Money, Money, Money: As cryptocurrencies and non-fungible tokens (NFTs) are becoming more popular in the investment market, the demand for additional security measures and supervised transactions has appeared.Given that investment scams and theft are still thriving in this under-legislated sector, how can the EU protect consumers and investors, particularly those with an NFT portfolio? by…

Committee on the Internal Market and Consumer Protection (IMCO)

by Alice Maffoni (IT)


Europol showed that between 2009 and 2017, 23% of cryptocurrencies’ transactions were associated with frauds. Indeed, in the ever-changing landscape of financial markets, cryptocurrencies and non-fungible tokens (NFTs) have emerged as attractive potential investments presenting new, decentralised opportunities for investors. As these digital assets gain widespread popularity, so does the need for heightened security measures, and regulatory oversight.

Cryptocurrencies have disrupted traditional financial systems, offering borderless transactions. Simultaneously, the appearance of NFTs has introduced an unorthodox aspect to the digital economy by allowing for the purchase of unique virtual items, from art and music to digital real estate. However, the expanding interest in these novel investments has also attracted sinister actors, fostering an environment susceptible to scams and theft. Therefore, the EU faces the imperative task of crafting robust regulatory frameworks that can adapt to the fast pace of innovation in the blockchain [Fig. 1] and cryptocurrency space. Investment scams and fraudulent activities are persistent challenges, necessitating measures that not only deter illicit practices but also ensure the security of investors. 

As the CEO of the Outliare Ventures blockchain agency stated, striking the equilibrium through a comprehensive approach, encompassing legislative initiatives, technological solutions, and international cooperation, will be a decade-long fight. Thus, the EU has to face such issues efficiently and rapidly?


  • Blockchain is a decentralised and distributed digital register technology that enables secure, and transparent record-keeping of transactions across a network of computers. The fundamental concept of blockchain is to create a chain of transaction records, linked together using cryptographic hashes1. An infographic depicting how blockchain technology works is seen in Figure 1.
  • Cryptocurrencies are virtual currencies that use cryptography for security and operate on decentralised networks. They lack a central authority able to regulate them, but transactions are stored in digital wallets. 
  • Non-Fungible Tokens (NFTs) are unique and irreplaceable digital assets that represent ownership or proof of authenticity of a specific item through blockchain technology. Such transactions are kept up to date by thousands of computers worldwide. 
  • Cryptography is the practice and study of techniques for securing communication and data from adversaries. It involves the use of mathematical algorithms and computational techniques to encode information in a way that ensures its confidentiality, integrity, authenticity, and non-repudiation. 
  • Smart contract for NFTs is a self-executing contract with the terms of the agreement directly written into code, often deployed on blockchain platforms. 

Figure 1: How blockchain technology works.

Relevant Stakeholders 

In the complex web of stakeholders for the security of cryptocurrencies and non-fungible tokens where actors must navigate the delicate balance between fostering innovation and protecting market investors, cryptocurrency exchanges, such as Binance and Kraken, stand as key guardians of security. These platforms facilitate the trading of cryptocurrencies and

NFTs, and their security measures, including robust encryption, secure wallet management, and two-factor authentication, are paramount. Furthermore, blockchain developers contribute significantly to the security landscape by designing and maintaining the underlying technology. They implement cryptographic algorithms, and consensus mechanisms to ensure the integrity and resilience of the blockchain networks that support cryptocurrencies and NFTs. 

Nonetheless, both these stakeholders have to abide by the Regulatory Bodies’ security standards. Organisations such as the European Banking Partnership (EPB), the EU Anti-Money Laundering Authority (AMLA), the European Banking Authority (EBA) provide guidelines to exchanges, investors, and other stakeholders, shaping the legal landscape and deterring illicit activities such as fraud and money laundering. Moreover, even if vastly undermined, investors themselves are stakeholders with a large interest in security. They must adopt best practices for securing their private keys while staying informed about potential risks in the ever-evolving crypto landscape. 

Lastly, the European Securities and Markets Authority (ESMA) has a pivotal role in the crypto-assets area. In 2019, ESMA provided the EU Institutions with advice which provided crucial insights on a possible EU-wide approach and current fallacies in the regulatory framework. As the digital asset market continues to grow, the collective efforts of all the previously mentioned stakeholders become increasingly vital to mitigate risks and foster a secure environment for managing and exchanging these innovative financial instruments.

Key Conflicts 

A pivotal issue lies in the lack of comprehensive legislation specifically addressing NFTs. The absence of clear guidelines for Know-Your-Customer rules (KYC) or Anti-Money Laundering measures (AML) creates a fertile ground for fraudulent activities, as scammers exploit regulatory gaps to lure unsuspecting investors. As a consequence, user identification became hard to track: platforms allow users to hide their identity as well as create many accounts on the network that are difficult to link to a single entity. The comparison between the total value of stolen crypto 2016 – 2022 worldwide is illustrated in Figure 2.

