see with North Korea, Russia and Iran. They deploy hackers to run scams, steal money, deploy fraudulent insiders at companies to steal money. They put people in at American cell phone companies to SIM-swap crypto CEOs to reset their two-factor authentication, to steal their crypto wallets. [See “Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Crypto Hack,” by Iain Martin, Forbes, Aug. 21, 2023.] This is what’s happening because in these situations, the actors don’t care that they’re stealing crypto. They’re just amassing it knowing that one day they’ll cash out, but they won’t be able to because there’ll be tools in the future.

Jason Zirkle, CFE, is the training director for the ACFE. Contact him at jzirkle@ACFE.com.

Know your tokens

While the term “token” can be used to refer to any digital asset, it’s often used to refer to crypto that’s not bitcoin or ethereum. But recently, the token has come to mean something more — crypto assets that run on top of another crypto blockchain. These tokens have taken on particular significance in decentralized finance, or DeFi, peer-to-peer financial services on Ethereum’s public ledger. (See “What is a token?” by Coinbase.)

Here are a few different types of tokens:

MEME TOKENS

They’re often created for fun based on internet memes. Their value is driven by community interest.

SECURITY TOKENS

They represent ownership of real-world assets like real estate or shares in a company. Security tokens are subject to complex regulations since they’re considered securities.

PLATFORM TOKENS

These tokens are used on a specific platform or blockchain for various transactions. Their value is driven by adoption of the underlying platform.