Altcoins Talks - Cryptocurrency Forum
Learning & News => News related to Crypto => Topic started by: ABCbits on January 12, 2025, 09:56:36 AM
-
New US Rule Could Force Crypto Providers to Compensate Fraud Victims
The US Consumer Financial Protection Bureau (CFPB) has unveiled a proposal that could redefine consumer protections in the cryptocurrency sector.
The rule aims to hold crypto service providers accountable for compensating users who lose funds to theft or fraud... Read more here (https://beincrypto.com/us-crypto-providers-to-compensate-scam-victims/).
I have so many concern about this proposal. It's not clear whether it only applies to custodial wallet or also apply to non-custodial wallet. In addition, the wallet provider would suffer major loss if they forced to compensate the victim, but can't take the money back from the hacker/scammer. Your opinion is greatly appreciated.
-
Although the initial idea may seem good to the affected users, I believe that the entire process necessary to carry it out could make the entire path traveled useless. Being able to do something like this would require 100% transparency of the affected service (exchange, company) and I am not just referring to economic transparency, with which very few companies will agree, but also, in the case of hacks, transparency with code, firewalls, access to servers, wallets and much more.
How many companies would be willing to hand over all the keys?. I'm sure a very low percentage of them.
-
Although the initial idea may seem good to the affected users, I believe that the entire process necessary to carry it out could make the entire path traveled useless. Being able to do something like this would require 100% transparency of the affected service (exchange, company) and I am not just referring to economic transparency, with which very few companies will agree, but also, in the case of hacks, transparency with code, firewalls, access to servers, wallets and much more.
How many companies would be willing to hand over all the keys?. I'm sure a very low percentage of them.
No. The victims may not have ven be open to give up transparency either. One wallet leads to another and it will be another issue to face for the victims when it reveals something else.
For exchanges, they will have to prove they are really hacked. Of all exchanges who claimed they were hacked, non of them really care to show they were.
-
~snip~
For exchanges, they will have to prove they are really hacked. Of all exchanges who claimed they were hacked, non of them really care to show they were.
This is also a problem, as some exchanges that claim to have been hacked have not been hacked, but rather it has been an internal "issue" perpetrated by exchange staff. So being able to demonstrate it would be an act of total transparency, as I said in my previous post, and that is something that many companies will not be willing to do. Also, that shouldn't just apply to exchanges, there are multiple staking platforms (among others) that typically claim to have been hacked when what they do is steal users' funds. We will see how far this new rule goes and whether it is really applied or not.
-
The article's saying $3B was lost in cryptos hacks in 2024 so if ppl get compensated who's going to pay ?
The rule aims to hold crypto service providers accountable for compensating users who lose funds to theft or fraud... Read more here (https://beincrypto.com/us-crypto-providers-to-compensate-scam-victims/).
-
I have so many concern about this proposal. It's not clear whether it only applies to custodial wallet or also apply to non-custodial wallet. In addition, the wallet provider would suffer major loss if they forced to compensate the victim, but can't take the money back from the hacker/scammer. Your opinion is greatly appreciated.
This is unfair for many cryto service providers; I would like to highlight this on the article you provided
Critics argue that the CFPB rule’s broad definitions and lack of consultation with key crypto stakeholders may hinder its implementation.
Obviously, the stakeholders were not part of the consultation; there's going to be an opposition because this may hinder developers from creating or updating their platform for lack of protection on their part. They failed to realize that here in cryptocurrency, you are your own bank, and they cannot compensate people who do not secure their wallets properly. There's going to be a strong opposition to this new one because its unfair for the crypto community running platforms that deal with keeping coins.
-
I don't really know what to make of this, there are many things about it that is not so clear. If a service goes bankrupt and collapses, how can they be immediately forced to compensate victims. There are many fine details needed it this and it could make it too hard to implement.
-
~ It's not clear whether it only applies to custodial wallet or also apply to non-custodial wallet.
I agree that it has to be clearly defined in the proposed rule. If none of that is said, then it has to be the former. They are trying to expand the rule imposed to banks and this should also mean wallets that fully control the crypto funds.
With this rule, centralized exchanges and custodial wallets will be forced to spend more on their platform's security.
