The European Securities and Markets Authority (ESMA) has called on EU lawmakers to strengthen crypto regulations by mandating external cybersecurity audits for companies in the sector, the Financial Times reported on October 16.
This recommendation comes as the crypto industry faces an alarming increase in cyber-attacks, which compromise consumer protections. It is part of proposed changes in the coming regulatory regime.
Mandatory audits
In a proposal to amend the Markets in Crypto-Assets Regulation (MiCA), which should come into full force in December 2024, ESMA calls for better measures to secure crypto platforms.
Central to the proposal is a requirement that companies undergo third-party audits to assess and address potential cybersecurity issues. ESMA’s call underlines the need for stricter safeguards as cybercriminals increasingly target the sector.
ESMA urged the urgency of action, citing data showing that more than $1.5 billion was stolen from crypto platforms in the first half of 2024, an increase of 84% compared to the same period in 2023.
Recent incidents, such as the $52 million breach of Singapore-based exchange BingX in September and the $235 million hack of India’s WazirX in July, have further illustrated the risks facing the sector.
Recoil
Although MiCA has already introduced licensing requirements and anti-money laundering protocols, ESMA’s push for mandatory audits has met some resistance.
The EC has expressed concerns that the proposal could go beyond the intended scope of MiCA. However, some regulators and industry observers argue that the increasing scale and sophistication of cyber attacks warrants additional regulatory measures.
The call for better cybersecurity regulation is not limited to Europe. A report from the European Parliamentary Research Service (EPRS) recently highlighted the need for greater oversight of crypto operations outside the EU, especially in regions such as the US, where regulatory frameworks remain less coherent.
As the MiCA regulations near their full implementation, it remains to be seen whether the EU will embrace ESMA’s proposed cybersecurity audit mandate. Nevertheless, the push for stricter security protocols reflects a broader global effort to strengthen the crypto industry’s resilience against cyber threats, ensuring consumer protection in an increasingly volatile market.
