That is something that is Securities Law 101. Accounts must be segregated. Forget about "regulation of crypto" -- this is about basic custodial accounts. ANY business which takes monies has to adhere to this principel -- you can't take my downpayment for something and put it to another make-good.
Instead of worrying about crypto itself, they should have been worried about the actual accounts. They weren't.
It's aking to worrying about if my tech stocks are too risky for my age instead of....is my account being raided by the firm ?
Yes, but even without the right structure there had to have been (or should have been) basic custodial recordkeeping audits.
What about back-ups in case of a power failure ? In case of a cyber attack ? EMP attack ? Basic stuff.
Yup....would have helped. You would think that the regulators -- who can regulate FIRMS if not CRYPTO -- should have been on this. Ditto the private investors.
Fundamental principle of investing: custodial oversight is NOT with the firm making the investments (unless you trust a Big Bulge Bracket Firm like JP Morgan Chase, Goldman Sachs, Fidelity, etc.).
Even those firms may use others to clear and verify trades, I'm not sure. But I know that most RIAs and small asset managers use firms like JPM Chase, Goldman, etc. to verify their trades. This way.....THEY are on the hook.
If I open up "GoldFinger Asset Management" and I steal the money and am producing MY OWN statements, I can get away with anything for a long time. But if I clear through JPM Chase or Fidelity or Schwab.....THEY are on the hook and will insist the $$$ be held by them because the statements have their names on it and they're liable.
That is how Madoff got away with his fraud. In fact, I am unaware of any material fraud or Ponzi Scheme where a big Wall Street firm was involved in clearing. There, the problem is excessive trading, risky trading, high commissions, etc. But no outright fraud.
Self-clearing or clearing with a firm nobody ever heard of is 10 red flags.