Figure 2:  February 2023 report of the American company Chainalysis on the total value of stolen crypto and the number of hacks between 2016 and 2022 worldwide.

Moreover, a key element amplifying the already heightened risk of crypto-assets is their value which is solely reliant on the perceptions of individuals involved in trading. There are no policies that would allow governments or other regulatory bodies to stabilise the value of cryptocurrencies, as they operate based on a free market economy. In fact, due to its relatively recent emergence as a currency and market, Bitcoin, like all cryptocurrencies, exhibits significant volatility. It is not unusual for the price of Bitcoin to undergo drastic fluctuations within a single day or even within minutes, intensifying the hazardous nature of engaging in trading activities.Nothing is stopping a fraudster from tokenising2 and selling someone else’s property – such as artwork – with the original artist unaware of the scam.  A pivotal issue is that buyers may not always be informed about the presence of counterfeit items on the market, or the methods for confirming an NFT’s legitimacy, such as the smart contract used for its validation. Instead, they often rely solely on the names and visual aspects of items in online marketplaces, creating an opportunity for malicious users to present fraudulent NFTs based on similar collection names or identical images. The absence of guidelines makes NFT marketplaces susceptible to metadata tampering3, which allows scammers to use the cost of living pressureto increase plausible figures and offers to better target victims. For instance, millions of households experience financial difficulties due to the current costs of living, which also makes individuals more vulnerable financially and gives con artists an opportunity to entice victims to part with their hard-earned funds. Finally, traditional regulatory frameworks struggle to keep pace with the decentralised and pseudonymous transactions inherent in the blockchain space.

Measures in Place

In the absence of a common EU approach, individual Member States have pursued varying strategies to regulate this evolving industry. Very few Member States, such as Germany or Spain, sought to establish specific regulatory frameworks for crypto-assets, applicable until a unified EU solution is devised. For instance, in 2020, Germany introduced its own framework for crypto-assets by broadening the definition of financial instruments under the German Banking Act which requires a case-by-case analysis for each specific NFT in question. On the other hand, other MEPs such as Italy or Ireland, opted for a wait and see approach which involves assessing individual crypto-assets based on existing rules governing securities trading and payment services regulations. For instance, Ireland currently lacks a designated regulatory framework for crypto-assets beyond harmonised rules on preventing money laundering and countering terrorist financing, aligned with the 5th EU Anti-Money Laundering Directive. Nonetheless, among the variety of approaches to the evolving crypto market, the EU has taken a great step forward in the crypto security landscape by approving the Regulation on the Markets in Crypto-Assets (MiCA) which entered into force in May 2023. The primary goals of this framework are to protect investors, maintain financial stability, encourage innovation, and enhance the appeal of the crypto-asset sector. It intends to impose an obligation on crypto-asset service providers to collect and provide specific information about the originator and beneficiary of crypto-asset transfers. 

Regarding data protection, it was decided that the General Data Protection Regulation (GDPR) would remain applicable to fund transfers, and no separate data protection rules would be established. The enhanced traceability of crypto-asset transfers is expected to make it more challenging for entities under restrictive measures to circumvent them. Furthermore, in April 2023, MEPs finally approved the first EU legislation concerning the tracking of crypto-asset transfers, including Bitcoins and electronic money tokens, also referred to as the travel rule. The objective is to establish a framework ensuring traceability for crypto transfers, akin to conventional financial operations, enabling the identification and prevention of suspicious transactions. 

Key Questions 

  • In what ways does the EU intend to collaborate with NFT platforms, industry stakeholders, and technology experts to develop and implement effective security measures, ensuring the protection of investors’ assets?
  • How does the EU plan to educate consumers and investors about the potential risks associated with NFT investments, and what initiatives are in place to enhance financial literacy in the context of digital assets?
  • What strategies should the EU implement to monitor NFT market activities and detect fraudulent schemes to safeguard consumers and investors?
  • What specific regulatory measures can the EU introduce to establish a robust legal framework for the NFT sector, addressing investment scams and theft, and providing clear guidelines for market participants?

  1. Cryptographic hashes are mathematical algorithms with various applications, including data verification, security and password storage. They are fundamental to protect the information confidentiality and authenticity. 

  2.  Tokenising refers to the process of converting rights to an asset into a digital token on a blockchain.

  3. Metadata refers to additional information that provides context, details, or descriptive data about a particular set of information. ↩︎