Crypto assets and social media are changing how finance operates. Uncertainty around the future of AI is affecting financial markets. Claudia Biancotti argues that regulators must expand their range of expertise and pursue a multidisciplinary approach to protecting society against the potential negative spillovers from these developments.
Finance has a long history of shaping and being shaped by technological change. Banks were early adopters of the telegraph in the mid-1800s. Over a century later, a consortium of financial institutions developed SWIFT, the global messaging network that enables cross-border payments to this day. From the first ATMs in the 1960s to banking apps on smartphones, new devices and communication protocols have impacted how people access, manage, and spend their money.
Current times are no exception. Blockchains, digital ledgers that secure information on a decentralized basis, were originally created for financial use cases. Social media are changing the nature of retail investing, and AI is a driving force behind recent stock market trends.
Whether these developments are good or bad for society, innovation is forcing regulators to rethink their strategies. This article draws on three case studies to show how financial authorities must incorporate a wider range of expertise to understand and address risks arising from the digital space.
The Bybit hack
On February 21, 2025, crypto exchange Bybit was hacked. A staggering $1.46 billion in tokens was stolen in an attack attributed to Lazarus Group, a state-sponsored outfit from the Democratic People’s Republic of Korea (DPRK). The hack is the biggest heist in the history of crypto.
Compared to other state-sponsored actors, Lazarus tends to hack targets more for theft than, say, sabotage or political posturing. With a weak economy compounded by international sanctions, the DPRK and its nuclear program are in constant need of funding. A few years ago, Lazarus exfiltrated $101 million from the central bank of Bangladesh. It also targeted several commercial banks by leveraging compromised SWIFT credentials, with mixed results.
In recent times, the attention of Lazarus and other hacker groups has shifted to crypto, which is a softer target because in most jurisdictions crypto intermediaries are not subject to equivalent cybersecurity requirements as traditional financial players. Researchers pointed out that specific technical measures, such as double-checking of all outgoing transactions on separate devices, could have prevented or mitigated the Bybit hack. They were not implemented because they are costly, and they were not mandated by regulation.
Hackers are also attracted to crypto because its decentralized, anonymous features can facilitate money laundering. In the 24 hours after the Bybit attack, about one-fourth of the stolen tokens had been funneled through a thick web of transactions meant to obfuscate their illicit provenance. While jurisdictions such as the United States and the European Union have made significant inroads against crypto launderers, there is still plenty of complacency elsewhere.
Unlike other victims of high-profile crypto hacks, Bybit did not fold. It faced strong withdrawal pressure from customers in the days following the attack and shouldered it well, allegedly with its own resources and loans from industry partners. In the absence of reporting obligations, though, there is no way to judge if the operation is sustainable in the medium term.
In the past, technical, financial, and governance vulnerabilities in crypto were a concern only for those willing to take their chances on an opaque, risky market, in exchange for the possibility of very high returns. The crypto crash of 2022 had little to no impact on the outside world. This is changing fast, as the crypto ecosystem becomes increasingly interconnected with traditional finance.
Crypto companies are listed on regulated markets, stablecoin issuers hold their reserves in government bonds and banks, and blockchains may become a part of mainstream payment infrastructure. As recently pointed out by Financial Stability Board Chair Klaas Knot, crypto may be reaching a tipping point where it becomes a risk to financial stability. While the sector represents less than one percent of global financial assets, it is already larger than the subprime mortgage market was at the onset of the 2007 Great Financial Crisis.
Under-regulation of crypto is a bad idea, especially if it triggers an international race to the bottom to attract business. In global financial networks, differences in regulation and enforcement between countries negatively impacts virtuous actors. Insufficient oversight even in a single jurisdiction may lead to poor outcomes for all users. Regulators need to equip themselves with the technical expertise to monitor crypto.
The GameStop rally
On January 28, 2021, financial news outlets were abuzz with the exceptional stock market performance of GameStop, a video game retailer. Shares had attained an all-time high at $483, or over twenty-fold the price at the beginning of the year.
According to the U.S. Securities and Exchange Commission (SEC), “GameStop […] experienced a dramatic increase in their share price in January 2021 as bullish sentiments of individual investors filled social media.” The stock became popular in finance-themed online communities. As members bought shares, congratulated each other on successful trades, and posed as champions of the people against Wall Street short sellers, the price steadily went up. Eventually it would stabilize at much lower levels.
The GameStop rally popularized the concept of meme stocks, whose prices are influenced by internet fads. A confluence of factors catalyzed the episode. The velocity of social media discourse and the popularity of gamified trading apps were key. So was the “financial nihilism” trope, popular with the crypto community and some other young investors. Proponents maintain that new generations, contrary to their parents, have no chance at socio-economic advancement based on education and hard work alone, and that their only shot at building generational wealth is investing on the right tail of the risk distribution.
In the following years, these factors emerged again and again. The 2023 run on Silicon Valley Bank, a mid-size financial institution mostly catering to the tech industry, happened at internet speed as pundits and reporters shared concerns about the bank’s liquidity through social media. Meme stocks still exist today, and 2025 has seen increasing interest in meme coins, crypto assets that are similarly propelled by popularity in online communities.
Discussion of financial assets over the internet is not necessarily a negative phenomenon. More information available to investors may lead to increased market efficiency. Still, this only works if the information is correct. Some so-called finfluencers, internet personalities specializing in financial advice, promote fraudulent schemes.
