Republican presidential candidate and former US President Donald Trump gestures at a Bitcoin 2024 event in Nashville, Tennessee, US, July 27, 2024.
Kevin Worm | Reuters
As the transition of power in Washington, D.C., approaches, Congress and the Trump administration are expected to pass a raft of pro-crypto legislation. To date, there has been less focus on the cybersecurity aspect of political efforts, which could present a problem for cryptocurrencies regarding their popularity among a wary US population.
Cryptocurrency, which includes not only Bitcoin but Ethereum, DogecoinOthers, have a loyal following among American adults. According to the Pew Research Center, 17% of American adults trade cryptocurrencies, but the market share of US wallets has remained virtually unchanged since 2021. Meanwhile, according to a Pew poll conducted shortly before the election, 63% of adults say they They trade cryptocurrencies. You have little or no confidence in investing or trading in cryptocurrencies, and do not believe that cryptocurrencies are reliable and safe.
The incoming Trump administration has been touting the merits of cryptocurrencies, focusing on the industry rather than the consumer.
“The No. 1 priority for the industry is making sure they have a regulatory framework so they can do business,” said Dusty Johnson (R-South Dakota), who helped write the book Financial Innovation and Technology for the 21st Century. FIT21, which addresses the processing of digital assets under US law. The law passed the House of Representatives with bipartisan support but was not adopted by the Senate.
FIT21 contains specific provisions relating to crypto cybersecurity, which Johnson expects to be built upon in the new administration.
Glenn “JT” Thompson (R-Pa.), chairman of the House Agriculture Committee and co-author of FIT21, says the bill's cybersecurity provisions remain key in the incoming administration.
“FIT21 requires significant cybersecurity safeguards for financial intermediaries that handle digital assets,” Thompson said in a statement to CNBC, adding that FIT21 includes explicit provisions to ensure that regulated firms take steps to assess and mitigate cyber vulnerabilities to protect both the services they provide and the assets they provide. They own it on behalf of their clients.
“These cybersecurity requirements are essential to protect digital asset markets and market participants,” Thompson said.
However, some experts are skeptical that there will be a significant amount of action on the security side of the legislation, given that crypto proponents are closely advising the Trump administration.
“Employees are policy,” says Jeff Lee, vice president of global government affairs and public policy at Security Scorecard and former assistant cabinet secretary in the California governor’s office. The senior ranks of the incoming economic team, made up of SEC Chairman-designate Paul Atkins, Commerce Secretary Howard Lutnick, and Treasury Secretary-designate Scott Besent, “have a proven track record of supporting cryptocurrencies,” Lu said.
Among other key positions in his second administration, President-elect Trump has appointed venture capital investor David Sachs to be his “czar” of artificial intelligence and cryptocurrencies.
The role of the cryptocurrency industry in political reorganization
The cryptocurrency industry has donated significant sums to the 2024 election cycle, contributions that have not been limited to the Republican Party, but more broadly focused on lawmakers with an industry-friendly view of cryptocurrency regulation. This is likely to continue to influence political calculations. The bipartisan cryptocurrency PAC Fairshake and its affiliates have already raised more than $100 million for the 2026 midterm elections, including commitments from Coinbase and the Silicon Valley Venture Fund Andreessen Horowitz, an early backer of Coinbase. Top Andreessen Horowitz executives have been tapped for roles in the Trump administration.
“We have the most pro-crypto Congress ever (in) history, and we have a very pro-crypto president taking office,” Faryar Shirzad, chief policy officer at Coinbase, recently told CNBC.
“It's rare to see crypto proponents calling for increased regulation in this area, no matter the reason,” said Jason Baker, senior threat intelligence consultant at GuidePoint Security.
Baker says the anonymity and independence of cryptocurrency are often cited as key benefits that legislation might limit, and the decentralized nature of cryptocurrency makes it difficult to regulate in the traditional sense.
“Given the current signals from the incoming administration and the interests of the administration’s influential cryptocurrency supporters, we do not expect significant progress on cryptocurrency regulation over the next four years,” Baker said.
He said that if there is not a lot of action on regulation, there are some clear implications for cybersecurity, driven by the connection between pro-crypto Washington, D.C., and investors' bullish bets on digital assets.
“Cybercrime is often motivated by the benefits of increasing the value of cryptocurrency,” Baker said. “In ransomware, for example, the ransom is usually demanded in US dollars, but payment is often made in Bitcoin. When the value of Bitcoin increases, cybercriminals will benefit.” “.
