The European Securities and Markets Authority (ESMA) is calling for tighter cybersecurity rules for cryptocurrency platforms in the EU. They are proposing that companies in the sector undergo external cybersecurity audits to protect consumers from increasing cyberattacks. This recommendation is part of proposed changes to the upcoming regulatory regime, the Markets in Crypto-Assets Regulation (MiCA), which will be fully enforced in December 2024.
ESMA has emphasized the importance of these audits as cybercriminals are targeting the crypto industry more frequently. Recent data shows that over $1.5 billion was stolen from crypto platforms in the first half of 2024, an 84% increase from the previous year. High-profile breaches, such as the $52 million hack of BingX and the $235 million hack of WazirX, highlight the urgent need for improved security measures.
While MiCA already includes licensing requirements and anti-money laundering protocols, ESMA’s proposal for mandatory audits has faced some opposition. The European Commission (EC) has expressed concerns that this may exceed the intended scope of MiCA. However, regulators and industry experts argue that the escalating cyber threats justify the need for additional oversight.
It’s not just Europe that is recognizing the need for stronger cybersecurity measures in the crypto industry. A recent report from the European Parliamentary Research Service (EPRS) emphasized the importance of increased scrutiny of crypto operations globally, especially in regions like the US where regulatory frameworks are less cohesive.
As the implementation of MiCA regulations draws closer, the EU’s response to ESMA’s call for cybersecurity audits remains uncertain. Nevertheless, the push for stricter security protocols reflects a broader international effort to safeguard the crypto industry against cyber threats and ensure consumer protection in a volatile market. Strengthened cybersecurity rules are essential to maintain trust in the growing cryptocurrency sector and protect investors from potential risks associated with cyberattacks.