Hong Kong SFC Phases Out OTP Logins for Crypto Platforms

Compartir:
Hong Kong’s SFC has ordered internet brokerages and SFC-licensed virtual asset trading platforms to phase out OTP-based logins and implement stronger customer authentication after HKCERT recorded 15,877 cyber incidents in 2025, with phishing accounting for 57%. The directive targets spoofing, stolen credentials and fraudulent device binding, increasing compliance and upgrade costs for CEXs and brokerages but likely strengthening security and encouraging broader crypto and DeFi adoption.
- Hong Kong’s SFC orders stronger login controls for brokerages and crypto platforms.
- OTP-based security faces phaseout as phishing and spoofing attacks target accounts.
- HKCERT recorded 15,877 cyber incidents in 2025, with phishing making up 57%.
Hong Kong’s market regulator has moved against rising account impersonation risks, ordering internet brokerages and licensed virtual asset platforms to strengthen customer authentication.
The Securities and Futures Commission (SFC) said the measure targets spoofing, stolen login data, and fraudulent device binding, all of which can expose customers to fast-moving account takeovers.
SFC Moves Brokerages Beyond OTP-Based Account Security
The directive applies to internet brokerage firms and SFC-licensed virtual asset trading platform operators. It requires firms to stop depending on one-time passwords for customer lo…
Read The Full Article Hong Kong SFC Phases Out OTP Logins for Crypto Platforms On Coin Edition.
Leer más

