Hong Kong Regulator Orders New Anti-Phishing Measures for Crypto Platforms

by admin

The Hong Kong Securities and Futures Commission (SFC) on Thursday issued new requirements for phishing-resistant authentication methods for virtual asset trading platforms (VATPs) and online brokers in the special administrative region.

The new standards require stronger phishing-resistant authentication methods and device binding while prohibiting the use of one-time passwords through SMS, email or app-based logins. Platforms must implement the changes within the next 12 months.

The requirements outlined stronger alternatives such as passkeys, registered devices with cryptographic verification and hardware security keys, which the SFC described as phishing-resistant solutions.

The measures raise Hong Kong’s cybersecurity standards as the global crypto industry saw an increase in phishing attacks and social engineering scams in the first quarter of 2026. Those types of incidents accounted for $306 million of the industry’s total losses of $482 million in the period. 

Counterfeiting and fraud attacks accounted for 57% of the security incidents reported to the Hong Kong Cyber Security Accident Coordination Center in 2025, according to announcement.

“To protect customer accounts from increasingly complex and changing counterfeiting and fraud attacks, comprehensive measures must be implemented in conjunction with prevention, detection, response and education,” said Dr. Ye Zhiheng, executive director of the Intermediaries Department of the China Securities Regulatory Commission.

SFC issues new anti-phishing requirements for crypto platforms and online brokers. Source: apps.sfc.hk 

Phishing attacks threaten crypto investor holdings

Phishing attacks and social engineering scams are a pressing global concern for the cryptocurrency industry.

On Wednesday, a crypto investor lost nearly $1 million after signing a malicious phishing token approval transaction on Ethereum, the latest reported incident of phishing scam-related crypto industry losses that totaled $366 million in the first half of 2026.

Earlier this month, a wallet holder reportedly lost $1.65 million after connecting to a fake exchange and signing a malicious contract in a similar incident, which enabled attackers to gain unlimited access to the funds, researcher Ryan Coleman said on Friday. 

Related: Belgian police arrest suspected phishing gang leader tied to $572K theft

On May 25, onchain analyst “b-block” warned that scammers used Google to deploy malicious phishing ads impersonating decentralized exchange Uniswap, reportedly stealing more than $400,000 from victims.

Leading crypto industry figures, including Binance co-founder Changpeng Zhao, have previously called for better wallet security measures to avoid phishing scams, after an investor lost $50 million in an address poisoning scam in December 2025. 

In May 2024, one victim lost $71 million to an address poisoning scam in an unusual case that ended with the attacker returning the full amount two weeks later. The reversal followed mounting pressure from investigators who claimed to have tracked the scammer’s potential IP address.

Magazine: Dubai tops Asian crypto hubs, Taiwan passes crypto laws: Asia Express

Source link

Related Posts

Leave a Comment