Government Mandates Cybersecurity Audits for Crypto Exchanges to Prevent Cyber Theft
In an effort to control the rising cyber thefts in the country, the government has made it compulsory to carry out cybersecurity audits for all cryptocurrency exchanges and custodians. This must be done by a security auditor who is registered with the Indian Computer Emergency Response Team (Cert-In).
A cybersecurity audit involves the inspection of a company’s IT Infrastructure, security policies, and methods to determine the effectiveness of security controls and identify any weaknesses. Due to the number of rising cyber theft cases, the audit is now made mandatory.
A few months back, in July 2025, one of the top companies in India, CoinDCX, faced a loss of Rs 384 crore in a cyber hack. The hackers breached one of the company’s internal accounts.
In July 2024, WazirX lost about $234.9 million worth of cryptocurrencies. The company said that the cyberattack affected one of its multisig wallets, which used the digital asset custody and wallet infrastructure of a company called Liminal. This wallet system has been in use since February 2023.
The cybersecurity audits will help in identifying the flaws in security and improve their defence system to protect from cyber threats and protect sensitive data.
Virtual digital asset (VDA) service providers are required to register with the Financial Intelligence Unit (FIU), which is responsible for receiving and reviewing information about suspicious financial transactions. As per an FIU letter dated September 15, the top officials of crypto companies, like designated directors, principal officers, and chief compliance officers, must comply with this new rule.
A major issue now is whether cybersecurity auditors, who usually work with banks and traditional financial institutions, can detect the weaknesses and tricks used by hackers on crypto platforms. The criminals involved in cyber thefts usually try to hide stolen crypto by spreading it all over the darknet markets and low-compliance exchanges or by changing it into privacy coins. They also use tools like “mixers” or “tumblers”, which blend coins from different wallets to make it difficult to track the transactions.
