CFPB proposes crypto firms refund users for funds lost to hacks

The US Consumer Financial Protection Bureau (CFPB) has proposed a rule that could require crypto asset service providers to reimburse users for funds stolen through illicit activities, including hacks.In a Jan. 10 notice, the CFPB proposed a rule that could allow accounts or wallets using “emerging payment mechanisms” set up for personal use to be subject to similar protections as fiat bank accounts. The US regulator suggested that the same rights that “guard against error and fraud” under the Electronic Fund Transfer Act (EFTA) could protect consumers transacting in stablecoins or “any other similarly-situated fungible assets that either operate as a medium of exchange or as a means of paying for goods or services.”“Based on the plain language used in EFTA and the reasoning of judicial decisions, as well as the CFPB’s experience in market monitoring, it has long been clear that the term ‘funds’ in EFTA is not limited to fiat currency like US dollars,” said the proposed rule. “The CFPB interprets the term ‘funds’ to include assets that act or are used like money, in the sense that they are accepted as a medium of exchange, a measure of value, or a means of payment.”The proposed action could be one of the last moves by the CFPB under US President Joe Biden, who is scheduled to leave office on Jan. 20. Tesla CEO Elon Musk, a close adviser to President-elect Donald Trump, who may have a role in his administration, suggested in November he “delete” the CFPB.Crypto stolen from hacks increased from 2023In January, blockchain security firms began releasing comprehensive reports of losses due to crypto-related illicit activities in 2024. PeckShield reported that there had been more than $2 billion in crypto stolen in hacks, while CertiK said that phishing schemes were the “most costly attack vector” related to crypto losses in 2024.It’s unclear whether these attacks could escalate in 2025 if adoption continues to grow, but the proposed CFPB rule could place a significant financial burden on crypto firms if enacted. Companies based in the US could be required to hold millions or billions of dollars in reserve in the event users’ funds were compromised.The CFPB opened the proposed rule to public comments until March 31, roughly two months into Trump’s term.