What a difference a year makes. As 2017 drew to a close, the total value of all the world’s cryptocurrencies was over $600 billion. Today it’s around $130 billion. People who bought Bitcoin last December 31, at a price of around $13,750, and are still holding it, have lost around 70% of the value of their initial investment. No crypto-token has escaped the carnage; investors are running for the exits and ICO projects are dropping like flies.

What happened? In short, 2018 was a year chock full of bad news for crypto. By the end of it, the idea that cryptocurrency was a golden ticket had faded, replaced by uncertainty and confusion about the future of digital money.

The epic Coincheck hack

It started in January. The popular Japanese cryptocurrency exchange Coincheck got hacked, and was looted to the tune of half a billion dollars. The incident drew comparisons to the collapse of Mt. Gox in 2014, which proved catastrophic for the nascent cryptocurrency industry. This time around, the scene was more mature and less fragile—ironically, because Japan’s government reacted to Mt. Gox by becoming the first to regulate cryptocurrency exchanges. But that’s also why the hack was so unsettling: the whole point of the new regulatory regime was to prevent another Mt. Gox. Turns out Coincheck had been operating without a license, under an exemption. But the question remains: Just how risky are cryptocurrency exchanges from a cybersecurity perspective?

ICO headaches

In February, US financial regulators kicked off what would be a yearlong assault on initial coin offerings. ICOs were a major catalyst for the sudden explosion of interest and investment in cryptocurrencies in 2017, but Jay Clayton, chair of the Securities and Exchange Commission, sent shock waves through the crypto world when he told Congress: “I believe every ICO I’ve seen is a security.”

The debate over whether the crypto-tokens that blockchain entrepreneurs sold to investors to fund their projects should be subject to the same kinds of regulations that govern stocks, bonds, and other traditional investment contracts came to the fore in 2018. Some argued that so-called utility tokens, which are meant to function like arcade tokens in that they would provide access to decentralized applications, or dapps, should not be subject to securities law. But most of these dapps are still just ideas, and the ones that have launched have failed to get much traction outside the cryptocurrency world. Clayton’s SEC prosecuted a number of ICO projects throughout the year, but its biggest move came just last month, when it penalized two projects—called Airfox and Paragon—for selling unregistered securities. These were the first two ICO busts that didn’t also include charges of fraud, and they may act as a template for future prosecutions.

Market manipulation

In May, we learned that the US Justice Department had opened a criminal investigation into whether cryptocurrency traders were manipulating coin prices. In June, a high-profile academic study found that large purchases in 2017 of Tether, a crypto-token that is supposedly pegged to the US dollar, seemed to have helped prop up the price of Bitcoin. A month later, after one of the SEC’s many rejections this year of applications to list Bitcoin exchange traded funds (ETFs), the agency issued a lengthy analysis lamenting the lack of available data for studying the Bitcoin trading market. Then in September, the New York Attorney General’s office published a damning report on the inner workings of 10 of the most popular crypto exchanges. Among other things, the report hammered nearly every exchange for lacking “robust real-time and historical market surveillance capabilities, like those found in traditional trading venues, to identify suspicious trading patterns.”

Lessons learned(?)

Blockchain technology may be 10 years old, but it’s still new. It may offer inherent security advantages, but security lapses are still frequent at the touch points between blockchains and the real world, like exchanges. These touch points remain largely black boxes to law enforcement officials and policymakers, who are clearly not done policing them. As for the ICO craze, at its core is a genuine fundraising innovation, but the process will have to adapt to securities laws. All of these things were true before 2017. But it took 2018 for it all to sink in.