Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Regulations & Policies

Hong Kong’s SFC Tightens Crypto Security as Phishing Threats Grow

Hong Kong’s SFC orders licensed crypto platforms to replace OTP logins with stronger authentication and boost fraud detection to combat phishing.

Written By Isha Chavda
Edited by Shubham Soni
Published 1 hour ago
Make The Crypto Times preferred on GoogleGoogle
Share
Hong Kong’s SFC Tightens Crypto Security as Phishing Threats Grow

Key Highlights

  • Hong Kong’s Securities and Futures Commission (SFC) has introduced new cybersecurity requirements for licensed crypto platforms.
  • Virtual asset trading platforms must replace one-time password (OTP) logins with stronger anti-phishing authentication methods.
  • The regulator cited rising spoofing attacks and crypto account takeover incidents.

Hong Kong’s Securities and Futures Commission (SFC) has introduced stricter cybersecurity requirements for licensed cryptocurrency trading platforms, requiring exchanges to strengthen customer authentication as phishing attacks and account takeover scams become increasingly sophisticated.

In a circular issued on Thursday, the regulator instructed licensed virtual asset trading platforms (VATPs) and online brokerages to adopt authentication methods that are more resistant to spoofing and fraud, marking another step in Hong Kong’s expanding regulatory framework for digital assets.

The move comes as the city continues strengthening oversight of licensed crypto businesses following the rollout of its virtual asset licensing regime.

SFC moves away from one-time passwords

The regulator said one-time password (OTP) authentication for customer login and device binding no longer provides sufficient protection against modern phishing campaigns. Instead, the SFC directed firms to adopt stronger alternatives such as passkeys and device binding, which are designed to prevent attackers from impersonating legitimate users.

According to the regulator, the changes are necessary because spoofing attacks targeting customer login credentials have become increasingly common. Licensed firms are expected to implement the new authentication framework as soon as practicable, with full compliance required within 12 months. The SFC said larger online brokerages should begin adopting the stronger authentication methods immediately.

Exchanges must improve fraud detection

Beyond login security, the SFC also instructed crypto platforms to strengthen monitoring of suspicious account activity. 

The regulator expects firms to monitor unusual login attempts, trading behavior, and withdrawal requests while notifying customers of significant account activity and responding promptly to suspected hacking incidents. Licensed firms should also regularly educate customers about phishing scams and emerging cybersecurity risks. 

Commenting on the new requirements, Dr. Eric Yip, Executive Director of the SFC’s Intermediaries Division, said protecting customer accounts requires more than stronger authentication alone.

“To protect client accounts from increasingly sophisticated and varied phishing attacks, a comprehensive approach combining prevention, detection, response, and education is necessary.” He added that firms should strengthen their first line of defense while remaining vigilant against suspicious activity.

The SFC also warned that senior management remains responsible for ensuring adequate safeguards are in place. According to the regulator, licensed firms could be held accountable if customers suffer losses because of deficiencies in internal controls.

The warning underscores the regulator’s growing focus on operational resilience as crypto platforms become increasingly integrated into Hong Kong’s regulated financial system.

Part of Hong Kong’s broader crypto regulatory push

The cybersecurity measures are the latest in a series of regulatory initiatives aimed at expanding oversight of the city’s digital asset sector. Earlier this year, the SFC proposed new licensing requirements for firms providing crypto advisory and dealing services, seeking to align crypto regulation more closely with the standards governing traditional financial institutions.

The latest guidance shifts that focus toward cybersecurity and investor protection, reflecting growing concern over phishing attacks and digital asset theft as licensed crypto platforms continue expanding their operations.

The SFC also urged investors to strengthen their account security by using strong passwords, accessing trading platforms only through official websites and apps, regularly monitoring account activity, and promptly reporting any unauthorized transactions.

The regulator said stronger authentication measures, enhanced monitoring, and greater user awareness will be key to mitigating the evolving cyber threats facing digital asset investors.

Also read: Kresus Launches Crypto Inheritance Tool for Self-Custody Wallets

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Hong Kong
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Ondo Expands Solana Push With 24/7 Tokenized Stock Liquidity
Ondo Expands Solana Push With 24/7 Tokenized Stock Liquidity
Kalshi Pushes Perpetual Futures Beyond Crypto With CFTC Talks
Kalshi Pushes Perpetual Futures Beyond Crypto With CFTC Talks
Bitdeer (BTDR) Rallies 9% on $36M Nevada Manufacturing Expansion
Bitdeer (BTDR) Rallies 9% on $36M Nevada Manufacturing Expansion
Binance Bets on Europe Despite MiCA Licensing Challenges
Binance Bets on Europe Despite MiCA Licensing Challenges
Can Onchain Derivatives Come to US Hyperliquid & Phantom Just Gave CFTC a Roadmap
Can Onchain Derivatives Come to US? Hyperliquid & Phantom Just Gave CFTC a Roadmap

Find Us on Socials

You may also like

White House Defends SEC Picks Ahead of CLARITY Act Debate

White House Defends SEC Picks Ahead of CLARITY Act Debate

Sen. Lummis Rebuts Warren, Defends CLARITY Act on Crypto Sanctions

Sen. Lummis Rebuts Warren, Defends CLARITY Act on Crypto Sanctions

Sen Lummis Warns CLARITY Act Inaction Hands Global Rulebook to Foreign Powers

Sen Lummis Warns CLARITY Act Inaction Hands Global Rulebook to Foreign Powers

Fed Chair Kevin Warsh Testifies Before Senate July 15: What It Means for Crypto

Fed Chair Kevin Warsh Testifies Before Senate July 15: What It Means for Crypto

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information