The value of Bitcoin has risen significantly over the past three months in a risk-filled market environment.
“The future focus on cryptocurrency regulation may positively indicate that Bitcoin cybercrime operations remain viable and are unlikely to suffer government disruption of operators in the space,” Baker said.
Cybercriminals have also changed their tactics to evade regulation and scrutiny, turning to more under-the-radar cryptocurrencies like Monero, Baker added.
The potential role of ransomware in the work of Congress
Baker expects that regulation focused on organizations issuing cryptocurrency payments – whether in the form of ransom payments or for other purposes – is likely to be achievable and acceptable in the current regulatory environment.
“This could include, for example, increasing requirements to report ransom payments when they are made, a policy that has been introduced without much attention in recent years,” Baker said. This approach arguably regulates the end users and purposes rather than regulating the underlying cryptocurrency itself.
In addition to ransomware payments to regain access to technology systems, there are other reasons why cryptocurrency payment is popular in digital extortion schemes, including protecting the criminal's identity and operational security. Private organizations may also choose to use cryptocurrencies to purchase leaked data or credentials made available on illicit forums.
There may also be situations where individuals try to report discovered vulnerabilities and receive money for them under a “bug bounty” program – whether voluntary or forced (so-called “begging bounty”). They may request payment in cryptocurrency based on personal preference or a general desire for privacy, and private organizations may or may not comply with this.
“While there are undoubtedly other options for institutions to use cryptocurrency in some form, these are the primary forms we see on a regular or more frequent basis,” Baker said. “Although such measures will certainly have downstream effects on the value of cryptocurrency by virtue of their impact on transaction volume,” Baker added.
Steve McNew, global lead for blockchain and digital assets at FTI Consulting, believes some regulation of online cryptocurrencies may occur, particularly when a company that is the victim of ransomware pays its attackers in cryptocurrency.
“There's more than just policy at hand,” McNew said. If a company is compromised in a cyberattack and is required to publicly disclose the ransom it paid, that could lead to the company becoming a bigger future target for other criminal enterprises, McNew said. While it may make sense, on the one hand, to provide disclosure of where the money goes and what cryptocurrencies are used for payment, doing so can put the company (and thus its customers, employees and partners) at risk.
“So, any policy decisions around crypto disclosure in this context will require balancing the need for transparency around the use of cryptocurrencies in criminal matters alongside the risks that this transparency may be exacerbated,” McNew says.
Although FIT21 passed the House with broad bipartisan support, it did not specifically address these issues.
He expects some legislative measures that may attempt to address this issue. “The next Congress could see more momentum for proposed legislation like the Cryptocurrency Cybersecurity Information Sharing Act of 2022, which would allow companies to share information related to cybersecurity threats with the federal government and with each other,” he said.
Congress may also reconsider the work of outgoing Financial Services Chairman Patrick McHenry (R-North Carolina) and Rep. Brittany Petersen (D-Colorado) and the Ransomware and Financial Stability Act of 2024, which aims to “enhance network resiliency,” Law said. The US financial system against ransomware attacks, establishing clear ransom payment protocols, and ensuring that these payments, including those involving cryptocurrencies, are made within a controlled system. and compatible legal framework.”
But he added that it was unclear whether the Trump administration would continue the Biden administration's leadership role in the International Ransomware Initiative, a 68-nation coalition aimed at preventing ransomware from being paid.
The broader Bitcoin governance battle
McNew says many of the underlying parameters surrounding cryptocurrencies, even down to their definition, can hamper legislation, even aspects of it intended to foster innovation and industry adoption.
“US lawmakers have work to do in defining the basic roles, responsibilities and standards for how the industry will be run before any meaningful legislation can be put in place,” McNew said. For example, creating a dedicated authority for digital assets is a necessity that has not yet been addressed.
The underlying governance structure has been a major point of contention during the Biden administration, and the main reason why SEC Chairman Gary Gensler has been a thorn in the side of the cryptocurrency industry.
“Lawmakers must decide whether responsibility will fall on the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), or another body. They will also need to identify issues related to taxes and broker-dealer tariffs for digital asset markets and provide them with a set of It's a clear rule of thumb for legislation to be effective, McNew said, adding that given how deeply divided the House is in the upcoming session, it may be difficult to craft an agreement.