With the levers of power in Washington, D.C., about to change hands, a raft of pro-crypto legislation is expected from Congress and the Trump administration. To date, there’s been less focus on the cybersecurity side of the political effort, which could be an issue for crypto in relation to its popularity among a wary U.S. population. 

Cryptocurrency, which includes not just bitcoin but ethereum, dogecoin, and others, has a faithful following among American adults. According to the Pew Research Center, 17% of American adults have traded in crypto, but that market share of American wallets has remained virtually unchanged since 2021. Meanwhile, according to a poll Pew conducted shortly before the election, 63% of adults say they have little to no confidence in crypto investing or trading, and don’t think cryptocurrencies are reliable and safe. 

The incoming Trump administration has been touting its crypto bona fides, with a focus on the industry rather than the consumer.

“The No. 1 most important priority for the industry is to make sure they have a regulatory framework so that they can do business,” said Dusty Johnson (R-South Dakota), who helped author the Financial Innovation and Technology for the 21st Century Act (FIT21) that addresses the treatment of digital assets under U.S. law. The law passed in the House with bipartisan support but has not been taken up by the Senate.

FIT21 did contain specific crypto-cybersecurity provisions, which Johnson predicts will be built upon in the new administration.

Glenn “GT” Thompson (R-Pennsylvania), Chairman of the House Committee on Agriculture and a co-author of FIT21, says the cybersecurity provisions in the bill are still key in the upcoming administration.

“FIT21 requires important cybersecurity safeguards for financial intermediaries engaging with digital assets,” Thompson said in a statement to CNBC, adding that FIT21 includes explicit provisions to ensure that regulated firms take steps to evaluate and mitigate cyber vulnerabilities to protect both the services they offer and assets they hold on behalf of their customers.

“These cybersecurity requirements are critical for protecting digital asset markets and market participants,” Thompson said.

Some experts, however, doubt that there will be as much action on the security side of the legislation, given that crypto proponents are closely advising the Trump administration.

“Personnel is policy,” says Jeff Le, vice president of global government affairs and public policy at Security Scorecard and a former assistant cabinet secretary in the California governor’s office. The top ranks of the incoming economic team, made up of SEC Chair-designate Paul Atkins, Commerce Secretary Howard Lutnick, and Treasury Secretary-designate Scott Bessent, “have had a track record of supporting cryptocurrencies,” Le said.

Among other major posts in his second administration, President-elect Trump has appointed venture capital investor David Sacks to be his AI and crypto “czar.”

Crypto industry’s role in political realignment

The crypto industry donated significant sums to the 2024 election cycle, contributions that were not limited to the GOP, but focused more broadly on lawmakers with an industry-friendly view of crypto regulation. It’s likely that will continue to influence political calculations. The pro-crypto and bipartisan super PAC Fairshake and its affiliates have already raised over $100 million for the 2026 midterm elections, including commitments from Coinbase and Silicon Valley venture fund Andreessen Horowitz, an early backer of Coinbase. Top Andreessen Horowitz executives have been tapped for roles in the Trump administration.

“We have the most pro-crypto Congress ever [in] history, we have an extraordinarily pro-crypto president coming into office,” Faryar Shirzad, chief policy officer at Coinbase, recently told CNBC.

“It is rare to see cryptocurrency proponents advocate for increased regulation in the space, regardless of reason,” said Jason Baker, senior threat intelligence consultant at GuidePoint Security.

Baker says the anonymity and independence of cryptocurrency are often cited as primary benefits that legislation would curtail, and cryptocurrency’s decentralized nature makes it hard to regulate in a traditional sense.

“Given current signaling from the incoming administration and the interests of cryptocurrency proponents influential to the administration, we do not anticipate significant advances in cryptocurrency regulation within the next four years,” Baker said.

If there isn’t much action on regulation, there are some obvious ramifications for cybersecurity, he said, driven by the correlation between a pro-crypto Washington, D.C., and bullish bets by investors on digital assets.

“Cybercrime is often driven by benefits from increasing cryptocurrency value. In ransomware, for example, ransoms are commonly demanded in USD, but payments are made most frequently in bitcoin. When the value of bitcoin increases, cybercriminals will benefit,” Baker said.

