Government Mandates Cybersecurity Audits for Cryptocurrency Exchanges

Last updated on by on Categories
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

Mumbai: Enhanced Cybersecurity Audits Mandated for Cryptocurrency Exchanges

In response to a spate of recent cyber heists, the Indian government has mandated that all cryptocurrency exchanges, custodians, and intermediaries undergo comprehensive cybersecurity audits. To fulfill this requirement, these entities must engage a security auditor certified by the Indian Computer Emergency Response Team (CERT-In)—an organization operating under the Ministry of Electronics and Information Technology, dedicated to safeguarding the nation’s cyber infrastructure.

This audit mandate will be a prerequisite for virtual digital asset (VDA) service providers seeking registration with the country’s anti-money laundering agency, the Financial Intelligence Unit (FIU).

Operating within the framework of the Prevention of Money Laundering Act (PMLA) of 2002, Web3 entities managing VDAs are now on par with traditional banks in terms of compliance requirements.

According to a report from the local cryptocurrency platform Giottus, cybercrime linked to cryptocurrency has surged alarmingly, comprising approximately 20-25% of all cyber offenses in India. While a hack of a crypto platform or vault is seen as an initial offense, the subsequent transfer of digital assets through convoluted channels—often involving international transactions—constitutes money laundering.

Harshal Bhuta, a partner at P. R. Bhuta & Co., noted, “The initiation of cybersecurity audits appears to be a direct response to recent crypto thefts at various exchanges. Strict adherence to CERT-IN directives, such as maintaining logs and retaining subscriber information for specified durations, will assist investigative bodies in tracing obscured funds within cryptocurrency transactions.”

A letter from the FIU, dated September 15, 2025, emphatically states that all designated directors, principal officers, and chief compliance officers of reporting entities must adhere to these directives immediately. Currently, around 55 organizations in India are involved in activities related to the exchange, transfer, safekeeping, and financial services of VDAs.

gold round coin on persons hand

Cybercriminals often obscure the movement of stolen cryptocurrencies through a web of transactions, frequently utilizing darknet markets and exchanges with minimal reporting obligations. Many fraudsters convert stolen assets, such as Bitcoins, into privacy-centric coins to enhance anonymity and hinder traceability.

Additionally, the use of mixers or tumblers, which amalgamate coins from diverse wallets with stolen assets before redistributing them, further complicates tracking efforts.

However, an essential concern remains whether cybersecurity auditors possessing experience with banks and brokerages are aptly equipped to discern vulnerabilities within cryptocurrency platforms. A pivotal security component for these platforms is the safeguarding of the ‘private key’—a crucial alphanumeric code susceptible to theft. Therefore, any auditing agency must diligently assess the methods and locations of key storage.

Despite these challenges, the requirement for cybersecurity audit reports is a progressive stride towards fortifying user safeguards, commented Purushottam Anand, Advocate and Founder of Crypto Legal. Significantly, the FIU’s recent communication has replaced the prior ‘Fit & Proper’ certificate required of new applicants with a ‘Partner Accreditation for Compliance & Trust’ (PACT) certificate.

While there is ambiguity regarding the distinctions from the previous framework, the terminology suggests a more focused evaluation on compliance matters. Anand added that it is anticipated that the FIU will furnish further clarification to registered entities about the scope and criteria for these assessments.

The FIU retains the authority to deny or revoke registration if a reporting entity contravenes the stipulations of the PMLA. Although the government has implemented anti-money laundering regulations for VDA service providers, the sector suffers from exorbitant taxation and regulatory ambiguity.

A recent analysis by Mudrex, a cryptocurrency platform, advocates for a multifaceted regulatory approach, one that delineates stablecoins, Bitcoin, and utility tokens, each serving unique purposes, as distinct segments.

Source link: M.economictimes.com.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

RS Web Solutions

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.
Share the Love
Related News Worth Reading
 
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.

Trustpilot
Content Safety

HERO

rswebsols.com
Trustworthy

Approved by Sur.ly

Important Links
Free Tools
Categories
Popular Tags
Our Partners
Copyright © 2025 - RS Web Solutions (RSWEBSOLS) | All Rights Reserved. Image credit: Unsplash | Pixabay | Pexels | Freepik.