The Federal Trade Commission (FTC) has begun a probe into cryptocurrency exchange BitMart over the December 2021 hack which cost consumers $200 million. This probe is the first time the FTC has openly investigated a crypto market.
The investigation was disclosed in an FTC order denying a bid by BitMart operators Bachi.Tech Corp. and Spread Technologies, LLC to block the agency’s efforts to compel them to turn over information. The companies argued that the FTC’s document request was overly broad and that some of the information was located outside the United States.
In December, BitMart confirmed a cybersecurity breach where it said hackers withdrew approximately $150 million from BitMart wallets. Blockchain security firm Peckshield Inc., which first identified the hack, estimated the losses to be around $200 million.
In May, the FTC sent a civil investigation demand (CID) to Bachi.Tech and Spread seeking details on what the companies told consumers about the security of their crypto assets and how they handled customer complaints.
The FTC also indicated that it was investigating whether the BitMart operators were complying with the safeguard rules of Gramm-Leach-Bliley. These safeguard rules require financial institutions to safeguard sensitive customer data.
Bachi.Tech and Spread filed a petition to quash on Jun 30, 2022, arguing the CID “contains requests that are irrelevant, unduly burdensome, and . . . seek information outside of the United States and/or over which petitioner does not have control.” According to the FTC response to the petition to quash, Bachi.Tech never provided factual information regarding any practical or legal impediments to responding, requested clarification of any CID specification or proposed narrowing any of the CID’s requests. It also failed to schedule or attend a meet and confer and did not produce any information or document in response to the CID.
Under Commission Rule 2.7, Bachi.Tech was obligated to begin responding to all the CID requests. Commission Rule 2.10(b) stayed that obligation as to those CID requests the company challenged in its petition to quash. Its duty to respond to the unchallenged CID specifications remained unaltered.
Further, Commission Rule 2.7(k) stated without qualifications that “the commission will not consider petitions to quash or limit absent a prefiling meet and confer session.”
This investigation from the FTC comes from a March 9, 2022, executive order from President Joe Biden which directed the FTC and the Consumer Financial Protection Bureau to study how to police crypto transactions for fraud and abuse. The FTC reported a tenfold increase in crypto scams from 2020 to 2021.