What are the crime prevention implications of new crypto legislation?

• Early in 2025, the Trump administration is predicted to adopt a vigorous pro-crypto legislative strategy.
• The U.S. cryptocurrency industry is expected to be the focus of Congressional action, but cybersecurity is a concern as criminals adapt their tactics to avoid detection.
• Revisited bills like FIT21 and the Cryptocurrency Cybersecurity Information Sharing Act, which were previously stalled, may be revisited.

As the power in Washington, D.C. shifts, Congress and the Trump administration are expected to introduce pro-crypto legislation. However, the focus on cybersecurity in the political effort is currently lacking, which could pose a challenge for crypto's growing popularity among a cautious American public.

Cryptocurrency, including Bitcoin, Ethereum, and others, has a dedicated following among American adults. Despite this, the market share of American wallets holding cryptocurrency has remained stable since 2021, with 17% of adults having traded in crypto. However, a poll conducted by Pew Research Center before the election revealed that 63% of adults have little to no confidence in crypto investing or trading, and they do not believe cryptocurrencies are reliable or safe.

The Trump administration has emphasized its commitment to the crypto industry, rather than the consumer.

Dusty Johnson (R-South Dakota) stated that the top priority for the industry is to establish a regulatory framework to conduct business, as he played a role in drafting the Financial Innovation and Technology for the 21st Century Act (FIT21) that addresses digital assets under U.S. law. Although the bill passed in the House with bipartisan support, it has not yet been considered by the Senate.

The new administration will likely build upon the specific crypto-cybersecurity provisions contained in FIT21.

The cybersecurity provisions in FIT21, as stated by Glenn "GT" Thompson (R-Pennsylvania), Chairman of the House Committee on Agriculture and a co-author of the bill, remain crucial for the upcoming administration.

According to Thompson, financial intermediaries engaging with digital assets must adhere to important cybersecurity safeguards as outlined in FIT21. The regulation includes provisions to ensure that regulated firms evaluate and mitigate cyber vulnerabilities to protect both their services and the assets they hold on behalf of their customers.

Digital asset markets and participants must be protected by these critical cybersecurity requirements, according to Thompson.

Despite some experts' doubts, the Trump administration may take action on the security side of the legislation due to the close advisement of crypto proponents.

According to Jeff Le, vice president of global government affairs and public policy at Security Scorecard and a former assistant cabinet secretary in the California governor's office, the incoming economic team, comprising SEC Chair-designate Paul Atkins, Commerce Secretary Howard Lutnick, and Treasury Secretary-designate Scott Bessent, has a history of supporting cryptocurrencies.

In his second term, President-elect Trump has designated venture capitalist David Sacks as his AI and crypto "czar."

Crypto industry's role in political realignment

The crypto industry has contributed significantly to the 2024 election cycle, with contributions not limited to the GOP but focused on lawmakers with an industry-friendly view of crypto regulation. This trend is likely to continue to influence political calculations. The pro-crypto and bipartisan super PAC Fairshake has already raised over $100 million for the 2026 midterm elections, with commitments from Coinbase and Silicon Valley venture fund Andreessen Horowitz, an early backer of Coinbase. Additionally, top Andreessen Horowitz executives have been tapped for roles in the Trump administration.

Recently, Coinbase's chief policy officer, Faryar Shirzad, stated that we currently have the most pro-crypto Congress in history and an extraordinarily pro-crypto president coming into office, as reported by CNBC.

Despite the reasons, it is uncommon for cryptocurrency supporters to advocate for stricter regulation in the industry, according to Jason Baker, senior threat intelligence consultant at GuidePoint Security.

Cryptocurrency's anonymity and independence are frequently cited as its main advantages, but its decentralized nature makes it difficult to regulate in a traditional manner.

According to Baker, we do not expect significant progress in cryptocurrency regulation within the next four years due to the current administration's signaling and the influence of cryptocurrency proponents on the administration.

