Hong Kong’s regulator has ordered crypto platforms and online brokers to meet newly issued phishing-resistant login requirements within the next 12 months.
The development matters because phishing remains a key security risk for users of online financial services, including crypto platforms. By setting a compliance timeline, the regulator is pushing firms to strengthen account access protections and reduce exposure to credential-based attacks.
The order applies to crypto platforms and online brokers, according to the source material. It gives affected companies a one-year window to adjust their login systems to meet the new standard.
For crypto businesses operating in or serving Hong Kong, the requirement adds a clear security benchmark to upcoming compliance planning. For users, it signals that platform login security is becoming a more formal regulatory priority.
The source material does not detail the specific technical controls required, but describes the new rules as phishing-resistant login requirements. Firms covered by the order will need to align with those measures within the stated 12-month period.