The European Securities and Markets Authority (ESMA) is urging European Union lawmakers to enhance cryptocurrency regulations by requiring external cybersecurity audits for companies operating within this sector, as reported by the Financial Times on October 16.
This recommendation arises from a concerning rise in cyberattacks targeting the crypto industry, which jeopardizes consumer safety. It forms part of the upcoming amendments to the regulatory framework.
Implementation of Mandatory Cybersecurity Audits
In its proposal to revise the Markets in Crypto-Assets Regulation (MiCA), slated for full implementation by December 2024, ESMA emphasizes the need for stricter security measures on cryptocurrency platforms.
The core of this proposal mandates companies to conduct third-party audits to identify and rectify potential cybersecurity weaknesses. Given the increasing targeting of this sector by cybercriminals, ESMA’s recommendations are deemed essential.
ESMA highlighted the urgency of these measures, presenting alarming statistics showing that over $1.5 billion was stolen from crypto platforms in the first half of 2024, marking an 84% increase compared to the same timeframe in 2023.
Recent breaches, including the $52 million hack of the Singapore-based exchange BingX in September and the $235 million hack involving India’s WazirX in July, further underscore the significant risks present within the industry.
Challenges to the Proposed Regulations
Despite the introduction of licensing requirements and anti-money laundering measures under MiCA, ESMA’s push for compulsory audits has encountered resistance.
The European Commission has expressed concerns that this proposal may extend beyond the original intent of MiCA. Conversely, various regulators and industry experts argue that the increasing frequency and sophistication of cyberattacks warrant enhanced oversight.
Moreover, the call for improved cybersecurity regulations extends beyond Europe. A recent report from the European Parliamentary Research Service (EPRS) highlighted the necessity for greater scrutiny of cryptocurrency operations on a global scale, particularly in jurisdictions like the United States, where regulatory frameworks lack cohesion.
As the full implementation of MiCA draws near, the acceptance of ESMA’s suggested cybersecurity audit requirements by the EU remains uncertain. However, the push for strengthened security protocols illustrates a worldwide initiative to bolster the crypto sector’s defenses against cyber threats, striving to protect consumers in an increasingly unstable market.