Treasury offers crypto TI

The U.S. Treasury is starting to send cyber threat warnings directly to eligible American crypto firms, using the same information-sharing channel it already uses with traditional financial institutions. Treasury said the program will give qualifying firms timely threat intelligence and defensive guidance at no cost. (nextgov.com) That is a quiet change in how Washington treats crypto. Treasury’s own cyber office said digital asset platforms are now being folded into the country’s financial threat-sharing system because attacks on exchanges, custodians, and related services are growing more frequent and more sophisticated. (nextgov.com) The basic idea is simple: if the government sees a burglar casing the block, it tells the houses most likely to get hit next. In practice, that can mean indicators tied to malware, wallet-draining campaigns, fake job applicants, or infrastructure used by known hacking groups. (coindesk.com) Treasury is moving now because crypto theft has become a national security problem, not just a customer-service problem. The Federal Bureau of Investigation said North Korea stole about $1.5 billion from Bybit on February 21, 2025, and then spread the funds across thousands of blockchain addresses for laundering. (ic3.gov) The United States, Japan, and South Korea had already warned in January 2025 that North Korean groups were targeting exchanges, custodians, freelance workers, and blockchain companies with social engineering and insider-style tactics. That joint statement tied North Korea to 2024 thefts including $308 million from DMM Bitcoin and $235 million from WazirX. (state.gov) By December 2025, Chainalysis estimated that more than $3.4 billion had been stolen across the crypto industry during the year, and at least $2.02 billion of that was linked to North Korea. Chainalysis also said North Korean attacks made up a record 76% of service compromises in 2025. (chainalysis.com) The pattern has changed too. Chainalysis said the biggest losses are increasingly coming from attacks on private key systems and transaction-signing processes, which means a single successful trick against the right employee or vendor can open the vault instead of just a side door. (chainalysis.com) Treasury’s new program is aimed at that exact gap between “we know this threat exists” and “the target sees it in time.” Nextgov reported that eligible firms and industry groups will get the same threat intelligence Treasury already distributes to banks, which turns crypto from an outsider sector into part of the same defensive network. (nextgov.com) Treasury has not publicly spelled out every eligibility rule yet, which means this is not a blanket broadcast to every token project with a website. The structure looks closer to a trusted-members network, where firms get access because they are U.S.-based, meet agency criteria, and can act on sensitive warnings quickly. (nextgov.com)