What to expect from the new crypto legislation on the crime side

With the levers of power in Washington, DC about to change hands, a slew of pro-crypto legislation is expected from Congress and the Trump administration. To date, there has been less focus on the cybersecurity side of the political effort, which could be a problem for crypto given its popularity among a wary American population.Â

Cryptocurrency, which includes not only bitcoin but ethereum, dogecoinand others, has a loyal following among American adults. According to the Pew Research Center, 17% of American adults have traded in crypto, but the market share of US wallets has remained virtually unchanged since 2021. Meanwhile, according to a Pew poll conducted just before the election, 63% of of adults say they have little or no confidence in investing or trading crypto and don’t think cryptocurrencies are trustworthy and safe.Â

The incoming Trump administration has touted its crypto bona fides, focusing on the industry rather than the consumer.

“The No. 1 most important priority for the industry is to make sure they have a regulatory framework so they can do business,” said Dusty Johnson (R-South Dakota), who helped author Financial Innovation and Technology for the 21st. Act of the Century (FIT21) addressing the treatment of digital assets under US law. The law passed the House of Representatives with bipartisan support, but has not been taken up by the Senate.

FIT21 contained specific crypto-cybersecurity provisions, which Johnson predicts will be built into the new administration.

Glenn “GT” Thompson (R-Pennsylvania), Chairman of the House Agriculture Committee and a co-author of FIT21, says the cybersecurity provisions in the bill are still key in the next administration.

“FIT21 requires significant cybersecurity safeguards for financial intermediaries that engage with digital assets,” Thompson said in a statement to CNBC, adding that FIT21 includes clear provisions to ensure that regulated firms take steps to assess and mitigate cyber vulnerabilities to protect both the services they provide and the assets they hold on behalf of their clients.

“These cybersecurity requirements are critical to protecting digital asset markets and market participants,” Thompson said.

However, some experts doubt there will be much action on the security side of the legislation, given that crypto proponents are closely advising the Trump administration.

“Personnel is politics,” says Jeff Le, vice president of global government affairs and public policy at Security Scorecard and a former assistant cabinet secretary in the California governor’s office. The top ranks of the incoming economic team, made up of SEC chairman-designate Paul Atkins, Commerce Secretary Howard Lutnick and Treasury secretary-designate Scott Bessent, “have had a history of supporting cryptocurrencies,” he said. Let.

Among other key posts in his second administration, President-elect Trump has named venture capital investor David Sacks as his artificial intelligence and crypto “czar.”

The role of the crypto industry in political realignment

The crypto industry donated significant sums to the 2024 election cycle, contributions that were not limited to the GOP but focused more broadly on lawmakers with an industry-friendly view of crypto regulation. This is likely to continue to affect political calculations. The pro-crypto and bipartisan Super PAC Fairshake and its affiliates have already raised over $100 million for the 2026 midterm elections, including commitments from Coinbase and Silicon Valley venture fund Andreessen Horowitz, an early backer of Coinbase. Senior executives at Andreessen Horowitz have been tapped for roles in the Trump administration.

“We have the most pro-crypto Congress ever [in] history, we have an extremely pro-crypto president coming into office,” Faryar Shirzad, Coinbase’s chief policy officer, recently told CNBC.

“It’s rare to see cryptocurrency proponents advocating increased regulation in the space, regardless of the reason,” said Jason Baker, senior threat intelligence consultant at GuidePoint Security.

Baker says the anonymity and independence of cryptocurrency are often cited as the main benefits the legislation would limit, and the decentralized nature of cryptocurrency makes it difficult to regulate in a traditional sense.

“Given current signaling from the incoming administration and the interests of influential cryptocurrency advocates in the administration, we do not foresee significant advances in cryptocurrency regulation within the next four years,” Baker said.

If there isn’t much action on regulation, there are some obvious cybersecurity implications, he said, driven by the correlation between a pro-crypto Washington, D.C., and bullish bets by investors on digital assets.

“Cybercrime is often driven by profit from the rise in the value of cryptocurrency. In ransomware, for example, rewards are usually demanded in USD, but payments are more often made in bitcoin. When the value of bitcoin increases, cybercriminals will benefit,” Baker said.

