Hong Kong’s Securities and Futures Commission has introduced new cybersecurity requirements for crypto trading platforms and online brokers, mandating phishing-resistant authentication methods within 12 months. The new framework bans one-time passwords sent via SMS, email, or apps, replacing them with stronger security measures such as passkeys, hardware security keys, and trusted device authentication. The move comes amid rising phishing attacks and crypto-related cybercrime worldwide.
Hong Kong’s Securities and Futures Commission Tightens Anti-Phishing Standards for Crypto Platforms

