The Federal Communications Commission wants phone companies to collect customers' names, home addresses, government ID numbers and, in some cases, IP addresses before hooking up a new line — part of a broader effort to stamp out illegal robocalls. But privacy researchers and Bitcoin security analysts say the proposed rule, published May 26 under CG Docket Nos. 17-59 and 02-278, could backfire badly for crypto holders: richer data trails at carriers mean richer impersonation material for SIM-swap attackers.
What the FCC is proposing
The agency asks whether originating voice service providers should verify and store customer records — including a scanned government ID — before activating service. Carriers would keep that data for four years after the customer relationship ends. Violations would carry a $2,500-per-call base forfeiture. Comments on the proposal close June 25.
The FCC frames the move as a way to curb illegal robocalls that cost Americans billions of dollars in fraud and wasted time. The question it also poses: what privacy risks arise from expanded collection of personally identifiable information, and do existing industry protections suffice, or would the agency need to mandate heightened security measures?
The SIM-swap link to crypto
For anyone holding crypto, a phone number is often the skeleton key. Exchanges use it for onboarding, email and account recovery, SMS two-factor, and customer-support verification. If an attacker can convince a carrier to port a number to a new SIM, they can intercept authentication codes and drain accounts.
The Justice Department laid out the stakes in a September 2025 civil forfeiture action against more than $5 million in Bitcoin. Attackers used SIM swaps to gain control of victims' phone numbers, then authenticated as those victims across email, exchange, and fintech accounts. Five U.S. victims lost Bitcoin. The FBI's Internet Crime Complaint Center logged 1,611 SIM-swap complaints in 2021 with adjusted losses exceeding $68 million — up from roughly 320 complaints and $12 million in losses over the prior three years combined. In January 2024, an unauthorized party swapped the SIM linked to the SEC's X account, reset the password, and posted a fake announcement that spot Bitcoin ETFs were approved.
Bitcoin security researcher Jameson Lopp argues that a KYC-free phone service can be a personal security measure for people suspected of holding large Bitcoin positions, because linking phone accounts to identity trails raises exposure to extortion, swatting, and wrench attacks. The FCC proposal leaves open whether KYC requirements apply only to high-volume commercial callers or extend to new and renewing retail customers and prepaid SIM cards sold through third-party vendors.
Deadline and open questions
The comment period ends in four days. The FCC hasn't said when it will vote on a final rule. The most pressing unresolved question for crypto users: will the agency exempt prepaid or anonymous phone lines, or will it treat every carrier subscriber like a commercial robocaller?
