Cryptocurrency exchanges are vulnerable to market manipulation and lack standard consumer protections that come with established financial markets, according to a months-long investigation by the New York State Attorney General's office.
The 32-page "Virtual Markets Integrity Report" published Tuesday highlights issues of "transparency, fairness, and security" in cryptocurrency trading. In many cases, exchanges are not doing much to protect investors, according to the report.
"The industry has yet to implement serious market surveillance capacities, akin to those of traditional trading venues, to detect and punish suspicious trading activity," according to the report by Attorney General Barbara Underwood's office.
Former Attorney General Eric Schneiderman launched an inquiry in April, looking for digital currency exchanges to answer questions about transparency and consumer protection. Ten exchanges complied with requests. Four, however, did not, including Kraken, whose CEO, Jesse Powell, tweeted in April that the AG's scrutiny was "tone deaf" and "insulting."
The attorney general's office said that although exchanges Kraken, Binance and Gate.io do not have the required license, known as a BitLicense, they continue to provide services to New Yorkers and are therefore potentially in violation of the state's virtual currency regulations.
"In announcing the company's decision not to participate in the Initiative, Kraken declared that market manipulation 'doesn't matter to most crypto traders,' even while admitting that 'scams are rampant' in the industry," the report said.
The three exchanges did not immediately respond to CNBC's request for comment.
The first and most famous cryptocurrency, bitcoin, was started 10 years ago by an anonymous cryptographer going by the pseudonym Satoshi Nakamoto. It was launched as an electronic version of cash that would be free from government or central bank control, but became a speculative bet last year as it climbed to almost $20,000.
Bitcoin is now trading near $6,320, and has lost more than half of its value since January, according to data from CoinDesk.
U.S. regulators have repeatedly voiced concern about crypto market manipulation and consumer protection. The Securities and Exchange Commission cited those issues as key reasons to block a bitcoin ETF, and the agency has launched numerous investigations into fraudulent initial coin offerings.
In addition to manipulation, the attorney general's office dedicated sections of the report to conflicts of interest, security, and protecting consumer funds.
These platforms lack a "consistent and transparent approach" to auditing the virtual currency in their possession, the report said. As a result, customers are often left helpless if their cryptocurrency goes missing.
"Customers are highly exposed in the event of a hack or unauthorized withdrawal," the report said. "There are serious questions about the scope and sufficiency of the commercial insurance that certain platforms purport to carry to cover virtual asset losses."
Still, the report said not all exchanges are failing customers. The platforms vary significantly in "comprehensiveness in responding to the risks facing the virtual markets and fulfilling their responsibilities to customers."
Gemini, founded by internet entrepreneurs Cameron Winklevoss and Tyler Winklevoss, for example, partnered with the Nasdaq to use more sophisticated market surveillance tools. At least one other platform disclosed to the attorney general's office that it was "in the process of contracting for a similar service."
The report posed eight questions retail investors should ask themselves before using a cryptocurrency exchange:
1. What security measures are in place to stop hackers from unlawfully accessing the platform or particular customer accounts?
2. What insurance or other policies are in place to make customers whole in event of a theft of virtual or fiat currency?
3. What guardrails or other policies does the platform maintain to ensure fairness for retail investors in trading against professionals?
4. What controls does the platform maintain to keep unauthorized or abusive traders off the venue?
5. What policies are in place to prevent the company and its employees from exploiting non-public information to benefit themselves at the expense of customers?
6. How does the platform notify customers of a site outage or suspension, the terms under which trading will resume, and how customers can access funds during an outage?
7. What steps does the platform take to promote transparency and to subject its security, its virtual and fiat accounts, and its controls to independent auditing or verification?
8. Is the platform subject to, and registered under, banking regulations or a similar regime – for instance, the New York BitLicense regulations?