
CFPB proposes crypto firms refund users for funds lost to hacks
The US Consumer Financial Protection Bureau (CFPB) has proposed a rule that could require crypto asset service providers to reimburse users for funds stolen through illicit activities, including hacks.In a Jan. 10 notice, the CFPB proposed a rule that could allow accounts or wallets using āemerging payment mechanismsā set up for personal use to be subject to similar protections as fiat bank accounts. The US regulator suggested that the same rights that āguard against error and fraudā under the Electronic Fund Transfer Act (EFTA) could protect consumers transacting in stablecoins or āany other similarly-situated fungible assets that either operate as a medium of exchange or as a means of paying for goods or services.āāBased on the plain language used in EFTA and the reasoning of judicial decisions, as well as the CFPBās experience in market monitoring, it has long been clear that the term āfundsā in EFTA is not limited to fiat currency like US dollars,ā said the proposed rule. āThe CFPB interprets the term āfundsā to include assets that act or are used like money, in the sense that they are accepted as a medium of exchange, a measure of value, or a means of payment.āThe proposed action could be one of the last moves by the CFPB under US President Joe Biden, who is scheduled to leave office on Jan. 20. Tesla CEO Elon Musk, a close adviser to President-elect Donald Trump, who may have a role in his administration, suggested in November he ādeleteā the CFPB.Crypto stolen from hacks increased from 2023In January, blockchain security firms began releasing comprehensive reports of losses due to crypto-related illicit activities in 2024. PeckShield reported that there had been more than $2 billion in crypto stolen in hacks, while CertiK said that phishing schemes were the āmost costly attack vectorā related to crypto losses in 2024.Itās unclear whether these attacks could escalate in 2025 if adoption continues to grow, but the proposed CFPB rule could place a significant financial burden on crypto firms if enacted. Companies based in the US could be required to hold millions or billions of dollars in reserve in the event usersā funds were compromised.The CFPB opened the proposed rule to public comments until March 31, roughly two months into Trumpās term.