-
How many companies would be willing to hand over all the keys?. I'm sure a very low percentage of them.
now that you mention that this rule could just be an excuse for the government to be able to look at platforms closely it does not matter whether it is a centralized or decentralized platform like said it might seem like a good move from the government but the lack of definitions make this vulnerable to manipulation the law will be obviously bent and abused to favor whoever can find loopholes with this rule
-
The article's saying $3B was lost in cryptos hacks in 2024 so if ppl get compensated who's going to pay ?
It says that it is aimed at 'cryptocurrency service providers', which means it is still very general... or you could say service providers engaged in cryptocurrency such as exchanges, DeFi lending services, NFT platforms and so on... I haven't found anything definite there...
However, I think this is very excessive and can even cause more serious complications... hacking problems can indeed happen to anyone, but giving responsibility for the hack to someone else is clearly going too far... crypto activists cannot be chased continuously to give money to victims of fraud for free... while public facilities such as loans can still be used properly and I think that is fairer than having to be responsible for solving other people's problems.
-
I am supporting the very idea behind this new rule but maybe details can be refined and be clearly defined before it can be fully implemented...and am sure industry players that can be affected are going to be consulted on this matter. I believe that there is a big need to protect ordinary crypto users of different platforms. Now, as to hack, maybe we should be following what happened to Binance with its $570 million hack years ago but no one lost money as Binance made sure it was ready for something like that incident. Crypto service providers should make their platforms so secure and if a hack can come then it should have a facility to repay the money lost in the process.
-
now that you mention that this rule could just be an excuse for the government to be able to look at platforms closely it does not matter whether it is a centralized or decentralized platform like said it might seem like a good move from the government but the lack of definitions make this vulnerable to manipulation the law will be obviously bent and abused to favor whoever can find loopholes with this rule
I do not believe that any company or exchange, centralized or not, is willing to allow access to its servers with 100% transparency and without any type of restriction. If they did, the truth would come to light about many hacks that never really existed. That is why they will find a way to hide information or only give access to certain stored information.
For years I've wondered how many of the hacks we've seen in the news were real hacks and how many were committed by company staff, since I am sure that some have not been real attacks and that has been the perfect excuse to steal user funds.
-
The article's saying $3B was lost in cryptos hacks in 2024 so if ppl get compensated who's going to pay ?
The rule aims to hold crypto service providers accountable for compensating users who lose funds to theft or fraud... Read more here (https://beincrypto.com/us-crypto-providers-to-compensate-scam-victims/).
That's good point. Depending on one's perspective, this rule could be seen as attempt to bankrupt company which offer cryptocurrency service.
-
That's good point. Depending on one's perspective, this rule could be seen as attempt to bankrupt company which offer cryptocurrency service.
This could be trying to bankrupt some companies, or allowing only those companies to operate in the market that can maintain the security of their clients' funds and those that can have insurance in case of catastrophe. However, both options involve internal code reviews, server configuration reviews, firewall reviews, all verifications must be done by third parties and a complete history of incoming and outgoing transactions and all wallets used by the company must be provided.
Does anyone think any company will allow that?. Before allowing that, some companies would choose to get hacked. And again we return to the beginning.
-
It's confusing because it's general. If they aren't naming who's going to be responsible for compensating victims they're upsetting the market. The speculating won't help any body.
It says that it is aimed at 'cryptocurrency service providers', which means it is still very general... or you could say service providers engaged in cryptocurrency such as exchanges, DeFi lending services, NFT platforms and so on... I haven't found anything definite there...
However, I think this is very excessive and can even cause more serious complications... hacking problems can indeed happen to anyone, but giving responsibility for the hack to someone else is clearly going too far... crypto activists cannot be chased continuously to give money to victims of fraud for free... while public facilities such as loans can still be used properly and I think that is fairer than having to be responsible for solving other people's problems.
-
It's confusing because it's general. If they aren't naming who's going to be responsible for compensating victims they're upsetting the market. The speculating won't help any body.
I don't see anything confusing. From what we have been able to read, although they do not name who will be responsible for paying these compensations, the most logical thing is that the exchanges (or company) themselves are in charge of paying. This will require not only an increase in system security efforts and therefore an increase in budgets, but will also mean that insurance budgets will have to be increased, to be able to face possible catastrophes. One of the negative aspects of all this is that exchanges may require an increase in KYC-related monitoring and also an increase in fees for the aforementioned budgets.