“Future de-emphasis on cryptocurrency regulation may positively signal that cybercrime operations in bitcoin remain viable and unlikely to suffer government disruption to operators in the space,” Baker said.

Cybercriminals have also been changing tactics to evade legislation and scrutiny, Baker added, switching to more under-the-radar cryptocurrencies like Monero.

Ransomware’s potential role in Congressional action

Baker predicts regulation centered on organizations issuing cryptocurrency payments — whether in the form of a ransom payment or for other purposes — is more likely achievable and palatable in the current regulatory environment.

“This could include, for example, increased requirements for reporting ransom payments when made, a policy which has been floated without gaining substantial traction in recent years,” Baker said. This approach can be argued as regulating end users and purposes rather than the underlying cryptocurrency itself.

In addition to ransomware payments to restore access to technology systems, there are other reasons why payment in cryptocurrency is common in digital extortion schemes, including to protect the identity and operational security of the criminal. Private organizations may also opt to use crypto to purchase leaked data or credentials which have been made available on illicit forums.

There could also be situations where private individuals attempt to report and receive payment for discovered vulnerabilities under a “bug bounty” program — whether voluntary or coerced (so-called “beg bounty”). They may request payment in cryptocurrency out of personal preference or general desire for privacy, and private organizations may or may not oblige.

“While there are doubtless other options for organizations to use cryptocurrency in some form, these are the primary forms we see on a regular or more frequent basis,” Baker said. “Though such actions would almost certainly have downstream impacts on cryptocurrency value by virtue of their impact on transaction volume,” Baker added.

Steve McNew, global leader of blockchain and digital assets at FTI Consulting, thinks some cyber-crypto legislation may happen, especially governing when a company victimized by a ransomware pays their attackers in cryptocurrency.

“There’s more than just public policy at issue,” said McNew. If a company has been compromised in a cyberattack and is required to make public disclosure of the ransoms it paid out, it can result in the company becoming a bigger future target for other criminal enterprises, McNew said. While it might make sense, on one hand, to provide disclosure as to where funds are going and what cryptocurrencies were used in a payment, doing so can put the company (and by extension its customers, employees and partners) in harm’s way.

“So, any policy decisions around cryptocurrency disclosures in this context will require balancing the need for transparency around the use of cryptocurrency in criminal matters alongside the risks such transparency might exacerbate,” McNew says.

Though FIT21 passed the House with broad bipartisan support, it did not address these issues specifically.

Le expects some legislation action that may attempt to address this topic. “The next Congress could see more traction for proposed legislation like Cryptocurrency Cybersecurity Information Sharing Act of 2022, which allows companies to share information regarding cybersecurity threats with the federal government and with one another,” he said.

Le said Congress may also revisit the work of outgoing Financial Services Chair Patrick McHenry (R-North Carolina) and Rep. Brittany Pettersen (D-Colorado) and the Ransomware and Financial Stability Act of 2024, which aimed at “strengthening the resilience of the U.S. financial system against ransomware attacks, establishing clear protocols for ransom payments, and ensuring that such payments, including those involving cryptocurrencies, are made within a controlled and legally compliant framework.”

But he added that it is unclear if the Trump administration will continue the Biden administration’s leadership role in the International Counter Ransomware Initiative, a 68-country coalition aimed at preventing the payments of ransomware.

The broader bitcoin governance battle

McNew says that many basic parameters surrounding crypto, even down to its definition, could hamstring legislation, even aspects of it intended to foster innovation and adoption of the industry.

“U.S. lawmakers have work to do in determining roles, responsibilities, and basic parameters for how the industry will be governed before any meaningful legislation can take hold,” McNew said. As an example,  establishing a designated authority for digital assets is an imperative that has yet to be addressed.

Basic governance structure was a major sticking point during the Biden administration, and a primary reason Securities and Exchange Commission Chair Gary Gensler was a thorn in the side of the crypto industry.

“Lawmakers must decide whether responsibility will fall under the SEC, the CFTC, or another body. Issues around taxation and broker-dealer definitions for digital assets markets will also need to be defined and provided with a set of clear rules for legislation to be effective,” McNew said, adding that given how closely divided the House will be in the next session, it may be tough to craft an agreement.