Non-Linearities, Cyber Attacks and Cryptocurrencies

This paper uses a Markov-switching non-linear specification to analyse the effects of cyber attacks on returns in the case of four cryptocurrencies (Bitcoin, Ethernam, Litecoin and Stellar) over the period 8/8/2015-28/2/2019. The analysis considers both cyber attacks in general and those targeting cryptocurrencies in particular, and also uses cumulative measures capturing persistence. On the whole, the results suggest the existence of significant negative effects of cyber attacks on the probability for cryptocurrencies to stay in the low volatility regime. This is an interesting finding, that confirms the importance of gaining a deeper understanding of this form of crime and of the tools used by cybercriminals in order to prevent possibly severe disruptions to markets.


Introduction
A cyber attack is an attack launched from one or more computers against other computers or net-works (either to disable them or to gain access to data and manage them); it compromises information security by affecting its confidentiality, integrity and availability. It is a form of cyber risk, which has now emerged as a type of systemic risk and has had an impact on the financial sector in particular (see Kopp et al., 2017). Bouveret (2018) proposes an empirical model based on the standard Value-at-Risk (VaR) framework for a quantitative assessment of cyber risk and losses and reports evidence for a number of countries. (see Graham, 2017). In recent years cryptocurrencies (Bitcoin in particular) have become a favourite target owing to their anonymity. Cyber attacks are in fact mentioned as one of the operational risk factors by both small and large "miners", whose responsibility in a cryptocurrency system is to group unconfirmed transactions into new blocks and add them to the global ledger known as the "blockchain" (see Hileman  Cryptocurrencies have distinctive features such that traditional methods to estimate and man-age risk might not be appropriate and different portfolio techniques might be required (see Platanakis and Urquhart, 2019; for a thorough review of the empirical literature on cryptocurrencies see Corbet et al., 2019). In particular, they are known to be highly volatile and to exhibit breaks. For instance, Thies and Molnar (2018) identify several structural breaks in the Bitcoin series using a Bayesian change point (BCP) model, whilst Chaim and Laurini (2018) specify two models for Bitcoin incorporating discontinuous jumps to volatility and returns, the former being found to have permanent effects, the latter contemporaneous only.
Interestingly, Gandal et al. (2018) show that suspicious trading activity is the likely cause of such jumps, specifically in late 2013. In the presence of breaks standard GARCH models can produce biased results (Bauwens et al. 2010 and2014). In such cases Ardia et al. (2018a) suggest estimating Markov-Switching GARCH (MS-GARCH) models, whose parameters can change over time according to a discrete latent variable. Caporale and Zekokh (2019) show that indeed standard GARCH models yield relatively inaccurate Value-at-Risk (VaR) and Expected-Shortfall (ES) predictions in the case of the four most popular cryptocurrencies 2 (i.e. Bitcoin, Ethereum, Ripple and Litecoin), and that these can be improved by allowing for asymmetries and regime switching (see also Ardia et al., 2018b, for some evidence on Bitcoin only).
The present paper also adopts a Markov-Switching framework but aims to investigate the additional issue of whether or not cyber attacks affect the time-varying transition probabilities of switching from one regime to another. The remainder of the paper is organised as follows: Section 2 discusses the methodology. Section 3 presents the empirical results. Section 4 concludes.

Methodology
The time-varying regime-switching model considered in this paper allows for shifts in the mean and the variance, that is for periods of low and high returns and volatility, and is given by: where Λ  = percentage change in cryptocurrency prices. Autoregressive terms (up to four lags) are also considered. Therefore, the parameters vector of the mean equation, (Eq. 1) is with   ∈ S   = 1 −   ( ∈ S)  Each column sums to unity and all elements are non-negative. It is also assumed that {  } and {  } are independent.
To assess the links between cyber attacks and the cryptocurrencies, we generalise the model in Eq. (1) by allowing the transition probabilities to vary over time. Following Filardo (1994), the transition mechanism governing {  } is given by: where   = cyber attacks count. For robustness purposes, the following control variables are also included:   = VIX for global financial markets uncertainty and Λ  = change in 3 cryptocurrency volumes.
Note that since     −1 has the same sign as  1 ,  1  0 implies that an increase in cyber attacks,  −1  increases the probability of remaining in the low regime. Similarly,  1  0 implies that an increase in  −1 increases the probability of remaining in the high regime. 1 The same holds for the control variables Λ −1 and  −1  The density of the data has two components, one for each regime, and the log-likelihood function is constructed as a probability-weighted sum of these two components. The data source for cyber attacks is https://www.hackmageddon.com, which is regularly updated with media and personal reports submitted from all over the world with daily timeliness. These include Crime, Espionage, Warfare and Hacktivism (or hacking) cyber attacks.
We consider cyber attacks specifically targeting cryptocurrencies (henceforth crypto attacks), as well as other cyber attacks (henceforth cyber attacks). The rational for including the latter is that their extensive media coverage could also affect the perception investors have of cryptocurrencies, since this type of asset relies heavily on cyber security.
Further, we construct an intensity measure based on the cumulative number of crypto attacks, as well as cyber attacks, using a two-week rolling window, which is expected to capture persistence. The two measures for both crypto and cyber attacks are shown in

