Rising Cyber Fraud and Digital Asset Risks in India: Investor Due Diligence and Regulatory Preparedness in the Crypto Market

India's cryptocurrency market has emerged as a focal point of both innovation and vulnerability in 2023–2024. While the sector's growth has attracted significant retail and institutional interest, it has also become a hotbed for cyber fraud, with global crypto hacks stealing $2.2 billion in 2024 alone, driven largely by North Korean-affiliated actors. For Indian investors, the risks are compounded by a regulatory landscape that remains fragmented and reactive, despite recent efforts to impose accountability on offshore platforms and domestic operators. This article examines the interplay between rising cyber threats, investor due diligence practices, and regulatory preparedness in India's crypto ecosystem, offering insights for stakeholders navigating this volatile terrain.

The Surge in Cyber Fraud and Regulatory Responses

India's crypto market has faced a deluge of fraud cases, prompting urgent regulatory interventions. In 2024, the Financial Intelligence Unit (FIU) issued non-compliance notices to 25 offshore VDA SPs, including Paxful, Changelly, and Binance, for operating without adherence to the Prevention of Money Laundering (PML) Act. These actions underscore the government's intent to enforce anti-money laundering (AML) and counter-terror financing (CFT) norms on platforms serving Indian users, even if they are based abroad.

The Supreme Court of India has also weighed in, questioning the Union Government about the absence of a comprehensive crypto regulatory framework and emphasizing the need for judicial clarity to address fraud and protect users. Despite these developments, India continues to impose a 30% tax on crypto transactions without clear sector-specific regulations, creating a vacuum that fraudsters exploit.

Investor Due Diligence: Navigating AML and Tax Compliance

For investors, due diligence has become a critical safeguard against systemic risks. The March 2023 amendment to the PMLA extended its scope to cover virtual digital assets, requiring crypto businesses to obtain licenses from the FIU-IND and comply with stringent AML and Know Your Customer (KYC) norms. This includes mandatory identity verification and transaction reporting, which, while burdensome, aim to reduce anonymity-driven fraud.

Additionally, the Securities and Exchange Board of India (SEBI) has proposed a multi-regulator framework to oversee crypto activities, suggesting a coordinated approach where entities like the Reserve Bank of India (RBI) and SEBI would share oversight responsibilities. For investors, this means heightened compliance obligations, including adherence to a 30% tax on gains and a 1% TDS for transactions exceeding ₹50,000. These measures, while designed to curb speculative trading, also add layers of complexity to investment strategies.

Risk Mitigation Frameworks and Consumer Protection

India's regulatory approach to risk mitigation has evolved incrementally. The Consumer Protection Act of 2019 now applies to crypto exchanges, mandating transparency and prohibiting misleading practices. Enforcement actions against non-compliant platforms-such as show-cause notices and penalties-further illustrate the government's commitment to accountability as noted in legal analyses. However, the absence of a dedicated crypto-specific law, such as the proposed Cryptocurrency and Regulation of Official Digital Currency Bill (2021), leaves gaps in investor protection.

The Indian government's cautious stance reflects concerns about systemic risks to monetary sovereignty. As one Reuters analysis notes, policymakers fear that unregulated crypto adoption could destabilize the financial system, prompting resistance to a full regulatory framework. This hesitation creates uncertainty for investors, who must balance opportunities in a high-growth sector with the risks of regulatory arbitrage and enforcement volatility.

Challenges and the Path Forward

The current regulatory environment in India is characterized by a tension between innovation and oversight. While the PMLA and SEBI's proposals provide a partial framework, they lack the specificity needed to address the unique challenges of crypto assets. For instance, the enforcement of AML norms against offshore platforms remains contentious, as does the taxation of VDAs, which has drawn criticism for its lack of clarity.

Investors must also contend with the absence of a centralized authority to resolve disputes or provide redress in cases of fraud. The Supreme Court's intervention in 2024 highlighted this gap, urging the government to clarify its oversight role. Until a comprehensive law is enacted, investors are left to navigate a patchwork of regulations, often with limited recourse in the event of losses.

Conclusion

India's crypto market stands at a crossroads. The surge in cyber fraud and regulatory scrutiny underscores the need for robust investor due diligence and proactive risk mitigation. While existing frameworks like the PMLA and SEBI's multi-regulator proposal offer some safeguards, they fall short of addressing the sector's complexities. For investors, the path forward requires a dual focus: adhering to evolving compliance norms while advocating for a regulatory environment that balances innovation with investor protection. As the government grapples with the dual imperatives of fostering blockchain innovation and mitigating systemic risks, the onus remains on market participants to prioritize due diligence in an increasingly volatile landscape.