Cybersecurity audits mandatory for crypto exchanges amid rising thefts
New Delhi, Sep 17, 2025
Crypto platforms will need to hire a security auditor registered with the Indian Computer Emergency Response Team (Cert-In), a nodal agency that deals with cybersecurity incidents
Amid increasing instances of cyber thefts, the government has mandated cybersecurity audits for all cryptocurrency exchanges and custodians, according to a report by The Economic Times.
According to the report, platforms will need to have a security auditor registered with the Indian Computer Emergency Response Team (Cert-In), a nodal agency that deals with cybersecurity incidents.
Registering with India’s anti-money laundering agency, the Financial Intelligence Unit (FIU), will now require all virtual digital asset (VDA) service providers to follow this rule.
According to an FIU letter dated September 15, designated directors, principal officers, and chief compliance officers of these firms must comply immediately, the report said.
What are cybersecurity audits?
A cybersecurity audit is an examination of the organisation’s IT infrastructure, security policies, and procedures to identify vulnerabilities, assess the effectiveness of security controls, and ensure compliance.
Through this, organisations can detect security weaknesses, strengthen their defence mechanisms against cyber threats and protect sensitive data.
Why is it necessary?
According to The Economic Times, a report by the crypto platform Giottus stated that cryptocurrency-related crimes account for 20-25 per cent of all cybercrimes in the country.
In March 2023, the Ministry of Finance declared that businesses dealing in VDA are “reporting entities” under the Prevention of Money Laundering Act (PMLA). That means they must follow KYC, record-keeping, and reporting of suspicious transactions.
There are around 55 VDA service providers registered with the FIU, the report said.
Biggest crypto hacks
In July 2025, one of India’s leading crypto platforms CoinDCX lost around ₹384 crore in a cyber hack where one of its internal accounts was breached. This came a year after another major crypto exchange platform WazirX was hit by one of the biggest cyberattacks in the crypto space.
In July 2024, WazirX lost $234.9 million (around ₹2,000 crore) worth of cryptocurrencies. “A cyber attack occurred in one of our multisig wallets involving a loss of funds exceeding $230 million. This wallet was operated utilising the services of Liminal’s digital asset custody and wallet infrastructure from February 2023,” the company had said.
Crypto challenges ahead
Cyber criminals usually disguise stolen crypto by spreading it across darknet markets, low-compliance exchanges, or by converting it into privacy coins. They also use “mixers” or “tumblers” that blend coins from different wallets to make tracking harder. One of the major concerns is whether cybersecurity auditors for banks and brokerages will be able to detect such weaknesses in crypto platforms.
[The Business Standard]
