FCC robocall rule could make phone accounts a richer target for crypto attackers
The FCC’s proposed robocall rule would require originating voice service providers to collect and retain more customer identity data before service is granted, including names, addresses, government IDs, alternate numbers, and verification records, with a four-year post-cancellation retention period and proposed $2,500-per-call forfeitures for KYC violations. The agency says this is needed to block illegal robocalls at the network’s origin. The main concern is that expanding carrier-side KYC could create a larger target for attackers. Phone numbers already underpin crypto exchange logins, account recovery, and SMS 2FA, so tying them more tightly to identity data could increase SIM-swap, social-engineering, and extortion risk. Past incidents show phone compromise can lead to crypto theft and even high-profile account takeovers, such as the SEC X account hack. The security impact depends heavily on scope: if the rule applies to ordinary retail and prepaid customers, it could reduce pseudonymous phone access and increase exposure; if limited to high-volume commercial originators, the privacy and honeypot risks would be smaller.
