Hong Kong’s Securities and Futures Commission (SFC) has recently unveiled updated guidelines concerning the secure management of cryptocurrency assets. These new regulations, effective immediately, impose stringent security protocols and restrict the use of smart contracts within offline, or “cold,” wallet systems.
In an official announcement made public on Friday, the financial watchdog detailed specific mandatory measures for authorized custodians dealing with digital currencies. These controls encompass the necessity of utilizing a validated hardware security module, permitting withdrawals solely to pre-approved (“whitelisted”) addresses, and maintaining a round-the-clock security operations center dedicated to overseeing systems, networks, digital wallets, and underlying infrastructure.
The environment where private keys are employed for transaction authorization must be isolated from the internet (“air-gapped”) and under robust physical protection, with key generation and storage occurring entirely offline. The SFC strongly recommends implementing “stringent multi-factor physical access control” to ensure security.
According to the announcement, “Moving forward, these benchmarks will form the fundamental expectations for Virtual Asset Custodian Services providers, thereby contributing to a harmonized approach for virtual asset custody within the industry.”
Related: Animoca and Standard Chartered collaborate on stablecoin venture in Hong Kong
Restrictions on Smart Contracts for Cold Wallets
A prominent change is the prohibition of smart contracts within cold wallet setups. The SFC stated that “cold wallet implementations should not incorporate smart contracts on public blockchains in order to mitigate potential vulnerabilities associated with online attack vectors related to on-chain smart contracts.”
Smart contracts are frequently used by institutional custodians to manage both actively traded (“hot”) and offline (“cold”) wallets. For example, BitGo leverages Ethereum smart contracts optimized for both hot and cold wallets, detailing its multi-signature smart contract framework for account-based chains.
Safe, previously known as Gnosis Safe, represents another custody solution built on smart contracts. A Messari report indicated that Safe held $72 billion across more than 25 deployed smart accounts as of the third quarter of 2024.
Coinbase, a publicly listed cryptocurrency exchange based in the United States, recognized Safe as “the leading provider” of multi-signature services in March 2024, suggesting the likelihood of resistance from the industry to Hong Kong’s policy.
Hong Kong’s Ambition to Become a Crypto Hub
Hong Kong is positioning itself as a leading crypto center in Asia through proactive regulatory measures and improved market accessibility. In April 2024, regulators authorized and launched spot Bitcoin and Ether ETFs, offering institutions a compliant pathway to investment. Furthermore, the ASPIRe roadmap was outlined in February to broaden access while reinforcing protections across custody, products, and overall market structure.
Concurrently, the special administrative region of China is expanding its roster of licensed exchanges and solidifying a comprehensive stablecoin regulatory framework. Several new virtual asset trading platform licenses were issued recently, and Hong Kong’s stablecoin legislation took effect on August 1st, accompanied by plans for a public registry of approved issuers.