WazirX Faces New Cybersecurity Audit Mandate

Key Takeaways

• India now mandates periodic cybersecurity audits for crypto exchanges and VDA platforms.

• The rule affects over 55 registered entities, including top players like WazirX.

• Audits must be conducted by CERT-In-certified firms and meet global standards.

• The move comes amid a wave of crypto hacks, including the $230 million breach at WazirX.

• While investor protection will improve, the cost of compliance may reshape India’s crypto landscape.

WazirX Faces New Compliance Challenge

India has introduced a significant cybersecurity mandate that will impact the entire crypto ecosystem, including major exchanges like WazirX which was hacked and suffered massive losses in the past.

WazirX Users Unsuccessfully Tried To Get The Indian Supreme Court’s Support

Source: X (@SujalJethwani)

In response to a dramatic rise in cybercrime related to digital assets, the Financial Intelligence Unit (FIU-IND) has made periodic cybersecurity audits mandatory for all registered crypto platforms.

This move marks a major tightening of regulatory oversight and aligns India with global standards in crypto compliance, especially as digital asset-related hacks continue to surge.

Why India Is Tightening Crypto Oversight

In recent years, India has witnessed a steep increase in cyberattacks targeting crypto platforms.

Authorities now estimate that crypto-related crimes account for 20–25% of all cybercrime cases in the country.

A Sharp Rise In Crypto Crimes

Needless to say, several high-profile incidents have forced regulators to act swiftly.

One of the most alarming breaches occurred in 2024, when WazirX suffered a $230 million hack, prompting a court-led restructuring in Singapore. More than a year later, many affected users are still seeking restitution.

Source: X (@NischalSchetty)

In July 2025, another leading exchange, CoinDCX, was hacked for $46 million after internal access controls were exploited. These incidents have exposed the systemic vulnerabilities of India’s crypto infrastructure.

What The New Cybersecurity Rules Require

Key Provisions Of The FIU-IND Directive

On September 15th, 2025, the FIU-IND issued a formal letter requiring all registered exchanges, custodians, and virtual digital asset (VDA) service providers to:

• Undergo regular cybersecurity audits

• Hire CERT-In-approved auditors

• Ensure audits meet international cybersecurity standards

• Start compliance procedures immediately

These requirements apply to all 55+ VDA providers currently registered under the Prevention of Money Laundering Act, 2002 (PMLA), including WazirX.

The law subjects these entities to the same compliance protocols as traditional financial institutions.

Implications For The Indian Crypto Market

While the goal is to build user trust and protect investor funds, the cost of compliance may be significant, especially for smaller exchanges and startups.

Analysts expect this could lead to consolidation in the market, with stronger players like WazirX emerging even more dominant.

Government Aims To Strengthen Sector Security

The cybersecurity audit mandate signals India’s intent to keep pace with international norms in regulating the crypto space.

The CERT-In (Indian Computer Emergency Response Team) will play a central role in ensuring compliance by vetting the auditors and reviewing periodic reports.

Pushing For Global Standards In Crypto Regulation

This move comes at a time when India’s broader digital asset regulatory framework remains in limbo, with stakeholders awaiting clarity on crypto taxation, licensing, and consumer protections.

Despite the regulatory ambiguity, this latest directive sends a clear message: the Indian government is taking crypto security seriously and will hold platforms like WazirX accountable.

FAQ

What is the new cybersecurity rule for crypto platforms?

All registered crypto exchanges and VDA service providers must undergo regular cybersecurity audits conducted by CERT-In-approved auditors.

Why was this rule implemented?

The directive follows a surge in crypto-related hacks, including major breaches involving WazirX and CoinDCX, prompting concerns about the industry’s security posture.

Who is responsible for compliance?

Compliance must be managed by designated directors, principal officers, or chief compliance officers within each registered platform.

What is CERT-In?

CERT-In (Indian Computer Emergency Response Team) is India’s national cybersecurity agency responsible for incident response and cyber threat management.

How does this affect users?

Users may benefit from greater platform security and increased protection of funds, although smaller exchanges might pass compliance costs to customers or shut down entirely.