A surge in cyber frauds targeting the digital asset space has prompted the Indian government to issue an urgent directive which requires all digital asset exchanges, custodians, and related intermediaries to undergo extensive cybersecurity audits. This ruling comes due to growing concerns over security and resilience of exchanges that handle virtual assets.
According to a report by Economic Times, firms operating in the digital asset sector must now engage cybersecurity auditors who are officially empanelled with the Indian Computer Emergency Response Team (CERT-In), to ensure an extensive evaluation. CERT-In is the national agency responsible for safeguarding India’s cyberspace and works under the Ministry of Electronics and Information Technology (MeitY).
This move highlights the federal government’s efforts to protect investor interests and prevent future cyber crimes. Without these audits, exchanges will not be able to register with the Financial Intelligence Unit (FIU)—a critical compliance requirement in India. A digital asset exchange cannot legally operate or fulfill reporting obligations under Indian law without a FIU registration. This mandate aims to protect users and tighten security protocols from newer threats at a time when digital asset crimes make up almost 25% of all cybercrime in India.
So far, United States-based Coinbase (NASDAQ: COIN), one of the world’s largest digital asset exchanges, has registered with India’s FIU, enabling the exchange to offer “cryptocurrency trading services” in the country in a compliant way. Rival Binance also registered with the Indian agency after paying a $2.2 million penalty for non-compliance with local regulations. KuCoin registered with India’s FIU after paying a penalty of $41,000. Singapore-based Liminal Custody has become a FIU-registered entity and a compliant digital asset custody for Indian institutions.
Higher compliance cost for exchanges
However, this new requirement is likely to bring about significant financial and operational pressure on the exchanges, especially for smaller players and startups. Exchanges must not only appoint external cybersecurity auditors, but must also maintain proof of compliance, including comprehensive documentation, as well as fix system vulnerabilities.
Moreover, exchanges must also be prepared for re-certification and ongoing inspections, which is likely to lead to additional investments for strengthening cybersecurity infrastructure, skilled personnel and improved protocols. For several exchanges, this new mandate may require them to completely transform existing systems, adopt better-equipped compliance teams, and put together new cybersecurity structures—all of which are likely to introduce additional costs.
Yet, this overhaul is necessary despite the additional compliance burden. Improved cybersecurity measures would not only strengthen user trust, but are also expected to appeal to institutional investors while protecting digital asset exchanges from regulatory repressions in the future. Eventually, such compliance standards are expected to position Indian digital asset exchanges more competitively in the world, at par with practices already being adopted in other regions, like in the European Union, the United States, and in Singapore. This means that the world’s most populous nation is moving toward a more transparent and globally dependable digital asset ecosystem, despite the rise in compliance costs.
Back to the top ↑
‘Crypto’ crimes surge, now 25% of India’s cyber offenses
Alarmingly, digital asset-related crimes in India currently account for approximately 20–25% of the nation’s total cybercrime incidents, which has raised serious concerns among government and regulators. The new-age cybercriminals use a combination of pseudonymizing technologies and exploit the regulatory gaps to move illicit funds. These bad actors usually leverage coin mixers and darknet marketplaces, as well as the inadequately supervised exchanges to evade detection and mask their activities.
For instance, CoinDCX, India’s first digital asset unicorn, suffered a major security breach in July 2025, which reminded the sector of its vulnerabilities. The cyber attack led to the exchange losing as much as $44.2 million after hackers infiltrated one of CoinDCX’s internal accounts. This specific account was significant for maintaining liquidity on a partner exchange, and enabled superior trading experience for users. The security breach worked as a wake-up call and was a significant pointer toward weak operational risk governance and internal safeguards.
The CoinDCX incident occurred exactly one year after another major breach: the $230 million hack of WazirX in July 2024. That cyber breach, attributed to the North Korean Lazarus Group, had already exposed that India’s digital asset infrastructure is not adequately equipped to handle such sophisticated cyber contenders.
Back to the top ↑
India’s ‘crypto’ tax rules among harshest globally
India’s approach to digital assets trading is still one of suspicion and continues to be one of the most restrictive globally. The Indian government imposes a 30% flat tax on all digital asset profits, without allowing any loss offsetting, and a 1% tax deducted at source (TDS) on every transaction exceeding INR 10,000 (roughly $113), as well as a 18% goods and services tax (GST) on transactions.
However, the Asian powerhouse continues to attract global attention, since the world’s fastest-growing major economy is projected to become the world’s third-largest by 2028. Investors and multinational firms are still betting on India’s economic potential, despite the heavy-handed taxation on its digital asset sector.
Although there is a growing demand for establishing a clear legal framework for virtual digital assets (VDAs), the federal government has yet to set a deadline for clear regulatory guidelines. Finance Minister Nirmala Sitharaman reiterated last year that ‘cryptocurrencies’ cannot be recognized as legal tender in India, flagging a cautionary notice instead of clarity.
As a result, industry experts predict a wave of consolidation in India’s digital asset sector by 2025. Smaller exchanges may be forced to shut down or merge with larger players to survive due to the unrelenting regulatory environment.
India’s ‘crypto’ paradox
Yet, paradoxically, digital asset adoption in India is booming. For instance, Union Minister of State for Skill Development and Entrepreneurship, Jayant Chaudhary, recently disclosed that he holds roughly $21,547 of ‘cryptocurrencies’. His wife, Charu Singh, also reported her ‘crypto’ possessions now valued at $22,862. Interestingly, both of them categorized their holdings as “personal savings,” without publishing which digital assets they hold.
Their assets pointed out not just personal gains but the more comprehensive leap in digital asset interest among Indian citizens, despite the regulatory ambiguity and punishing taxation.
India also ranked first on the 2025 Chainalysis Global Crypto Adoption Index, highlighting the public’s enthusiasm for digital assets. However, the Reserve Bank of India (RBI) remains cynical, cautioning that formal regulations could inadvertently legitimize digital assets.
Despite these warnings, public sentiment still looks forward to regulatory clarity and clear reforms. A recent survey by digital asset exchange Mudrex found that 93% of Indian users are in favor of comprehensive regulation, while 84% believe the existing tax structure is unreasonably punishing. Industry experts warn that if this regulatory precariousness continues, it could drive the capital out of the country, leaving India as a global digital asset leader in adoption but a procrastinator with its policy decisions.
Back to the top ↑
Watch: Blockchain could revolutionize cybersecurity
title=”YouTube video player” frameborder=”0″ allow=”accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share” referrerpolicy=”strict-origin-when-cross-origin” allowfullscreen=””>
Source: https://coingeek.com/cybersecurity-audits-now-mandatory-for-crypto-firms-in-india/