The Hong Kong Securities and Futures Commission has ordered licensed crypto trading platforms and online brokers to replace SMS-based authentication with phishing-resistant login methods within the next 12 months.
Summary
- Hong Kong’s SFC has banned SMS-based authentication for licensed crypto platforms and online brokers.
- Firms have 12 months to adopt phishing-resistant login methods such as passkeys and hardware security keys.
- The move comes as phishing scams accounted for $306 million in crypto losses during Q1 2026.
According to the Hong Kong Securities and Futures Commission (SFC), virtual asset trading platforms (VATPs) and online brokers must stop relying on…