-
There are some strong exchanges that did this voluntarily without being forced by law, such as Binance and KuCoin, when they were hacked, they compensated their users to preserve their reputation.
As for forcing this compensation on the platforms that were hacked, I think it is unfair and will be a very heavy burden on these services that were just hacked and lost a large part of their budget, which may lead to their bankruptcy and stop working.
-
There are some strong exchanges that did this voluntarily without being forced by law, such as Binance and KuCoin, when they were hacked, they compensated their users to preserve their reputation.
This is only partially true. Binance several years ago (in 2019) attempted to roll back the Bitcoin network after an attack in which 8,000 Bitcoins were hacked from the exchange. Finally CZ abandoned that "brilliant" idea.
As for forcing this compensation on the platforms that were hacked, I think it is unfair and will be a very heavy burden on these services that were just hacked and lost a large part of their budget, which may lead to their bankruptcy and stop working.
Unfair?. I don't think it's unfair. The most important thing in any business is customers, if you don't take care of your customers your business should not exist. Maybe a possible solution would be to have a lower profit percentage and use that money to increase the security budget.
-
This proposal raises critical concerns. If it applies to non-custodial wallets, it’s unrealistic, as users control their private keys. Forcing wallet providers to compensate victims without recovering funds could lead to severe financial losses, stifling innovation. A better approach would be emphasizing security measures and fraud prevention rather than placing undue burdens on providers.
-
As for forcing this compensation on the platforms that were hacked, I think it is unfair and will be a very heavy burden on these services that were just hacked and lost a large part of their budget, which may lead to their bankruptcy and stop working.
Unfair?. I don't think it's unfair. The most important thing in any business is customers, if you don't take care of your customers your business should not exist. Maybe a possible solution would be to have a lower profit percentage and use that money to increase the security budget.
Of course, protecting customers is the basis of any service, but I meant that it is unfair to small platforms because it may lead to the platform's bankruptcy and closure. This hacked platform lost a large part of its budget as a result of hacking, and imposing compensation on those directly affected may lead to its bankruptcy and closure because its budget cannot bear all this burden.
For example, a compensation plan can be put in place in stages that do not lead to the platform's closure. The law must be fair to both parties, this is my opinion.
-
The article's saying $3B was lost in cryptos hacks in 2024 so if ppl get compensated who's going to pay ?
The rule aims to hold crypto service providers accountable for compensating users who lose funds to theft or fraud... Read more here (https://beincrypto.com/us-crypto-providers-to-compensate-scam-victims/).
What is going to happen from this is that the CFPB will make a few companies make 'token repayments' when they suffer a major scam in the future, but the overwhelming number of exchanges will implement anti-scam measures, by adding directories of services and their payment links, then by freezing the transactions before the user can finish them and make the user check everything or simply block them from doing that transaction quietly. Why? Because they won't want to pay any fine.
I think this is a good idea. It was done by Coinbase during the 2020 Twitter phishing campaign too.
-
If anti-scam measures were implemented by exchanges do you believe they won't be forced to compensate victims of fraud ?
What is going to happen from this is that the CFPB will make a few companies make 'token repayments' when they suffer a major scam in the future, but the overwhelming number of exchanges will implement anti-scam measures, by adding directories of services and their payment links, then by freezing the transactions before the user can finish them and make the user check everything or simply block them from doing that transaction quietly. Why? Because they won't want to pay any fine.
I think this is a good idea. It was done by Coinbase during the 2020 Twitter phishing campaign too.
-
New US Rule Could Force Crypto Providers to Compensate Fraud Victims
I have so many concern about this proposal. It's not clear whether it only applies to custodial wallet or also apply to non-custodial wallet.
i agree that there is some confusion here this seems like a good rule but due to its vagueness it can be easy to manipulate and abuse this rule
In addition, the wallet provider would suffer major loss if they forced to compensate the victim, but can't take the money back from the hacker/scammer. Your opinion is greatly appreciated.
that is my concern too what if the user is the one who has put himself and his wallet and money in danger? would the provider still have to compensate the victim? i would not be surprised if many wallets stricten their rules because of this
-
that is my concern too what if the user is the one who has put himself and his wallet and money in danger? would the provider still have to compensate the victim? i would not be surprised if many wallets stricten their rules because of this
I think the rule the article refers to is in case a service like an exchange or staking platform (for example) has problems, not the personal wallet that anyone can install on a device. The security of the devices and wallets installed by each person would be outside that rule and the responsibility would fall solely on the user. Otherwise, it would not be possible, or very difficult, to prove that the wallets have been hacked or that the funds have simply been sent to another wallet of the same owner.
