Unlock Editor’s Digest for free
Roula Khalaf, editor-in-chief of the FT, selects her favorite stories in this weekly newsletter.
Crypto companies should be forced to carry out external audits of their cyber defenses, according to the EU markets regulator, which is urging lawmakers in Brussels to change the region’s flagship regulation for the sector to better protect consumers .
The European Securities and Markets Authority will say on Wednesday that it considers tougher cyber protection rules to be an essential part of the EU regime covering crypto companies, which is expected to come into full force from December.
Widely considered the most ambitious set of crypto rules to date, Europe’s regulation of crypto-asset markets aims to oversee a sector that is otherwise largely unregulated and has been plagued by recent scandals, including the he highly publicized collapse of the Bahamas-based company. FTX exchange.
Esma has pushed for crypto companies to be forced to carry out a third-party audit of their ability to resist cyberattacks, as she works to finalize the implementation of the rules, which were adopted by European lawmakers last year.
However, the European Commission opposed the move, saying Esma went too far by going beyond the scope of the legislation. Esma declined to comment and the commission did not respond to a request for comment.
Cyberattacks have plagued the crypto industry since its inception, with hackers eager to steal customer funds. According to blockchain analytics firm Chainalysis, more than $1.5 billion was stolen from crypto companies in the first six months of this year, about 84% more than the amount stolen during the same period of 2023.
“Cryptocurrency thieves appear to be returning to their roots and targeting centralized exchanges again,” Chainalysis said, noting that nearly 150 hacking incidents took place in the first half of 2024.
Under new EU regulations, crypto groups will have to obtain a license from one of the bloc’s member countries by complying with new rules, including requirements that senior executives be “fit and proper” and their controls to block money laundering are sufficiently strong.
But since a series of high-profile scandals at crypto exchanges and trading companies in recent years, regulators say additional measures are needed to guard against lax cyber defenses.
“Safety is not something that can be taken lightly. You have to spend money on security,” said Charles Kerrigan, a partner at law firm CMS, who added that the problem of cyberattacks on crypto sites “absolutely needs to be addressed.”
Nearly $45 million was stolen from Singapore-based exchange BingX last month, while more than $230 million was stolen from Indian platform WazirX in July, leading to the company’s collapse. In 2022, $570 million was hacked on Binance, the world’s largest crypto exchange.
“Different exchanges may (handle security) in different ways, and having a baseline standard is very helpful,” said Arvin Abraham, a partner at law firm Goodwin.