Coinbase CLO Paul Grewal Questions Bank Secrecy Act Mandate Following US Treasury Cyber Breach

Coinbase Chief Legal Officer Paul Grewal raised concerns over the U.S. Treasury Department’s preparedness following a cyber breach on December 8.

The hack, which reportedly gave Chinese hackers access to unclassified documents, has drawn criticism from various quarters. While the Treasury Department and FBI have launched an investigation into the breach, Grewal warned that such incidents could affect public trust in the Bank Secrecy Act, a law that requires crypto firms to share sensitive customer data with federal agencies.

In a post on X (formerly Twitter), Grewal highlighted a statement from an MIT researcher, who claimed that the Treasury was “unprepared in several critical ways” regarding the incident. He argued that the incident raises concerns over the Bank Secrecy Act’s broad mandate, which requires crypto companies to turn over customer documents whenever federal law is violated.

The Chinese hacked Treasury and a @MIT researcher says that Treasury was unprepared for the incident in "multiple important ways." Maybe next time anyone dares to question the wisdom of an unbounded Bank Secrecy Act mandate to turn over untold volumes of personally identifiable…

The crypto community has expressed concerns over exchanges sharing user data with U.S. agencies. The recent hack amplifies these fears, given that the data held by the Treasury could be vulnerable to future attacks.

Grewal suggested that the breach may lead to reluctance among U.S. individuals and firms to provide sensitive customer information to the Treasury, especially as the hackers are still at large and the investigation is ongoing.

On X, Tanvi Ratna, a digital asset strategist, described the breach as a glaring issue in the government’s cybersecurity strategy. She suggested adopting privacy-focused measures, such as blockchain-based systems and zero-trust models, to minimize vulnerabilities.

Highlighting blockchain technology’s privacy-by-design features, Ratna noted that agencies could leverage such systems to safeguard sensitive data. Zero-trust models verify access requests individually, reducing exposure to third-party risks.

The incident has sparked widespread discussion on cybersecurity practices. On social media, users have called for hiring more skilled experts and improving the overall approach to digital security. The hack has also prompted calls for reforms to ensure better data protection for citizens and businesses.

The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.