Economic Crisis Resource Center > Troutman Sanders LLP

Carbon Emissions Trading Market Attacked by Hackers

by Troutman Sanders LLP

On January 18, 2011, over $9 million worth of carbon emission permits were reported stolen from the Czech Republic’s electricity and carbon trading registry.  Additionally, at the same time of the heist, the registry office was evacuated because of a bomb threat.  This cyber theft is the latest in a series of security breaches within the carbon emissions market.  In response to the theft, the European Commission, the European Union (“EU”) Executive Body, has suspended transactions in national EU registries for a week.

Carbon emissions permits are traded in a similar manner as other commodities that are traded on spot and futures markets.  However, the carbon emission trading market operates under the cap-and-trade system in which EU Allowances allow energy companies and industrial factories to trade their pollution permits via buying and selling their government allocated allowances.  The cap-and-trade system puts a price on carbon by limiting the amount of emissions polluters can produce.  Companies producing more than their limit buy permits, which allow those producing less than the limit to sell their excess government-issued allowances on the open market.  Individual registries are currently responsible for the tracking of these permits, as the market is not set to have a central clearinghouse until 2013.  Since the settlement of certificates is almost instantaneous, it is very easy for money to be removed from the system.

The Czech Republic registry stated that 1.3 million permits were missing from six different accounts and the stolen digital assets were transferred to accounts in several other countries.  Moreover, other national registries are known to be vulnerable according to the European Commission.  In response to the security breaches at the Prague-based registry, the European Commission offered the following estimate  

of the number of stolen allowances, “The Commission’s best estimate is that roughly two million allowances, representing a total of less that .02% of allowances in circulation, have been illegally transferred out of certain accounts.”  At their current price the permits are worth 14.48 Euros each.  At this price, the 2 million illegally transferred allowances are valued at about 29 million Euros ($39.4 million).

This cyber attack on the carbon emissions trading market is the most recent of three since the beginning of the year.  Similar cyber thefts were reported last week by the Austrian registry and 1.6 million missing allowances belonging to Romanian cement maker Holcim were reported stolen by the country’s registry in November.  Last year, the German registry reported 250,000 allowances stolen when companies were targeted by “phishing attacks.” 

A copy of an article covering the heist is available here.