Hong Kong regulator underscores crypto rules in Davos, industry flags shortcomings

Singapore's Monetary Authority (MAS) has recently added the non-custodial crypto wallet, imToken, to its Investor Alert List, prompting a response from the Singapore-based company.Photo by Zhu Hongzhi on UnsplashIdentifying unregulated entitiesAccording to the official MAS website, imToken found its place on the alert list on Dec. 5. This regulatory move demonstrates that MAS is monitoring the evolving crypto landscape with a view towards safeguarding investors from potential risks. The list serves as a repository of unregulated entities that might be mistakenly perceived as licensed or regulated by MAS. The regulatory body had also flagged BKEX digital asset exchange in December. BKEX had suspended withdrawals earlier in the year, having gotten caught up in an investigation surrounding money laundering activity on the platform. More recently, the company has ceased operations. Company responseIn response to being added to MAS's alert list, imToken took to the X social media platform (formerly Twitter) to address user concerns on Tuesday. The non-custodial wallet clarified that it had not applied for a financial business license in Singapore, the primary reason for its listing. Notwithstanding that, ImToken reassured its users that their assets remain unaffected due to the platform's decentralized nature. The company outlined that it is actively engaging with MAS to clarify its business model and aims to have imToken removed from the Investor Alert List. This development highlights the ongoing dialogue between crypto platforms and regulatory bodies, emphasizing the need for clear communication and compliance within the evolving crypto regulatory landscape. As MAS continues to take decisive actions, the industry remains under scrutiny, necessitating collaboration between regulators and crypto entities for a well-balanced and secure financial ecosystem. Unintended consequencesMAS has taken a proactive approach to regulation in the crypto space. That has been evidenced in previous actions such as blacklisting Binance in 2021, leading to Binance relocating its operations to Dubai. That blacklisting turned out to provide a classic example of the law of unintended consequences. With Binance having removed itself from the local market following the blacklisting, many Singaporeans chose to use FTX instead. FTX subsequently failed in November 2022, leaving a disproportionate number of Singaporean customers out of pocket. The inclusion of imToken on the alert list is particularly noteworthy amid the growing popularity of non-custodial wallets. Statista data from 2022 indicates that 81 million users have adopted non-custodial wallets, providing them with greater control over private keys and crypto assets. However, this surge in usage has also brought about increased regulatory attention due to associated risks. Founded in 2016, imToken was initially launched in Hangzhou, China, prior to relocating its headquarters to Singapore. At various stages, the firm has been funded by companies such as IDG Capital, Qiming Venture Partners and HashKey. HashKey has also collaborated with the company by extending trading services to imToken wallet users, including direct bank transfers. In 2021 imToken partnered with U.S. blockchain infrastructure provider Infinity Stones in order to enable an in-wallet ETH2.0 staking service.

The United Arab Emirates (UAE) advanced its push to become a leading digital asset hub as crypto exchange Bybit received a full virtual asset platform operator license from the Securities and Commodities Authority (SCA). The permit enables Bybit to provide its entire range of products to UAE residents, the company said in an Oct. 9 press release. The clearance marks the culmination of a process that began when Bybit received preliminary approval from the SCA in February. The exchange says it is the first to complete the full licensing journey and notes that 2025 has been a year of major compliance wins, including new credentials in Europe and a return to the Indian market.Photo by Atikah Akhtar on UnsplashBitGo broadens institutional reach in DubaiInstitutional infrastructure is expanding alongside retail access. Crypto custody firm BitGo secured a broker-dealer license from Dubai’s Virtual Assets Regulatory Authority (VARA). The new authorization allows BitGo MENA to deliver regulated trading and intermediation services across the region through an integrated OTC desk and a digital platform supporting spot crypto trading in both dirhams and U.S. dollars. The UAE’s welcoming attitude toward digital assets is changing how major investors think about wealth. The Bitcoin Historian said on X that The Kanoo Group, which oversees about $20 billion in assets, intends to invest in Bitcoin. Bloomberg has reported that affluent families across the region are gradually diversifying beyond real estate and private enterprises. With around $1 trillion expected to shift to younger generations soon, many heirs are looking to allocate more toward cryptocurrencies, tokenized funds, and tokenized real-world assets (RWAs). New fund marks progress in tokenized financeThat growing appetite for digital exposure is now being met with new products. Last month Qatar National Bank (QNB) Group joined forces with Standard Chartered and DMZ Finance to launch the first regulated tokenized money market fund in the Dubai International Financial Centre. Using blockchain technology, the QCD Money Market Fund brings traditional financial assets on-chain, creating new yield opportunities for investors within the digital economy. The fund is managed by QNB Group, uses infrastructure provided solely by DMZ Finance, and has Standard Chartered serving as custodian of its assets. As the UAE deepens its role in global finance, regulators are also working to align with international standards. By 2027, it expects to adopt the OECD’s Crypto-Asset Reporting Framework (CARF), with cross-border data exchanges to begin in 2028. The Ministry of Finance has already signed the Multilateral Competent Authority Agreement to make this happen. The framework promotes automatic sharing of crypto-related tax information among member countries, underscoring the UAE’s commitment to global transparency as it expands its financial footprint. Recent developments show the jurisdiction striving for growth while strengthening oversight. Exchanges are gaining clarity on what they can offer, institutions are building trading rails, and investors are embracing tokenized products. They signal a market finding its balance between innovation and regulation. The coming years will reveal how well that balance can hold. 