Empirical Results
Maximum likelihood (ML) estimates of the model described above are reported in Tables 2-3.
The null hypothesis of linearity against the alternative of Markov regime switching cannot be tested directly using the standard likelihood ratio (LR) test. We test for the presence of more than one regime against linearity using the Hansen's standardized likelihood ratio test (1992). The value of the standardized likelihood ratio statistics and related p -values (Panel B, Table 1), under the null hypothesis (see Hansen (1992) for details), provide strong evidence in favour of a two -state Markov regime-switching specification. The presence of a third state has also been tested and rejected. The optimal lag length according to Schwarz information criterion is one. In order to assess the possible role of cyber attacks in determining cryptocurrency returns, we analyse the sign (and significance) of the parameters of the timevarying transition probabilities (which sheds light on whether or not the cyber attack variable affects the probability of staying in the same, or switching to a different regime), and also consider their evolution over time to establish whether changes in regime are triggered by cyber attacks.

Please Insert Tables 2-3 about here
In the case of the one-day crypto attacks, the estimated coefficients for the transition probability ( Table 2) imply that an increase (decrease) in the number of crypto attacks decreases (increases) the probability of remaining in the lower volatility regime. The effect is particularly pronounced for Bitcoin, Ethereum and Litecoin with  1 being equal to −1735, 2 Please note that in the empirical analysis we use the percentage change in volumes.

5
−1403 and −1951, respectively. On the other hand, crypto attacks do not appear to affect cryptocurrency returns during highly volatile periods, with  1 being positive but insignificant.
Maximum likelihood (ML) estimates for one-day cyber attacks (not reported for reasons of space) lead to similar conclusions concerning the signs and significance of the coefficients.
As for the two-weeks rolling crypto attacks measure, a similar pattern emerges, with crypto attacks negatively affecting the probability of staying in the low regime for all four currencies, although the magnitude of the parameter is smaller in absolute value. These findings suggest the presence of memory, measured by the crypto attacks intensity, which also drives the dynamics of the transition probability.
Regarding the results based on the two-week rolling window for cyber attacks (see Table   3), again a similar pattern emerges with  1 being equal to −0119,−0092 and −0149 and −0124 for Bitcoin, Etheuram, Litecoin and Stellar respectively. These results suggest that cyber attacks affect cryptocurrencies but less than crypto attacks. However, a positive and statistically significant effect of cyber attacks on cryptocurrencies is found during highly volatile periods, with  1 being equal to 0021 0074 0042 and 0143 for Bitcoin, Etheuram, Litecoin and Stellar, respectively.
The evolution of the time-varying transition probabilities and the crypto/cyber attack variables is very informative. The former vary throughout the sample. Changes in the probability of remaining in the less volatile regime appear to be triggered by the crypto/cyber attacks pattern for all four cryptocurrencies (see Figure 1). The sharp increase in the number of cyber attacks over the last two years has decreased the probability of remaining in the low volatile regime ¡    ¢ .
Finally, concerning the two control variables, as one would expect, an increase (decrease) in volume changes decreases (increases) the probability of staying in the low regime  3  0 whereas it increases (decreases) the probability of remaining in the high regime,  3  0 The coefficients on the VIX instead are not significant and suggest that crypto currencies are not responsive to global financial markets uncertainty.
Overall, all models appear to be well identified for all four cyber attack measures used.
The results indicate the presence of statistically significant low ¡   ¢ and high

Transition Probabilities
Low Regime

Transition Probabilities
Low Regime  The time-varying transition probabilities refer to the probability of switching from a low to a high volatility regime according to parameter estimates (Table 2) for one day crypto attacks.