The lack of regulation action has clear consequences for cybersecurity, as indicated by the correlation between a pro-crypto Washington, D.C., and investors' optimistic predictions about digital assets.

Cybercriminals profit from the rise in cryptocurrency value, as seen in ransomware attacks where ransoms are typically demanded in USD but payments are often made in bitcoin. As the value of bitcoin increases, cybercriminals will benefit, according to Baker.

"The potential easing of cryptocurrency regulation in the future could indicate that cybercriminals continue to find Bitcoin a profitable and resilient target, despite the possibility of government interference," Baker stated.

Baker stated that cybercriminals are adopting new strategies to avoid detection and legal consequences, including using less traceable cryptocurrencies such as Monero.

Ransomware's potential role in Congressional action

Baker believes that it is more feasible and acceptable for regulation to focus on organizations that handle cryptocurrency payments, including those used as ransom demands or for other purposes, in the current regulatory climate.

"For instance, this could entail stricter reporting requirements for ransom payments made, although this idea has not gained much momentum in the past," Baker stated. This method can be viewed as controlling users' activities and objectives rather than the cryptocurrency itself.

Besides restoring access to technology systems, there are other reasons why payment in cryptocurrency is commonly used in digital extortion schemes, such as protecting the identity and operational security of the criminal. Additionally, private organizations may choose to use crypto to purchase leaked data or credentials that have been made available on illegal forums.

Some private individuals may attempt to report and receive payment for discovered vulnerabilities under a "bug bounty" program, whether voluntary or coerced (so-called "beg bounty"). They may prefer to request payment in cryptocurrency for privacy reasons, and private organizations may or may not comply.

Though there may be other ways for organizations to use cryptocurrency, these are the most common forms we observe on a regular basis," Baker stated. "These actions would likely affect cryptocurrency value due to their impact on transaction volume, as Baker noted.

FTI Consulting's global leader of blockchain and digital assets, Steve McNew, believes that cyber-crypto legislation may occur, particularly in cases where a company is attacked by ransomware and pays their attackers in cryptocurrency.

McNew stated that disclosing the ransoms paid out by a company following a cyberattack can make it a bigger target for future criminal enterprises. While it may seem logical to reveal where funds are going and which cryptocurrencies were used in a payment, doing so can put the company and its stakeholders at risk.

McNew states that any policy decisions regarding cryptocurrency disclosures must balance the need for transparency in criminal matters with the potential risks that transparency may bring.

Despite receiving broad bipartisan support, FIT21 did not tackle these issues directly.

The Cryptocurrency Cybersecurity Information Sharing Act of 2022 could gain more traction in the next Congress, as it allows companies to share cybersecurity threat information with the federal government and with one another, according to Le.

Congress may revisit the work of Patrick McHenry and Brittany Pettersen on the Ransomware and Financial Stability Act of 2024, which aimed to strengthen the resilience of the U.S. financial system against ransomware attacks, establish clear protocols for ransom payments, and ensure that such payments, including those involving cryptocurrencies, are made within a controlled and legally compliant framework.

The Trump administration may not continue the Biden administration's leadership role in the International Counter Ransomware Initiative, a 68-country coalition aimed at preventing ransomware payments.

The broader bitcoin governance battle

According to McNew, the definition of crypto and its basic parameters could hinder legislation, even those aimed at promoting innovation and adoption of the industry.

Before any significant legislation can be enacted, U.S. lawmakers must first establish the roles, responsibilities, and basic parameters for governing the digital asset industry, as McNew emphasized. One crucial aspect that remains unaddressed is the designation of an authority for digital assets.

The primary reason Securities and Exchange Commission Chair Gary Gensler was a thorn in the side of the crypto industry was due to the basic governance structure being a major sticking point during the Biden administration.

The responsibility for digital assets markets will need to be defined and provided with clear rules for legislation to be effective. However, McNew noted that with the closely divided House in the next session, it may be challenging to reach an agreement.