The crypto space continues to suffer a disproportionate share of hacks and scams that were further exacerbated on Wednesday, with Malaysian crypto data aggregator the latest to succumb to a security breach. Serving as yet another stark reminder of the persistent threats plaguing the sector, a phishing scam targeted CoinGecko's X account, leading to a brief compromise that raised concerns about the safety of user information.Photo by GuerrillaBuzz on UnsplashPhishing scamDuring this incident, hackers posted a phishing link on CoinGecko's X account, falsely advertising a token airdrop for a cryptocurrency named GCKO. The deceptive post claimed that GCKO could be used for API services, including the cryptocurrency ANKR. Swift action by CoinGecko involved the removal of the fraudulent post and a public warning urging users to avoid interacting with any suspicious links or content. In an X post, CoinGecko wrote:”Our Twitter accounts @CoinGecko and @GeckoTerminal have been compromised. We're taking immediate steps to investigate the situation and secure our accounts. Please DO NOT click on any links or engage with suspicious content. Your security is our top priority.” Employee errorThe firm followed up with an update on Thursday, attributing the breach to a team member inadvertently clicking on a fraudulent Calendly link, granting unauthorized access to the hacker. Despite having two-factor authentication (2FA) enabled and employing robust security measures, CoinGecko emphasized that the inadvertent click allowed unauthorized access. The compromised accounts were then exploited to disseminate misleading information and potentially engage in malicious activities. CoinGecko expressed sincere apologies for any confusion or inconvenience caused by the incident. The company reiterated its commitment to platform security and continuous improvement of internal controls, assuring users that corrective measures were promptly implemented. SEC incompetenceCoinGecko's security incident occurred within 24 hours of a similar occurrence involving the U.S. Securities and Exchange Commission (SEC). The SEC's X account was compromised, with scammers posting a false message from Chair Gary Gensler about the approval of spot bitcoin exchange-traded funds (ETFs). While CoinGecko identified a vulnerability in its security regimen, the SEC later confirmed that the breach in its case was far more basic. It was not due to infrastructure attacks but rather the lack of 2-factor authentication (2FA) tied to the SEC's account, the most basic form of operations security. Gensler and the SEC have come in for major criticism from the crypto community in the U.S. due to a policy of regulation by enforcement that has been pursued. With that, the Commission came in for swift and harsh criticism in the immediate aftermath of its X account hack. Many pointed out the irony of Gensler advising consumers to secure their accounts back in October when the SEC itself had failed to do so. Others queried who would be responsible for what some interpreted as an episode of market manipulation, something that the SEC has perennially associated the crypto markets with. During the time that the account was compromised, millions of dollars of value were liquidated in short and long trading positions. CoinGecko's quick response serves as a valuable lesson in the importance of vigilance and proactive security measures amid the growing threats facing the cryptocurrency community.