US Treasury expands cybersecurity threat intel to crypto industry

The US Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) announced on Thursday that it is expanding its cybersecurity threat identification program to include digital asset companies.

Blockchain companies that choose to take part in the program will receive the same cybersecurity threat intelligence provided to traditional financial institutions at “no cost,” according to the Treasury’s announcement.

“Cyber threats targeting digital asset platforms are growing in frequency and sophistication,” Cory Wilson, the deputy assistant secretary for cybersecurity at the OCCIP, said.

Losses from crypto hacks between 2022 and 2025. Source: TRM Labs

The initiative fulfills policy recommendations from US President Donald Trump’s administration, outlined in its July 2025 report, titled “Strengthening American Leadership in Digital Financial Technology.”

Cointelegraph reached out to the Department of the Treasury but did not receive a response by the time of publication.

The initiative reflects the ongoing challenge of countering evolving cybersecurity threats impacting blockchain protocols and their users, as financial losses from decentralized finance (DeFi) platform hacks alone reached nearly $169 million in the first quarter of this year.

Related: Google Threat Intel flags 'Ghostblade' crypto-stealing malware

Foreign intelligence operatives continue infiltrating crypto projects and companies

Crypto projects and users are increasingly subject to evolving cybersecurity threats, which can be carried out by social engineering or infiltration by state-affiliated hackers, including the North Korean-linked Lazarus Group.

Drift Protocol, a decentralized cryptocurrency exchange, suffered a $280 million exploit this month at the hands of suspected North Korean-affiliated hackers.

The Drift team physically met the malicious actors at a “major” crypto industry conference and interacted with them for months after the initial meeting, according to a preliminary incident report from Drift Protocol.

Source: Nic Puckrin

During the months-long interaction, the hackers deployed crypto-stealing malware on the Drift team’s developer machines, which was activated in the April exploit.

The individuals who first approached the Drift team at the industry conference were not North Korean nationals, according to the report.

The Seals911 team, a group of blockchain cybersecurity specialists, said with “medium-high confidence” that the attack was likely carried out by the same hacker group responsible for the October 2024 hack of the Radiant Capital DeFi platform.

Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis