New US Rule Could Force Crypto Providers to Compensate Fraud Victims

[ABCbits]

New US Rule Could Force Crypto Providers to Compensate Fraud Victims

The US Consumer Financial Protection Bureau (CFPB) has unveiled a proposal that could redefine consumer protections in the cryptocurrency sector.

The rule aims to hold crypto service providers accountable for compensating users who lose funds to theft or fraud... Read more here.


I have so many concern about this proposal. It's not clear whether it only applies to custodial wallet or also apply to non-custodial wallet. In addition, the wallet provider would suffer major loss if they forced to compensate the victim, but can't take the money back from the hacker/scammer. Your opinion is greatly appreciated.

[Freemind]

Although the initial idea may seem good to the affected users, I believe that the entire process necessary to carry it out could make the entire path traveled useless. Being able to do something like this would require 100% transparency of the affected service (exchange, company) and I am not just referring to economic transparency, with which very few companies will agree, but also, in the case of hacks, transparency with code, firewalls, access to servers, wallets and much more.

How many companies would be willing to hand over all the keys?. I'm sure a very low percentage of them.

[target]

Although the initial idea may seem good to the affected users, I believe that the entire process necessary to carry it out could make the entire path traveled useless. Being able to do something like this would require 100% transparency of the affected service (exchange, company) and I am not just referring to economic transparency, with which very few companies will agree, but also, in the case of hacks, transparency with code, firewalls, access to servers, wallets and much more.

How many companies would be willing to hand over all the keys?. I'm sure a very low percentage of them.

No. The victims may not have ven be open to give up transparency either. One wallet leads to another and it will be another issue to face for the victims when it reveals something else.

For exchanges, they will have to prove they are really hacked. Of all exchanges who claimed they were hacked, non of them really care to show they were.

[Freemind]

~snip~
For exchanges, they will have to prove they are really hacked. Of all exchanges who claimed they were hacked, non of them really care to show they were.

This is also a problem, as some exchanges that claim to have been hacked have not been hacked, but rather it has been an internal "issue" perpetrated by exchange staff. So being able to demonstrate it would be an act of total transparency, as I said in my previous post, and that is something that many companies will not be willing to do. Also, that shouldn't just apply to exchanges, there are multiple staking platforms (among others) that typically claim to have been hacked when what they do is steal users' funds. We will see how far this new rule goes and whether it is really applied or not.

[arabspaceship123]

The article's saying $3B was lost in cryptos hacks in 2024 so if ppl get compensated who's going to pay ?

The rule aims to hold crypto service providers accountable for compensating users who lose funds to theft or fraud... Read more here.

[robelneo]

I have so many concern about this proposal. It's not clear whether it only applies to custodial wallet or also apply to non-custodial wallet. In addition, the wallet provider would suffer major loss if they forced to compensate the victim, but can't take the money back from the hacker/scammer. Your opinion is greatly appreciated.

This is unfair for many cryto service providers; I would like to highlight this on the article you provided

Critics argue that the CFPB rule’s broad definitions and lack of consultation with key crypto stakeholders may hinder its implementation.

Obviously, the stakeholders were not part of the consultation; there's going to be an opposition because this may hinder developers from creating or updating their platform for lack of protection on their part. They failed to realize that here in cryptocurrency, you are your own bank, and they cannot compensate people who do not secure their wallets properly. There's going to be a strong opposition to this new one because its unfair for the crypto community running platforms that deal with keeping coins.

[Z-tight]

I don't really know what to make of this, there are many things about it that is not so clear. If a service goes bankrupt and collapses, how can they be immediately forced to compensate victims. There are many fine details needed it this and it could make it too hard to implement.

[Zed0X]

~ It's not clear whether it only applies to custodial wallet or also apply to non-custodial wallet.

I agree that it has to be clearly defined in the proposed rule. If none of that is said, then it has to be the former. They are trying to expand the rule imposed to banks and this should also mean wallets that fully control the crypto funds.

