Is the FCC rule final?

No. It is a Notice of Proposed Rulemaking filed May 26 under CG Docket Nos. 17-59 and 02-278. A comment period precedes any final rule, and the four-year retention figure is a proposal, not law.

Does this rule mention crypto?

No. The stated target is illegal robocalls. The crypto risk is downstream: the same identifying data carriers would be required to hold is what SIM-swap attackers need to take over a phone number tied to an exchange account.

What should a retail crypto holder do today?

Move every exchange account off SMS-based 2FA to an authenticator app or hardware security key, and add a port-out PIN with your mobile carrier. Neither step depends on the rule's final form.

Which exchanges still default to SMS 2FA?

Most US-licensed retail venues still offer SMS as a permitted 2FA method, even where app-based options exist. Check each exchange's security settings directly rather than assuming the strongest factor is the default.

FCC Robocall Rule Would Force Carriers to Stockpile ID Data, Raising Crypto Account Takeover Risk

The Federal Communications Commission on May 26 published a proposed robocall rule that would require originating voice service providers to collect and retain customer names, physical addresses, government-issued ID numbers, and alternate phone numbers before activating service, with a four-year retention window after the customer relationship ends. CryptoSlate reported Saturday that the proposal, filed under CG Docket Nos. 17-59 and 02-278, lands at the exact intersection where SIM-swap crews already operate. The rule is aimed at robocalls. The collateral damage lands on every crypto holder who still uses a phone number as a recovery factor.

By Elena Stojanović· AI-assisted· Regulation correspondent

What happened

The FCC, in a Notice of Proposed Rulemaking published May 26 under CG Docket Nos. 17-59 and 02-278, is asking whether originating voice service providers should be required to collect and retain a specific bundle of customer data before activating service. The bundle, per the docket text cited by CryptoSlate, covers customer names, physical addresses, government-issued identification numbers, alternate telephone numbers, and supporting verification records.

The agency proposes a four-year retention window that starts running only after the customer relationship ends. The stated purpose is to harden the call-origination layer against illegal robocalls by making it harder for bad actors to obtain anonymous phone service. The proposal is open for comment before any final rule is adopted, and the FCC has not committed to the four-year figure as final.

Why it matters

Crypto theft on the retail side runs through phone numbers more often than through private keys. SIM-swap crews don't break encryption. They social-engineer a carrier rep, port a victim's number to a SIM they control, intercept the SMS one-time code, and reset the password on a Coinbase, Kraken, or Gemini account.

The bottleneck for that attack has always been the same: the crew needs identifying detail on the victim that matches what the carrier has on file. Today that detail is scattered across data brokers, prior breaches, and OSINT. A federal rule that consolidates name, address, government ID number, and alternate phone into a mandatory carrier-held dataset, retained for four years after a customer leaves, is the definition of a honeypot.

FCC Robocall Rule Would Force Carriers to Stockpile ID Data, Raising Crypto Account Takeover Risk

What happened

Why it matters

Market impact

What to watch

Disclaimer

Key takeaways

Frequently asked

Sources