-
I have so many concern about this proposal. It's not clear whether it only applies to custodial wallet or also apply to non-custodial wallet. In addition, the wallet provider would suffer major loss if they forced to compensate the victim, but can't take the money back from the hacker/scammer. Your opinion is greatly appreciated.
Well, this is a good step in my sight because if all of the crypto platforms out there in USA have to give their customers their money back in any condition then they will make their platform more secure and the chances for them to rug pull will also decrease because if this law passes, they have to first comply with it, and once they do that, they can't run away, CMIIW.
Speaking of wallets, they have made things clear in the article that, the wallet providers have to just make their terms and conditions and new rules according to the CFPB clear to the users once this proposal got accepted. They don't have to give the funds of the users back they just had to make sure their users know that (risk).
-
New US Rule Could Force Crypto Providers to Compensate Fraud Victims
The US Consumer Financial Protection Bureau (CFPB) has unveiled a proposal that could redefine consumer protections in the cryptocurrency sector.
The rule aims to hold crypto service providers accountable for compensating users who lose funds to theft or fraud... Read more here (https://beincrypto.com/us-crypto-providers-to-compensate-scam-victims/).
I have so many concern about this proposal. It's not clear whether it only applies to custodial wallet or also apply to non-custodial wallet. In addition, the wallet provider would suffer major loss if they forced to compensate the victim, but can't take the money back from the hacker/scammer. Your opinion is greatly appreciated.
My view from the article, is that the CFBP is indirectly telling the Crypto providers be it exchange or wallet to increase the protection of their platforms to avoid case of scam and fraudulent activities. If these platforms can't provide 100% security of customers funds, then their liability to fraud is sure.
In addition, in a situation of hack, the Crypto platform wouldn't be able to payback customer's lost funds because even the platform would already be on its own loss... And this possibly can lead to the folding up of the platform...
Or else they have a counterattack to emergency situations like this, maybe a funds reserve or some locked funds kept somewhere else.
-
All types of fraud relating to crypto or just the ones where fraud is as a result of issues from the crypto provider? This looks very vague, I'm curious about how this would work when you get scammed as a result of your own negligience, surely the crypto provider can't be held resposible for that.
-
It's vague there isn't detailed info yet so until it's announced with a plan we don't know how a new rule could force ppl to compensate fraud victims. We're making assumptions.
-
It's vague there isn't detailed info yet so until it's announced with a plan we don't know how a new rule could force ppl to compensate fraud victims. We're making assumptions.
for all we know that is all there is it is not exactly uncommon for rules and regulations to be vague so that they can spin it any way they want it to sometimes a government releases a law that is difficult to understand and has unclear bases i would not be surprised if this was the case considering how there is a lot of things to cover in crypto and there are so many exceptions to be made just the safest way is to make it vague
-
They've got to make all the rules clear. America's changed it's leadership with a new team so we'll see how Elon Musk & Donald Trump bring new crypto laws.
for all we know that is all there is it is not exactly uncommon for rules and regulations to be vague so that they can spin it any way they want it to sometimes a government releases a law that is difficult to understand and has unclear bases i would not be surprised if this was the case considering how there is a lot of things to cover in crypto and there are so many exceptions to be made just the safest way is to make it vague
-
They've got to make all the rules clear. America's changed it's leadership with a new team so we'll see how Elon Musk & Donald Trump bring new crypto laws.
Not only are clear rules needed from the beginning of this new proposal. It is also necessary to know who is going to provide the money after suffering a security breach in which confidential user data is stolen or funds are stolen. And I still think that it is the companies that should pay (exchanges, payment processors and others) since it is their obligation to maintain the maximum security of their systems. If this is not done, and the State is responsible for paying, once again the problem would fall on the taxpayer and not on the company that did not properly secure its systems.
-
Although the initial idea may seem good to the affected users, I believe that the entire process necessary to carry it out could make the entire path traveled useless. Being able to do something like this would require 100% transparency of the affected service (exchange, company) and I am not just referring to economic transparency, with which very few companies will agree, but also, in the case of hacks, transparency with code, firewalls, access to servers, wallets and much more.
