Hong Kong regulator orders new anti-phishing measures for crypto platforms

Hong Kong regulator orders new anti-phishing measures for crypto platforms img1
Spread the love

Written by Zoltan Vardaistaff writerReviewed by Yohan Yunstaff writer

Written by Zoltan Vardaistaff writer

Reviewed by Yohan Yunstaff writer

Hong Kong regulator orders new anti-phishing measures for crypto platforms

Latest NewsPublishedJul 9, 2026

Hong Kong’s regulator has ordered crypto platforms and online brokers to meet newly issued phishing-resistant login requirements within the next 12 months.

The Hong Kong Securities and Futures Commission (SFC) on Thursday issued new requirements for phishing-resistant authentication methods for virtual asset trading platforms (VATPs) and online brokers in the special administrative region.

The new standards require stronger phishing-resistant authentication methods and device binding while prohibiting the utilize of one-time passwords through SMS, email or app-based logins. Platforms must implement the changes within the next 12 months.

The requirements outlined stronger alternatives such as passkeys, registered devices with cryptographic verification and hardware security keys, which the SFC described as phishing-resistant solutions.

The measures raise Hong Kong’s cybersecurity standards as the global crypto industry saw an rise in phishing attacks and social engineering scams in the first quarter of 2026. Those types of incidents accounted for $306 million of the industry’s total losses of $482 million in the period. 

Counterfeiting and fraud attacks accounted for 57% of the security incidents reported to the Hong Kong Cyber Security Accident Coordination Center in 2025, as reported by announcement.

“To protect customer accounts from increasingly complex and changing counterfeiting and fraud attacks, comprehensive measures must be implemented in conjunction with prevention, detection, response and education,” stated Dr. Ye Zhiheng, executive director of the Intermediaries Department of the China Securities Regulatory Commission.

SFC issues new anti-phishing requirements for crypto platforms and online brokers. Source: apps.sfc.hk 

Phishing attacks threaten crypto investor holdings

Phishing attacks and social engineering scams are a pressing global concern for the cryptocurrency industry.

On Wednesday, a crypto investor lost nearly $1 million after signing a malicious phishing token approval transaction on Ethereum, the latest reported incident of phishing scam-related crypto industry losses that totaled $366 million in the first half of 2026.

Earlier this month, a wallet holder reportedly lost $1.65 million after connecting to a fake exchange and signing a malicious contract in a similar incident, which enabled attackers to gain unlimited access to the funds, researcher Ryan Coleman stated on Friday. 

Related: Belgian police arrest suspected phishing gang leader tied to $572K theft

On May 25, onchain analyst “b-block” warned that scammers used Google to deploy malicious phishing ads impersonating decentralized exchange Uniswap, reportedly stealing more than $400,000 from victims.

Leading crypto industry figures, including Binance co-founder Changpeng Zhao, have previously called for better wallet security measures to avoid phishing scams, after an investor lost $50 million in an address poisoning scam in December 2025. 

In May 2024, one victim lost $71 million to an address poisoning scam in an unusual case that ended with the attacker returning the full amount two weeks later. The reversal followed mounting pressure from investigators who claimed to have tracked the scammer’s potential IP address.

Magazine: Dubai tops Asian crypto hubs, Taiwan passes crypto laws: Asia Express


Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

  • Hong Kong
  • Phishing
  • Social Engineering
  • Scams
  • Hackers
  • Law
  • Cybersecurity
  • Scams & Cybercrime

More on the subject

Interpol operation exposes $122M crypto wallet tied to romance scam laundering


2 hours ago

Ezra Reguerra

Trader loses $1M after signing phishing token approval


7 hours ago

Martin Young

Thousands of crypto wallets at risk from ‘Ill Bloom’ vulnerability: Coinspect


Jul 6, 2026

Felix Ng

Interpol operation exposes $122M crypto wallet tied to romance scam laundering


2 hours ago

Ezra Reguerra

Trader loses $1M after signing phishing token approval


7 hours ago

Martin Young

Thousands of crypto wallets at risk from ‘Ill Bloom’ vulnerability: Coinspect


Jul 6, 2026

Felix Ng


💡 A Greener Way to Earn: Looking for a smarter, more sustainable way to earn and mining crypto? EcoPool Network is a cloud-based mining pool that does the heavy lifting on remote servers — so you earn rewards around the clock without worrying about overheating hardware or sky-high electricity bills. It’s lightweight, battery-friendly, and built for everyday users. Download EcoPool now and start mining & earning smarter today.

Spread the love

About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like these