US Treasury Opens Cyber Threat Intelligence to Crypto Sector

The U.S. Department of the Treasury is expanding its cybersecurity threat identification program to include digital asset firms, marking a further step toward integrating crypto companies into national financial security frameworks.

The initiative, led by the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection, will provide participating blockchain companies with access to cybersecurity threat intelligence currently shared with traditional financial institutions — at no cost.

Officials said the move reflects the growing need to address increasingly complex cyber risks targeting digital asset platforms.

“Cyber threats targeting digital asset platforms are growing in frequency and sophistication,” said Cory Wilson, Deputy Assistant Secretary for Cybersecurity at OCCIP.

The program aligns with broader US policy direction outlined in the July 2025 government report, “Strengthening American Leadership in Digital Financial Technology,” which called for deeper integration of digital assets into national security and financial oversight frameworks.

Rising Losses Highlight Urgency of Cybersecurity Measures

The expansion comes amid escalating financial losses linked to crypto-related cyber incidents. Attacks on decentralized finance (DeFi) platforms alone resulted in nearly $169 million in losses in the first quarter of 2026, underscoring persistent vulnerabilities across the ecosystem.

The trend highlights a shift in threat dynamics, where attackers are increasingly targeting infrastructure, development environments, and user access points rather than relying solely on smart contract exploits.

State-Linked Actors and Social Engineering Tactics

Cybersecurity risks in the digital asset sector are also being amplified by the involvement of state-affiliated actors. Groups such as Lazarus Group have been linked to a growing number of high-profile attacks targeting crypto platforms and protocols.

One recent incident involved the decentralized exchange Drift Protocol, which suffered an estimated $280 million exploit attributed to suspected North Korean-linked hackers.

According to a preliminary incident report, attackers employed a long-term social engineering strategy, initially engaging with the Drift team at a major industry conference before maintaining contact for several months. During this period, they deployed malware on developer systems, which was later activated to execute the exploit.

The report noted that the individuals who first approached the team were not North Korean nationals, highlighting the increasingly sophisticated and indirect methods used by such groups.

Blockchain security specialists from SEAL 911 assessed with medium-to-high confidence that the attack may be linked to the same actors behind the October 2024 exploit of Radiant Capital, suggesting continuity in tactics and targeting.

Institutional Implications for the Crypto Industry

The Treasury’s decision to extend cybersecurity intelligence to digital asset firms signals a broader institutional shift toward treating crypto infrastructure as part of the critical financial system.

As digital asset adoption grows, the convergence of financial risk and national security concerns is driving closer coordination between regulators, law enforcement, and private sector participants. Programs like this aim to improve early threat detection, enhance incident response, and reduce systemic vulnerabilities.

For crypto firms, participation in such initiatives may become increasingly important not only for risk management but also for regulatory alignment, particularly as jurisdictions move toward stricter oversight of operational resilience and cybersecurity standards.