The Federal Communications Commission is considering new requirements for phone carriers that could increase vulnerabilities for cryptocurrency users. The proposal would mandate expanded identity collection by service providers.
The FCC published its proposal on May 26 under dockets 17-59 and 02-278. It asks carriers to gather customer names, addresses, government ID numbers, and verification records before providing service. The data would be retained for four years after a customer ends service.
Comments on the plan are due by June 25. The agency links the measure to curbing illegal robocalls that cost Americans billions annually. It targets originating voice providers as the best point to block such calls.
Phone numbers often anchor crypto account recovery and two-factor authentication. Expanded carrier records could therefore make those numbers more attractive targets for SIM-swap attacks. Past incidents, including a 2025 Justice Department forfeiture case and a 2024 compromise of the SEC's X account, show how phone control can lead to crypto losses.
The proposal leaves open whether rules would apply to retail and prepaid customers or only commercial users. Bitcoin researcher Jameson Lopp has noted that identity-linked phone service can raise risks of extortion and physical attacks for large holders.
