Stay informed with free updates
Simply sign up to the Cryptocurrencies myFT Digest — delivered directly to your inbox.
US cryptocurrency companies should be responsible for refunding customers’ accounts when they are hacked, bringing standards for digital wallets into line with bank accounts, the consumer banking regulator has proposed.
The Consumer Financial Protection Bureau said on Friday it wanted to mandate service providers to pay back consumers who lose funds owing to hacks or unauthorised transactions.
The move by the CFPB would force digital asset businesses to increase their security and reserves to counter operational threats.
Its proposal comes as the agency faces an uncertain future following the inauguration of Donald Trump as US president this month. Many of the incoming president’s closest advisers are friendly towards crypto. Two of them, Elon Musk and Vivek Ramaswamy, have both spoken out against the agency and are in charge of Trump’s new effort to reduce perceived government bureaucracy.
Musk, an influential close confidant of Trump, has called for eliminating the CFPB, while Ramaswamy claimed in December that it was “one of the easiest agencies to shut down”.
It also probably marks one of the final pieces of proposed crypto rulemaking of the Biden administration. Trump has emphatically backed the crypto industry and vowed to end the perceived animosity that companies have faced from regulators in recent years.
The CFPB is seeking to extend the scope of the Electronic Fund Transfer Act, which protects customers from payments fraud. The agency wants to broaden the term “funds” to include any assets “that act or are used like money”.
That would include stablecoins, crypto tokens that act like digital dollars, and “any other similarly-situated fungible assets that either operate as a medium of exchange or as a means of paying for goods or services”, the proposal said.
Hacking has long been a problem for the crypto market. Last year there were 303 hacking incidents globally, up from 282 the year before, in which hackers stole $2.2bn, data from blockchain analytics company Chainalysis found.
North Korean groups were responsible for the most money stolen, Chainalysis found, having taken $1.34bn through cryptocurrency hacks in 2024, more than double the amount they took the year before.
A rule change would probably have a big impact on any US company holding crypto tokens for customers, such as exchanges and custodians, as they would need to have enough reserve funds to be able to pay customers’ accounts in the event of a hack or mis-sent payment.
CFPB said it was focusing on “virtual currency wallets that can be used to buy goods and services or make person-to-person transfers”, as well as video game accounts where virtual items were purchased and credit card reward points accounts that let customers buy points that could be used to purchase goods from multiple merchants.
The agency is seeking industry comments on the proposal by March 31, after which it will decide whether to issue a final rule.
Read the full article here