Treasury opens crypto cyber sharing

A crypto exchange can lose hundreds of millions of dollars in one afternoon, and the attack often starts with the digital version of a forged shipping label or a fake login page. On April 9, the United States Treasury said eligible U.S. digital-asset firms can now get the same cyber threat information it already shares with banks and other financial institutions. (nextgov.com) The office running it is Treasury’s Office of Cybersecurity and Critical Infrastructure Protection, and the offer covers “timely, actionable cybersecurity information” for qualifying firms and industry groups. Treasury said interested companies should contact that office directly, and trade coverage said the service is being offered at no cost to firms that meet Treasury’s criteria. (nextgov.com) (coinedition.com) What Treasury is sharing is not a rulebook or a fine. It is the kind of warning that tells a firm which hacker group is active, what trick it is using, and what network signs to look for before customer funds move out the door. (pymnts.com) (nextgov.com) Treasury is making this move after a stretch of giant thefts that made crypto security look less like a niche tech problem and more like a financial-stability problem. On February 21, 2025, Bybit lost about $1.5 billion in what multiple outlets described as the largest crypto heist on record. (forbes.com) (wilsoncenter.org) The United States Federal Bureau of Investigation said North Korea was responsible for that Bybit theft, tying it to the Lazarus Group hacking operation. By December 2025, Chainalysis said North Korean hackers had stolen $2.02 billion in cryptocurrency during 2025 alone, which was about 59 percent of the $3.4 billion stolen globally that year. (bleepingcomputer.com) (chainalysis.com) That is why the bank comparison matters. Treasury is effectively saying a large crypto custodian or exchange now creates enough spillover risk that it should hear the same alarms a bank would hear when a new phishing campaign, malware strain, or hostile state actor starts probing the financial system. (bankingjournal.aba.com) (nextgov.com) Treasury officials said that shift out loud. Assistant Secretary for Financial Institutions Luke Pettit said digital-asset firms are an increasingly important part of the U.S. financial sector, and Counselor to the Secretary for Digital Assets Tyler Williams linked the effort to the administration’s push for “responsible innovation” backed by stronger operational resilience. (coinedition.com) (pymnts.com) The fine print is that Treasury has not publicly listed every eligibility requirement, so this is not a blanket feed for every token project with a website and a wallet address. The program is aimed at eligible U.S. firms and industry organizations, which suggests Treasury wants counterparties that can handle sensitive threat data and act on it quickly. (nextgov.com) (coinedition.com) The bigger change is cultural inside Washington. For years, most federal crypto contact came through enforcement cases, sanctions notices, and compliance speeches; this program adds an operational lane where the government treats crypto firms as infrastructure worth defending in real time. (coindesk.com) (scworld.com) If this works, the visible result will be boring on purpose: fewer emergency withdrawal freezes, fewer customers discovering drained accounts on a Sunday, and more attacks stopped before they become headlines. Treasury is not making crypto safe, but it is moving the sector one step closer to the security playbook the rest of finance already uses. (nextgov.com) (blockonomi.com)