Crypto Is Growing Up. Are Companies Ready?

Blockchain—a digital ledger popularized by Bitcoin—is shifting the way everyone from regulators to criminals do business.

By transparently tracking transactions using unique identifiers, blockchain allows parties to exchange money without intermediaries like banks. Part of an approach known as “decentralized finance,” or DeFi, the sector has come a long way since capturing the public imagination with the 2009 debut of Bitcoin, the most well-known cryptocurrency.

HBS Working Knowledge spoke with Daniel Rabetti, a visiting scholar at Harvard Business School, to explore his recent research papers, “An Anatomy of Crypto Enabled Cyber Crimes” and “Blockchain Adoption and Audit Quality.” Rabetti is also the S. Dhanabalan Chair in Quantitative Studies at the National University of Singapore Business School. The interview has been edited for clarity and length.

What draws you to research the crypto space?

Daniel Rabetti: I've always been fascinated by how emerging technologies disrupt traditional industries. When blockchain and crypto started gaining traction, it was clear they weren’t just alternative payment systems—they were laying the foundation for a completely new economic infrastructure.

What really drew me deeper over time was the radical transparency blockchain offers. Unlike traditional finance, where many transactions are opaque and intermediated, blockchain makes records public, permanent, and independently verifiable. That opens incredible opportunities not just for financial innovation, but also for forensic economic analysis, regulatory oversight, and combating illicit activity.

The advent of smart contracts further accelerated my interest, as it enabled the development of decentralized finance applications—allowing financial transactions and services like lending, borrowing, and trading to operate autonomously without centralized intermediaries. This innovation expanded the possibilities of blockchain far beyond simple transfers of value, creating entirely new ecosystems of financial activity.

What makes blockchain compelling for good and bad actors alike?

Rabetti: For governments and firms, blockchain creates a trusted, tamper-proof ledger where ownership can be verified instantly and contracts can execute automatically without manual intervention. That unlocks major efficiency gains across finance, supply chain management, auditing, and cross-border trade.

We see this in real-world applications:

• JPMorgan’s blockchain-based repo markets, a form of short-term borrowing of government securities

• Central bank digital currencies piloted by the Federal Reserve and the Monetary Authority of Singapore

• Blockchain-based supply chain transparency initiatives

In my own research, I find blockchain enhances both audit quality and firm productivity. For example, blockchain adoption allows firms to better manage banking confirmations and reduce costly inefficiencies like overordering.

But blockchain’s openness is a double-edged sword. Bad actors exploit its speed and global reach to move assets illicitly—yet the same transparency leaves permanent footprints. With blockchain forensics, law enforcement and investigators are increasingly turning the technology against the criminals themselves.

You argue that restricting crypto could be counterproductive. Why?

Rabetti: While banning crypto might seem like a way to reduce illicit finance, it often backfires by driving activity deeper underground into jurisdictions or technologies that are even harder to monitor.

Our study shows that blockchain’s public ledger offers investigators a more powerful tool than they have in traditional finance. Every transaction is permanently recorded, creating an indestructible audit trail.

By applying blockchain forensics techniques, we can trace ransomware payments, uncover terrorist financing, and map complex illicit networks.

Rather than banning crypto, the smarter approach is building regulatory capacity to monitor blockchain activity in real time—leveraging the transparency of the system itself to enhance enforcement.

Your study notes that there were $1.1 billion in payments to cybercriminals in 2023 and $30 billion in damage. Will that continue?

Rabetti: Unfortunately, unless there’s significant investment in cybersecurity defenses and more aggressive enforcement, I expect both figures to keep expanding.

Ransomware attacks have an asymmetric advantage. They are relatively cheap to launch but impose massive costs on their victims—ranging from ransom payments to operational disruptions to reputational damage.

As critical infrastructure—health care systems, supply chains, financial institutions—becomes increasingly digitized, the potential fallout from attacks grows exponentially.

The good news is that blockchain forensic capabilities are advancing, offering new ways to track, freeze, and recover illicit assets. But realistically, it remains a fast-moving race between cybercriminals' innovation and defenders' tools.

What collateral costs should firms be aware of?

Rabetti: The ransom payment is often just the tip of the iceberg. Firms typically also face massive reputational damage, customer loss, regulatory fines, lawsuits from affected clients, and higher insurance premiums after an incident.

There’s also the huge cost of rebuilding compromised IT systems and complying with stricter post-incident audits and disclosures. In the US, companies must now comply with the SEC’s new rule requiring public disclosure of material cybersecurity incidents within four business days.

This compressed timeline could increase firms' vulnerability, potentially emboldening attackers to exploit the pressure window before disclosures are made.

What can companies and government entities do?

Rabetti: Three things:

1. Prioritize cybersecurity as a core business investment, not just a compliance item.

2. Engage in proactive blockchain monitoring—even firms outside the crypto sector need to understand crypto asset flows, wallet activity, and ransomware payment trends, because most ransom demands today involve crypto.

3. Partner with regulators and law enforcement. Companies that collaborate early and build internal crypto expertise will be far better positioned to respond to—and hopefully prevent—future attacks.

