U.S. agency proposes rule requiring refunds after crypto hacks

The Consumer Financial Protection Bureau has proposed a rule that would require cryptocurrency companies in the US to refund customers who lose money due to hacks or unauthorized transactions.

According to the Financial Times report, the proposal aims to extend consumer protections that already exist for traditional bank accounts to digital wallets used for cryptocurrencies.

The CFPB’s rule aims to expand the scope of the Electronic Funds Transfer Act to include digital assets such as stablecoins (crypto tokens designed to maintain a stable value) and other fungible tokens used for payments.

If this expansion is adopted, “funds” would be redefined to include assets that function as money or are used to pay for goods and services.

Cryptocurrency accounts, often called wallets, allow users to store and trade digital currencies. But unlike traditional bank accounts, these wallets are not universally protected against loss from hacking or fraud.

The CFPB’s proposal would change this and require service providers to compensate customers for stolen funds.

crypto hacks

The proposal comes amid a rise in cryptocurrency hacking incidents. Blockchain analysis firm Chainaliz reported that 303 crypto hacking incidents occurred in 2024, resulting in $2.2 billion in funds being stolen.

North Korean groups were responsible for more than $1.6 billion of these losses; This caused the amount of theft to double compared to the previous year.

The CFPB’s proposal marks one of the Biden administration’s latest crypto-related initiatives. However, its future remains uncertain as the new Trump administration, which has shown strong support for the crypto industry, prepares to take office.

Many Trump advisors, including Elon Musk and Vivek Ramaswamy, have publicly criticized the CFPB and called for its reduction or elimination.

Public comments on the CFPB proposal will be open until March 31, after which the bureau will decide whether to issue a final rule.