EU watchdog seeks tighter cybersecurity for crypto platforms

The European Securities and Markets Authority (ESMA) is urging EU lawmakers to introduce stricter cybersecurity mandates for cryptocurrency platforms, emphasising the need for enhanced protections amid a surge in cyberattacks. 

According to a report from the Financial Times on Oct. 16, ESMA’s call for action follows alarming data showing over $1.5 billion stolen from crypto platforms in the first half of 2024, marking an 84% increase compared to the same period in 2023.

Central to ESMA’s proposal is an amendment to the Markets in Crypto-Assets Regulation (MiCA), which is scheduled for full enforcement in December 2024. 

The recommendation focuses on making external cybersecurity audits mandatory for crypto companies. 

This would require third-party assessments to identify and address vulnerabilities, reinforcing security as cybercriminals increasingly target the sector. 

Recent breaches, such as the $52 million hack of BingX in September and the $235 million attack on WazirX (CRYPTO:WRX) in July, have underscored the industry’s risks.

While MiCA has already established licensing requirements and anti-money laundering protocols, ESMA’s push for mandatory audits has met some resistance. 

The European Commission has expressed concerns that such measures may exceed MiCA’s intended regulatory scope. 

However, some regulators and industry observers argue that the growing scale and sophistication of cyberattacks make additional oversight measures necessary to safeguard consumer assets.

The call for improved cybersecurity isn’t limited to Europe. 

A report from the European Parliamentary Research Service (EPRS) highlighted the need for more stringent regulation beyond the EU, particularly in regions like the U.S., where frameworks remain less cohesive.