On 18 March 2013, the Financial Crimes Enforcement Network (or FinCEN), a bureau of the United States Department of the Treasury, issued a report regarding centralized and decentralized "virtual currencies" and their legal status within "money services business" (MSB) and Bank Secrecy Act regulations. Since FinCEN issued this guidance, dozens of virtual currency exchangers and administrators have registered with FinCEN, and FinCEN is receiving an increasing number of suspicious activity reports (SARs) from these entities.
Additionally, FinCEN claimed regulation over American entities that manage bitcoins in a payment processor setting or as an exchanger: "In addition, a person is an exchanger and a money transmitter if the person accepts such de-centralized convertible virtual currency from one person and transmits it to another person as part of the acceptance and transfer of currency, funds, or other value that substitutes for currency."
In summary, FinCEN's decision would require bitcoin exchanges where bitcoins are traded for traditional currencies to disclose large transactions and suspicious activity, comply with money laundering regulations, and collect information about their customers as traditional financial institutions are required to do.
Patrick Murck of the Bitcoin Foundation criticized FinCEN's report as an "overreach" and claimed that FinCEN "cannot rely on this guidance in any enforcement action".
Jennifer Shasky Calvery, the director of FinCEN said, "Virtual currencies are subject to the same rules as other currencies. Basic money-services business rules apply here."
In 2013, the U.S. Treasury extended its anti-money laundering regulations to processors of bitcoin transactions.
In June 2013, Bitcoin Foundation board member Jon Matonis wrote in Forbes that he received a warning letter from the California Department of Financial Institutions accusing the foundation of unlicensed money transmission. Matonis denied that the foundation is engaged in money transmission and said he viewed the case as "an opportunity to educate state regulators."
In late July 2013, the industry group Committee for the Establishment of the Digital Asset Transfer Authority began to form to set best practices and standards, to work with regulators and policymakers to adapt existing currency requirements to digital currency technology and business models and develop risk management standards.
In 2014, the U.S. Securities and Exchange Commission filed an administrative action against Erik T. Voorhees, for violating Securities Act Section 5 for publicly offering unregistered interests in two bitcoin websites in exchange for bitcoins.

Theft and exchange shutdowns

Bitcoins can be stored in a bitcoin cryptocurrency wallet. Historical theft of bitcoin has been documented on numerous occasions. At other times, bitcoin exchanges have shut down, taking their clients' bitcoins with them. A Wired study published April 2013 showed that 45 percent of bitcoin exchanges end up closing.
On 19 June 2011, a security breach of the Mt. Gox bitcoin exchange caused the nominal price of a bitcoin to fraudulently drop to one cent on the Mt. Gox exchange, after a hacker used credentials from a Mt. Gox auditor's compromised computer illegally to transfer a large number of bitcoins to himself. They used the exchange's software to sell them all nominally, creating a massive "ask" order at any price. Within minutes, the price reverted to its correct user-traded value. Accounts with the equivalent of more than US $8,750,000 were affected.
In August 2011, MyBitcoin, a now defunct bitcoin transaction processor, declared that it was hacked, which caused it to be shut down, paying 49% on customer deposits, leaving more than 78,000 bitcoins (equivalent to roughly US $800,000 at that time) unaccounted for.
In early August 2012, a lawsuit was filed in San Francisco court against Bitcoinica — a bitcoin trading venue — claiming about US$ 460,000 from the company. Bitcoinica was hacked twice in 2012, which led to allegations that the venue neglected the safety of customers' money and cheated them out of withdrawal requests.
In late August 2012, an operation titled Bitcoin Savings and Trust was shut down by the owner, leaving around US$5.6 million in bitcoin-based debts; this led to allegations that the operation was a Ponzi scheme. In September 2012, the U.S. Securities and Exchange Commission had reportedly started an investigation on the case.
In September 2012, Bitfloor, a bitcoin exchange, also reported being hacked, with 24,000 bitcoins (worth about US$250,000) stolen. As a result, Bitfloor suspended operations. The same month, Bitfloor resumed operations; its founder said that he reported the theft to FBI, and that he plans to repay the victims, though the time frame for repayment is unclear.
On 3 April 2013, Instawallet, a web-based wallet provider, was hacked, resulting in the theft of over 35,000 bitcoins which were valued at US$129.90 per bitcoin at the time, or nearly $4.6 million in total. As a result, Instawallet suspended operations.
In October 2013, Inputs.io, an Australian-based bitcoin wallet provider was hacked with a loss of 4100 bitcoins, worth over A$1 million at time of theft. The service was run by the operator TradeFortress. Coinchat, the associated bitcoin chat room, has been taken over by a new admin.
On 26 October 2013, a Hong-Kong based bitcoin trading platform owned by Global Bond Limited (GBL) vanished with 30 million yuan (US $5 million) from 500 investors.
Mt. Gox, the Japan-based exchange that in 2013 handled 70% of all worldwide bitcoin traffic, declared bankruptcy in February 2014, with bitcoins worth about $390 million missing, for unclear reasons. The CEO was eventually arrested and charged with embezzlement.
On 3 March 2014, Flexcoin announced it was closing its doors because of a hack attack that took place the day before. In a statement that now occupies their homepage, they announced on 3 March 2014 that "As Flexcoin does not have the resources, assets, or otherwise to come back from this loss the hack, we are closing our doors immediately." Users can no longer log into the site.
Chinese cryptocurrency exchange Bter lost $2.1 million in BTC in February 2015.
The Slovenian exchange Bitstamp lost bitcoin worth $5.1 million to a hack in January 2015.
The US-based exchange Cryptsy declared bankruptcy in January 2016, ostensibly because of a 2014 hacking incident; the court-appointed receiver later alleged that Cryptsy's CEO had stolen $3.3 million.
In May 2016, Gatecoin closed temporarily after a breach had caused a loss of about $2 million in cryptocurrency. It subsequently relaunched its exchange in August 2016 and is slowly reimbursing its customers.
In August 2016, hackers stole some $72 million in customer bitcoin from the Hong-Kong-based exchange Bitfinex.
In December 2017, hackers stole 4,700 Bitcoins from Nicehash a platform that allowed users to sell hashing power. The value of the stolen bitcoins totaled about $80M. It is one of the biggest hacks in the history of Bitcoin.