DATA & FIGURES
The new standards will require crypto platforms to implement phishing-resistant authentication methods such as passkeys, registered devices with cryptographic verification, and hardware security keys. Additionally, the use of one-time passwords through SMS, email, or app-based logins will be prohibited. Notably, phishing attacks and social engineering scams have resulted in significant losses, including a $1 million loss by a crypto investor who signed a malicious phishing token approval transaction on Ethereum and a $1.65 million loss by a wallet holder who connected to a fake exchange.
THE SCENARIO
The introduction of these new anti-phishing measures underscores the growing concern over cybersecurity in the crypto industry. As phishing attacks and social engineering scams continue to threaten crypto investor holdings, regulatory bodies are taking proactive steps to enhance security standards. This is particularly significant in Hong Kong, which is seeking to establish itself as a hub for crypto and fintech innovation.
DIRECT QUOTE
"To protect customer accounts from increasingly complex and changing counterfeiting and fraud attacks, comprehensive measures must be implemented in conjunction with prevention, detection, response and education." — Dr. Ye Zhiheng, Executive Director of the Intermediaries Department of the China Securities Regulatory Commission
BBN INSIGHT
The Positive Side of these new measures is that they will significantly enhance the security of crypto platforms and protect investors from phishing attacks and social engineering scams. This is a critical step in building trust and confidence in the crypto industry. On The Negative Side, the implementation of these measures may pose challenges for some crypto platforms, particularly smaller ones, which may struggle to meet the new requirements within the given timeframe. However, the long-term benefits of improved security and investor protection are likely to outweigh these challenges.