Bitget
Hong Kong SFC Mandates Phishing-Resistant Authentication for Crypto Platforms
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On July 9, 2026, the Hong Kong Securities and Futures Commission (SFC) issued new regulations requiring virtual asset trading platforms (VATPs) and online brokers to implement phishing-resistant authentication methods. The SFC prohibits one-time passwords (OTPs) via SMS, email, or app-based logins, mandating alternatives like passkeys and device binding within 12 months. This decision comes amid a rise in phishing attacks, which accounted for $306 million of the $482 million total losses in the crypto industry in Q1 2026. In 2025, spoofing attacks represented 57% of reported security incidents in Hong Kong. The new measures aim to enhance customer account protection against increasingly sophisticated fraud tactics. The SFC's directive reflects a growing global concern over phishing scams in the cryptocurrency sector.
Key Points: • Hong Kong's SFC mandates stronger authentication methods for crypto platforms. • Phishing attacks accounted for $306 million of crypto losses in Q1 2026. • The new regulations prohibit OTPs and require alternatives like passkeys within 12 months.