“The future de-emphasis on cryptocurrency regulation may signal positively that bitcoin cybercrime operations remain viable and unlikely to suffer government disruption to operators in the space,” Baker said.

Cybercriminals have also changed tactics to avoid legislation and scrutiny, Baker added, moving to more under-the-radar cryptocurrencies like Monero.

Ransomware’s Potential Role in Congressional Action

Baker predicts that regulation focused on organizations that issue cryptocurrency payments – whether in the form of a reward payment or for other purposes – is more likely to be achieved and satisfied in the current regulatory environment.

“This could include, for example, increased requirements for reporting ransom payments when they are made, a policy that has been implemented without gaining significant traction in recent years,” Baker said. This approach can be argued to be more regulatory of end users and goals than the underlying cryptocurrency itself.

In addition to ransomware payments to restore access to technology systems, there are other reasons why payment in cryptocurrency is common in digital extortion schemes, including protecting the criminal’s identity and operational security. Private organizations may also choose to use crypto to purchase leaked data or credentials that have been made available on illegal forums.

There may also be situations where private individuals try to report and get paid for vulnerabilities discovered under a bug bounty program – either voluntary or forced (so-called “beg bounty”). They may require payment in cryptocurrency out of personal preference or a general desire for privacy, and private organizations may or may not oblige.

“While there are certainly other options for organizations to use cryptocurrency in some form, these are the main forms that we see regularly or most often,” Baker said. “Though such actions would almost certainly have downstream impacts on the value of the cryptocurrency due to their impact on transaction volume,” Baker added.

Steve McNew, the global leader of blockchain and digital assets at FTI Consulting, thinks that some cyber legislation could happen, especially governing when a company victimized by a ransomware pays their attackers in cryptocurrency.

“There’s more than just public policy at stake,” McNew said. If a company is compromised in a cyberattack and required to make public disclosure of the rewards it paid, it could result in the company becoming a greater target in the future for other criminal enterprises, McNew said. While it may make sense, on the one hand, to disclose where funds go and which cryptocurrencies are used in a payment, doing so can put the company (and by extension its customers, employees and partners) at risk.

“So any policy decision about cryptocurrency disclosure in this context will require balancing the need for transparency about the use of cryptocurrency in criminal cases against the risks that such transparency could deteriorate,” says McNew.

Although FIT21 passed the House with broad bipartisan support, it did not specifically address these issues.

Let’s wait for some legal actions that may try to address this topic. “The upcoming Congress may see more traction for proposed legislation like the Cryptocurrency Cybersecurity Information Sharing Act of 2022, which allows companies to share information about cybersecurity threats with the federal government and with each other the other,” he said.

Le said Congress could also review the work of outgoing Financial Services Chairman Patrick McHenry (R-North Carolina) and Rep. Brittany Pettersen (D-Colorado) and the Ransomware and Financial Stability Act of 2024, which aims to “strengthen the resilience of the US financial system against ransomware attacks by establishing clear protocols for ransom payments and ensuring that such payments, including those involving cryptocurrencies, be done within a controlled framework and in accordance with the law.”

But he added that it is unclear whether the Trump administration will continue the Biden administration’s leadership role in the International Anti-Ransomware Initiative, a 68-nation coalition aimed at preventing ransomware payments.

The wider bitcoin governance battle

McNew says that many of the basic parameters surrounding crypto, even down to its definition, can hinder legislation, even aspects of it intended to drive innovation and industry adoption.

“US lawmakers have work to do in defining the roles, responsibilities and basic parameters for how the industry will be governed before any meaningful legislation can be enacted,” McNew said. As an example, establishing a designated authority for digital assets is an imperative that has yet to be addressed.

The basic governance structure was a major stumbling block during the Biden administration and a major reason SEC Chairman Gary Gensler was a thorn in the side of the crypto industry.

“Legislators must decide whether responsibility will fall under the SEC, CFTC or another body. Issues around taxes and broker designations for digital asset markets will also need to be defined and ensured with a set of clear rules that legislation to be effective,” McNew said, adding that given how closely divided the House will be next session, it may be difficult to reach an agreement.Â