The Indian government has ordered all cryptocurrency exchanges, custodians, and intermediaries to undergo cybersecurity audits. The directive, issued by the Financial Intelligence Unit (FIU-IND), comes in response to a rise in cybercrime targeting digital assets.
Under the new rule, Virtual Digital Asset (VDA) service providers must hire auditors approved by the Indian Computer Emergency Response Team (CERT-In). FIU-IND supervises compliance with the Prevention of Money Laundering Act (PMLA), and these audits will now be mandatory for firms seeking or keeping registration. Since 2023, Web3 firms dealing with VDAs have been placed on the same compliance level as banks.
India currently has around 55 registered VDA firms offering exchange, transfer, and safekeeping services. The FIU-IND can deny or cancel registrations if a company violates PMLA rules.
According to industry data, crypto-related crimes account for nearly 20–25% of all cybercrimes in India. Hackers often exploit darknet markets and privacy tools to hide stolen assets. Industry leaders, including Pi42 CEO Avinash Shekhar and Mudrex CEO Edul Patel, welcomed the move, calling it a trust-building step. Legal experts added that this directive, paired with the new PACT certificate system, marks a shift toward stronger compliance and global best practices.
