1. Home
  2. 8-K

8-K

SEC adopts cyberattack disclosure rules, listed crypto firms included

Coinbase, Marathon Digital and Riot Blockchain are among the Securities and Exchange Commission-registered cryptocurrency firms that would need to comply with the rules.

Public companies in the United States, including listed crypto firms, will be required to disclose any major cybersecurity incidents within a four-day time limit, under new rules adopted by the United States securities regulator.

The rules from the United States Securities and Exchange Commission require any public company to disclose a cyberattack within four days of it being deemed "material," except in cases where such disclosure is deemed a possible national security or public safety risk.

The rules have been adopted as of July 26, and will become effective 30 days following the publication of the adopting release in the Federal Register, said the SEC.

It will also require periodic reporting about a registrant's policies and procedures to identify and manage cybersecurity risks and give periodic updates about previously reported cybersecurity incidents. 

The incoming rules are intended to benefit investors by strengthening cybersecurity risk management measures, according to the SEC's July 26 statement.

A fact sheet by the SEC explaining the incoming cybersecurity disclosure rules. Source: SEC.

“Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them,” explained SEC Chair Gary Gensler.

The new rules will apply to any publicly listed company in the United States. In the crypto industry, publicly-listed crypto firms include Coinbase (COIN), Marathon Digital (MARA), Riot Blockchain (RIOT) and Hive Digital Technologies (HIVE).

The SEC explained that an increase in digital payments and digitzed operations in the workforce combined with the ability of criminals to monetize cybersecurity incidents made the new rules a necessity to protect investors.

Related: Coinbase domain name reportedly used by scammers in high-profile attacks

Cryptocurrencies have been a prime target for North Korea state-backed Lazarus Group and other cybercriminals looking to pull off a high-value exploit. Lazarus Group has hacked cryptocurrency platforms well over $850 million across several high-profile exploits.

The cybersecurity rules were first proposed by the SEC in March 2022.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Crypto regulation: Does SEC Chair Gary Gensler have the final say?

Coinbase Says There Are Five Key Areas of the Crypto Market To Watch in 2025

Circle denies blaming SEC for shuttered $9B plan to go public

A Jan. 25 report from the Financial Times which was widely shared characterized Circle as having "blamed" the SEC for its "jettisoned" public listing plan.

A spokesperson for USD Coin (USDC) issuer Circle has denied reports that it blames the United States Securities and Exchange Commission (SEC) over its failed $9 billion plan to go public in December.

The stablecoin issuer representative was responding to a Jan. 25 Financial Times article which characterized Circle as having “blamed” the securities regulator for its “derailed” listing as a result of dragging its feet on the approval of a merger agreement.

However, a Circle spokesperson clarified to Cointelegraph that was not the case and that it doesn’t hold any blame over the SEC for the termination of its merger agreement.

“Circle has not and does not blame the SEC for anything related to the mutual termination of our SPAC merger agreement with Concord, and any statements to the contrary are inaccurate."

Circle’s listing on the New York Stock Exchange (NYSE) was pegged on them being able to combine with Concord, a company set up by banker Bob Diamond via a Special Purpose Acquisition Company arrangement, also known as a SPAC deal.

However, according to the FT, Circle said the merger failed to be consummated as a result of the SEC not declaring the related S-4 registration effective in time, which would cause the agreement to lapse on Dec. 10.

Circle’s spokesperson however referred to previous statements made by the company in December, noting that “the deal simply termed out.”

Concord had not publicly disclosed a reason for the failed business combination, but filed an 8-K form with the SEC on Dec. 5  — the same day the deal was announced as terminated — which revealed that it was being delisted by the NYSE due to “abnormally low trading price levels.”

Related: Court to hear oral arguments in Grayscale’s lawsuit against the SEC in March

Indeed, in a Dec, 5 tweet Circle co-founder and CEO Jeremy Allaire had nothing but positive words regarding the SEC, and noted that while it was disappointing that they were unable to complete qualification in time it was still planning on becoming a publicly-listed company.

As Cointelegraph had previously reported, the deal was first announced in Jul. 2021 at a valuation of $4.5 billion, before doubling in Feb. 2022 when it was revised up to $9 billion.

Coinbase Says There Are Five Key Areas of the Crypto Market To Watch in 2025