How many companies would be willing to hand over all the keys?. I'm sure a very low percentage of them.
No. The victims may not have ven be open to give up transparency either. One wallet leads to another and it will be another issue to face for the victims when it reveals something else.
For exchanges, they will have to prove they are really hacked. Of all exchanges who claimed they were hacked, non of them really care to show they were.
Well, the prove of exchange hack is a challenge on the crypto space, and most exchanges who claimed to have been hacked might not be real. I am completely doubtful if some of the exchanges, especially the tie three exchanges can proof that they are actually hacked, i think many of them may not be sincere.
In my opinion, the idea to compasate victims is a good idea, though the challenges regarding real hack has to be addressed to avoid creating more problems to all parties involved.
-
Well, the prove of exchange hack is a challenge on the crypto space, and most exchanges who claimed to have been hacked might not be real. I am completely doubtful if some of the exchanges, especially the tie three exchanges can proof that they are actually hacked, i think many of them may not be sincere.
In my opinion, the idea to compasate victims is a good idea, though the challenges regarding real hack has to be addressed to avoid creating more problems to all parties involved.
I totally agree. How will they be able to prove that an exchange has actually been hacked and that it was not an attempt to take users' funds?. It is true that today's computer forensic tools are very advanced, but even those tools would not be able to find something that does not exist, but has been emulated to give the impression, and false evidence, of a real hack. I don't know how they are going to present this new rule, but I would like to know how they are going to solve possible problems like this and many others that may appear.
The worst thing about all this is that although they may have good intentions to protect exchange users, this rule could cause the opposite, more bureaucracy, waiting times and possible scams that are difficult to prove.
-
I totally agree. How will they be able to prove that an exchange has actually been hacked and that it was not an attempt to take users' funds?. It is true that today's computer forensic tools are very advanced, but even those tools would not be able to find something that does not exist, but has been emulated to give the impression, and false evidence, of a real hack. I don't know how they are going to present this new rule, but I would like to know how they are going to solve possible problems like this and many others that may appear.
the government or the platform wouldn’t just take people’s words for it they need proof and they need to i guess look at the platform itself there will be activity logs that surely would raise suspicions and can indicate that someone really did try to hack the platform and they were successful taking funds
The worst thing about all this is that although they may have good intentions to protect exchange users, this rule could cause the opposite, more bureaucracy, waiting times and possible scams that are difficult to prove.
good for bringing up waiting times i just hope that the government is efficient but if history repeats itself it is possible that victims would not be compensated immediately and would need to wait for some time
-
the government or the platform wouldn’t just take people’s words for it they need proof and they need to i guess look at the platform itself there will be activity logs that surely would raise suspicions and can indicate that someone really did try to hack the platform and they were successful taking funds
good for bringing up waiting times i just hope that the government is efficient but if history repeats itself it is possible that victims would not be compensated immediately and would need to wait for some time
Do you mean that the government or a government-appointed company performs an audit? That would be normal, but that's what I meant by cheating. The exchange can simulate a hack, or even be hacked for real, but by "hackers" who have almost all the keys to access any server and from there, for example, escalate privileges until they obtain almost absolute control. I think it will be very difficult to control which hack is real and which is not. And thinking about the worst, I think this new government rule is going to bring more problems than solutions.
-
Trump hasn't announced his intentions so we're wasting time on opinions which might not be true. We've got to comment after they've published their rules on how they're going to force crypto providers to compensate victims.
The worst thing about all this is that although they may have good intentions to protect exchange users, this rule could cause the opposite, more bureaucracy, waiting times and possible scams that are difficult to prove.
-
Trump hasn't announced his intentions so we're wasting time on opinions which might not be true. We've got to comment after they've published their rules on how they're going to force crypto providers to compensate victims.
I don't think we're wasting our time, we're just giving our opinion on how things could be when this new ruleis signed and comes into effect. This new rule could change things a lot when users lose their funds due to exchange hacks, if the new rule grants compensation to those users, that money will have to come from somewhere, trying to discuss where that money is going to come from, whether from the government, taxes or wherever, is the purpose of this thread, in addition to knowing how exchanges would prove that they have really been hacked.