How might recent shifts in US crypto policy matter for businesses and governments globally?

Rabetti: The Trump administration’s pivot toward pro-innovation and lighter-touch regulation is already reshaping the global landscape. The executive order supporting digital finance and the establishment of a Strategic Bitcoin Reserve send a clear message: the US aims to lead, not lag, in blockchain innovation.

For businesses, this opens huge opportunities for expansion, entrepreneurship, and new product development. At the same time, it raises the stakes globally—countries that maintain overly restrictive crypto policies risk losing talent, capital, and technological leadership.

But greater freedom also demands greater responsibility. As our research shows, robust governance, cybersecurity, and transparency remain non-negotiables for firms that want to thrive long term.

Do you anticipate more use of blockchain forensics?

Rabetti: Absolutely. As regulations evolve, particularly under the current more crypto-friendly US administration, blockchain forensics will become increasingly critical—not just for regulators but for businesses, investors, auditors, and compliance teams.

Instead of relying solely on after-the-fact investigations, authorities can now detect suspicious activity as it happens, mapping wallet movements, tracing ransomware payments, or flagging illicit flows through DeFi protocols.

Companies, too, will need to integrate forensic monitoring tools into their risk management frameworks, particularly as compliance expectations rise.

Are non-US authorities effectively approaching their watchdog role?

Rabetti: Some non-US authorities are making great strides in crypto regulation.

• In Europe, the Markets in Crypto-Assets Regulation (MiCA), finalized in 2023, creates a comprehensive licensing regime for crypto firms, introduces stablecoin regulations, and encourages the use of blockchain analytics for compliance.

• In Singapore, the Monetary Authority of Singapore (MAS) has struck an impressive balance: combining strict licensing and robust AML/KYC requirements with a welcoming stance toward responsible innovation. MAS explicitly requires crypto firms to adopt blockchain forensic monitoring, a move that aligns closely with the opportunities highlighted in our research.

• South Korea, too, has learned from past scandals like WEMIX—requiring token issuers to disclose detailed whitepapers, undergo independent audits, and maintain reserve thresholds.

Regulatory gaps still exist, especially in regions where technical expertise is lacking. Regulatory arbitrage remains a real risk. Ultimately, effective oversight requires both modernized laws and investments in forensic capabilities to truly protect markets and investors.

What should businesses and customers take away from your work on crypto exchanges?

Rabetti: Our study on trading volume manipulation in crypto exchanges shows that reported volumes can be highly misleading. Many centralized exchanges inflate trading activity artificially, especially smaller or newer platforms that want to appear more liquid and popular. By simulating high trading volumes, or so-called "wash trading,” they attract new listings, user accounts, and fees—at least temporarily.

For customers, the key takeaway is: don’t blindly trust volume metrics. Before choosing an exchange, look for signs of transparency:

• Independent audits of trading volume and reserves

• Regulatory licensing from credible authorities like MAS or FCA

• Clear reporting and no reliance on self-reported figures

• Skepticism toward "too good to be true" incentives

Exchanges that fake volume can operate for a while, but over time, lack of trust and lack of real liquidity lead to instability or collapse. Transparency, verification, and good governance must become the industry norm if crypto markets want to mature.

What are some lessons for leaders from the Argentine president’s unsuccessful promotion of crypto

Rabetti: The $LIBRA scandal in Argentina is a classic case of influence without responsibility. When the government promoted the $LIBRA cryptocurrency without proper due diligence, it sparked an initial surge in enthusiasm—but within hours, the token collapsed, wiping out investor wealth and causing significant political backlash.

There are several key lessons from this episode. Endorsements are powerful—and dangerous if made carelessly. Government figures and corporate leaders must treat endorsements of financial products like fiduciary responsibilities, not as marketing opportunities. Regulatory guidelines are also essential.

Transparency and verification matter. While authenticity is important, it must always be grounded in facts. Financial promotions should clearly communicate both the opportunities and the associated risks.

How might blockchain be useful in navigating global trade actions and policies?

Rabetti: Blockchain could revolutionize global trade by increasing transparency, reducing fraud, and streamlining compliance.

Today, verifying product origins, confirming compliance with sanctions, and certifying goods across borders is slow, fragmented, and error prone. Blockchain can provide a single, tamper-proof ledger where every party—exporters, regulators, insurers, customs officials—can instantly verify key details.

Here's a real-world example: IBM Blockchain’s collaboration with Home Depot, which enabled full supply chain visibility from production to delivery. This transparency helped reduce disputes, speed up settlements, and cut costs associated with manual verification and documentation.

What can policymakers learn from your work?

Rabetti: Three key lessons:

1. Transparency is an asset, not a liability.

2. Smart regulation should target bad actors while supporting responsible innovation.

3. Investment in blockchain forensic capabilities is essential.

In our commentary to the SEC’s recent consultation, we emphasized the need for shared experimentation, pilot programs, regulatory sandboxes, and sustained stakeholder engagement to develop a framework that is both adaptive and forward-looking.

At the same time, the US has a global leadership opportunity: to set a standard that protects investors, promotes innovation, and fosters resilient, inclusive markets.

Image created with assets from AdobeStock.