Problematic angles can emerge even if no outright fraud is present. Legal scholar Sue Guan notes that finfluencers, rather than simply seeking to disseminate facts on asset value, aim to maximize (and monetize) their own popularity. This can lead to clickbait and less-than-accurate posts, which ultimately “distort prices, negatively affecting corporate governance, capital raises, securities litigation, and market confidence.”
More worryingly, malicious actors, state-sponsored or otherwise, may seek to leverage social media to undermine market fairness and financial stability, with strategic aims beyond monetary gain. There is no evidence that such actors played a part in the GameStop rally, but social media have been exploited for influence operations before, and it may only be a matter of time until this happens in the financial space.
Regulators and supervisors may benefit from understanding and monitoring online culture, no matter how seemingly inane, or even toxic, internet chatter appears at times. Authorities should develop the legal and technical tools to spot potential malfeasance quickly and intervene in a timely manner, especially given the speed at which viral online content can trigger real-world market consequences, even for investors who do not partake in internet discussion forums.
The DeepSeek launch
On January 20, 2025, Inauguration Day in the U.S., Chinese company DeepSeek released a chatbot based on its R1 large language model (LLM). Its performance was comparable to that of leading U.S. competitors. According to the developers, the model had been trained for a fraction of the cost.
As users around the world marveled at R1’s capabilities, the U.S. stock market saw a one trillion dollar selloff in a single day, on fears that the country may be losing its lead in AI innovation, and that the age of big investments in chips and data centers was over. Among the worst-hit companies were chipmakers Nvidia and Broadcom, as the effectiveness of U.S. export controls aimed at depriving China of computational ability was called into question. Some pundits contended that Deepseek’s researchers, underfunded and under-resourced, were able to score a victory against U.S. labs based on cleverness alone.
On closer scrutiny, cracks emerged in this David-versus-Goliath narrative. DeepSeek, sometimes miscast as a scrappy startup, is the offshoot of a Chinese hedge fund that started accumulating computing power and engineering talent for AI research as far back as 2020. Most of the information provided by the company on the training process cannot be verified independently, and some technology analysts contest the cost figures. Cutting-edge GPUs were allegedly smuggled to DeepSeek in violation of U.S. restrictions.
Even if all the company’s claims were true, DeepSeek’s offering would still be more of a marginal improvement than foundational breakthrough. Underlying most contemporary LLMs, including R1, is a technology introduced in 2017 by researchers at Google, which was progressively refined through the years.
DeepSeek’s developers also failed to acknowledge important security concerns. If prompted to provide a perspective on global affairs, the model appeared to follow Chinese governmental doctrine. This is especially troubling from an open-source model, which can be integrated in other applications at low cost. User data is stored in China and, as noted by the German privacy watchdog, this poses risks to users, since the Chinese government has ample access to information collected by the private sector.
The price of stocks affected by the sell-off has since recovered, but this episode is a warning shot for what may perhaps become the most important challenge of our times. The world is headed into significant uncertainty about developments in AI and how they impact issues of privacy, copyright, national security, and the integrity of the marketplace of ideas.We can guess very little about the timeline and content of new discoveries, and how they will affect us. Society is grappling with highly complex issues that may become even more complex as trailblazing research migrates from academia to corporations, and as we start contemplating artificial general intelligence (AGI), a silicon brain as flexible as our own. Oscillation between panic and euphoria, affecting the economy and financial markets in a disorderly way, is a very real possibility.
The implications for regulators are not straightforward. Disclosure requirements for listed companies could be tweaked to mandate more transparency on innovation, but not every AI outfit is listed. Rather than pursuing direct regulatory action, authorities may want to establish a presence in the public debate that contributes to a balanced, informed evaluation of events.
Conclusions
Regulators cannot solve all problems of the digital sphere on their own. They can, however, guide the financial system through the deep changes that lie ahead.
Financial authorities need to prepare for the future by reinforcing their ability to decipher technological progress and its interactions with broader economic and strategic dynamics. This should be done vertically, through talent acquisition in fields such as computer science, international relations, and new media. It should be done horizontally, by reinforcing ties with academia, the national security community, and other institutions, with careful consideration of complementarities and mandate limits. While no individual jurisdiction offers a perfect model, some central banks are already staffing their innovation hubs with crypto experts and AI engineers, and some countries already integrate financial authorities in national security discussions.
Cooperation should ideally extend across borders. Yet, global consensus is hard to achieve at this moment in history. Multilateral efforts should be pursued whenever possible, starting from areas where the interests of most countries are still aligned—cybersecurity, anti-money laundering, and countering terrorism financing come to mind. When agreement is out of reach, authorities should pursue local protections against the negative spillovers from weak regulation, while being mindful of possible loss of competitiveness vis-à-vis jurisdictions that opt for no or very lax oversight.
As deeper and broader knowledge is acquired, it should be deployed towards the design of regulation that is commensurate with today’s challenges. It should not be so heavy that it stifles innovation, or so light that malicious actors circumvent it. Authorities should be open to overseeing technology with technology, including integration of AI and even crypto-native constructs in regulatory design and supervisory practice.
Author Note: I would like to thank Oscar Borgogno, Luisa Carpinelli, Michele Savini Zangrandi, Stefano Siviero, and Giuseppe Zingrillo for comments and suggestions. The views expressed are my own and should not be attributed to the Bank of Italy.
Author Disclosure: The author reports no conflicts of interest. You can read our disclosure policy here.
Articles represent the opinions of their writers, not necessarily those of the University of Chicago, the Booth School of Business, or its faculty.
Subscribe here for ProMarket‘s weekly newsletter, Special Interest, to stay up to date on ProMarket‘s coverage of the political economy and other content from the Stigler Center.
