CFPB proposes crypto firms refund users for funds lost to hacks
The US Consumer Financial Protection Bureau (CFPB) proposed a rule requiring crypto asset service providers to reimburse users for funds stolen through illicit activities, including hacks. The rule suggests that accounts using “emerging payment mechanisms” for personal use could receive protections similar to those for fiat bank accounts under the Electronic Fund Transfer Act (EFTA). The CFPB interprets “funds” to include assets functioning as money, such as stablecoins. In 2024, over $2 billion in crypto was reported stolen, with phishing schemes identified as the most costly attack vector. If enacted, the rule could impose significant financial burdens on US crypto firms, necessitating reserves to cover potential user losses. Public comments on the proposed rule are open until March 31.