With this rule, centralized exchanges and custodial wallets will be forced to spend more on their platform's security.

[bitterguy28]

How many companies would be willing to hand over all the keys?. I'm sure a very low percentage of them.

now that you mention that this rule could just be an excuse for the government to be able to look at platforms closely it does not matter whether it is a centralized or decentralized platform like said it might seem like a good move from the government but the lack of definitions make this vulnerable to manipulation the law will be obviously bent and abused to favor whoever can find loopholes with this rule

[bayu7adi]

The article's saying $3B was lost in cryptos hacks in 2024 so if ppl get compensated who's going to pay ?

It says that it is aimed at 'cryptocurrency service providers', which means it is still very general... or you could say service providers engaged in cryptocurrency such as exchanges, DeFi lending services, NFT platforms and so on... I haven't found anything definite there...

However, I think this is very excessive and can even cause more serious complications... hacking problems can indeed happen to anyone, but giving responsibility for the hack to someone else is clearly going too far... crypto activists cannot be chased continuously to give money to victims of fraud for free... while public facilities such as loans can still be used properly and I think that is fairer than having to be responsible for solving other people's problems.

[TomPluz]

I am supporting the very idea behind this new rule but maybe details can be refined and be clearly defined before it can be fully implemented...and am sure industry players that can be affected are going to be consulted on this matter. I believe that there is a big need to protect ordinary crypto users of different platforms. Now, as to hack, maybe we should be following what happened to Binance with its $570 million hack years ago but no one lost money as Binance made sure it was ready for something like that incident. Crypto service providers should make their platforms so secure and if a hack can come then it should have a facility to repay the money lost in the process.

[Freemind]

now that you mention that this rule could just be an excuse for the government to be able to look at platforms closely it does not matter whether it is a centralized or decentralized platform like said it might seem like a good move from the government but the lack of definitions make this vulnerable to manipulation the law will be obviously bent and abused to favor whoever can find loopholes with this rule

I do not believe that any company or exchange, centralized or not, is willing to allow access to its servers with 100% transparency and without any type of restriction. If they did, the truth would come to light about many hacks that never really existed. That is why they will find a way to hide information or only give access to certain stored information.

For years I've wondered how many of the hacks we've seen in the news were real hacks and how many were committed by company staff, since I am sure that some have not been real attacks and that has been the perfect excuse to steal user funds.

[ABCbits]

The article's saying $3B was lost in cryptos hacks in 2024 so if ppl get compensated who's going to pay ?

The rule aims to hold crypto service providers accountable for compensating users who lose funds to theft or fraud... Read more here.

That's good point. Depending on one's perspective, this rule could be seen as attempt to bankrupt company which offer cryptocurrency service.

[Freemind]

That's good point. Depending on one's perspective, this rule could be seen as attempt to bankrupt company which offer cryptocurrency service.

This could be trying to bankrupt some companies, or allowing only those companies to operate in the market that can maintain the security of their clients' funds and those that can have insurance in case of catastrophe. However, both options involve internal code reviews, server configuration reviews, firewall reviews, all verifications must be done by third parties and a complete history of incoming and outgoing transactions and all wallets used by the company must be provided.

Does anyone think any company will allow that?. Before allowing that, some companies would choose to get hacked. And again we return to the beginning.

[arabspaceship123]

It's confusing because it's general. If they aren't naming who's going to be responsible for compensating victims they're upsetting the market. The speculating won't help any body.

It says that it is aimed at 'cryptocurrency service providers', which means it is still very general... or you could say service providers engaged in cryptocurrency such as exchanges, DeFi lending services, NFT platforms and so on... I haven't found anything definite there...

However, I think this is very excessive and can even cause more serious complications... hacking problems can indeed happen to anyone, but giving responsibility for the hack to someone else is clearly going too far... crypto activists cannot be chased continuously to give money to victims of fraud for free... while public facilities such as loans can still be used properly and I think that is fairer than having to be responsible for solving other people's problems.