FCC robocall rule could make phone accounts a richer target for crypto attackers | Regulation featured

The FCC’s proposed robocall rule, published May 26 under CG Docket Nos. 17-59 and 02-278, could make phone accounts more attractive targets for crypto attackers by expanding the identity data carriers would collect. The agency asks originating voice providers to obtain and retain customer names, physical addresses, government-issued ID numbers, alternate phone numbers, and verification records, and to keep that information for four years after the customer relationship ends. It also proposes a $2,500 per-call base forfeiture for KYC violations, with comments due by June 25. While the FCC frames the measure around stopping illegal robocalls that cost Americans billions, the article highlights a “second-order” security risk: phone numbers underpin crypto onboarding, account recovery, SMS two-factor authentication, and support verification. It points to SIM-swap incidents—used to hijack a victim’s number and intercept authentication codes—as a pathway to irreversible crypto losses, citing FBI IC3 figures of 1,611 complaints in 2021 and adjusted losses exceeding $68 million. The report also references DOJ actions involving over $5 million in Bitcoin and an SEC X account compromise tied to a SIM swap.