SlowMist Attends the Hong Kong Web3 Intelligence & Enforcement Summit and VAIT Inauguration Ceremony
On October 10, the Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force hosted the Web3 Intelligence & Enforcement Summit in Hong Kong, where it officially announced the establishment of the Virtual Asset Intelligence Team (VAIT). The event gathered over 250 representatives from the Security Bureau, Financial Services and the Treasury Bureau, the Hong Kong Monetary Authority (HKMA), the Securities and Futures Commission (SFC), the Customs and Excise Department (C&ED), licensed Virtual Asset Service Providers (VASPs), financial institutions, and academia. The forum focused on interdepartmental collaboration, anti–money laundering (AML) supervision, and Web3 cybersecurity and enforcement strategies, aiming to jointly explore how to build a secure, transparent, and healthy virtual asset ecosystem.
Formation of VAIT: Strengthening Public–Private Collaboration to Enhance Crime Prevention
Led by the Hong Kong Police Force, the Virtual Asset Intelligence Team (VAIT) was established in collaboration with law enforcement agencies (including HKPF and C&ED), financial regulators (including HKMA and SFC), and licensed VASPs. Its goal is to foster cross-sector intelligence sharing and coordinated actions, enhance detection and prevention capabilities against virtual asset–related crimes and cybersecurity threats, and reinforce overall resilience in crime prevention and enforcement effectiveness.
In his keynote speech, Commissioner of Police Joe Chow Yat-ming stated:
“In the first eight months of this year, 1,463 virtual asset–related cases were recorded, including fraud, extortion, money laundering, and theft. Although the number of cases dropped by 16% year-on-year, total losses still reached HK$2.27 billion — a 5% increase. Fifteen of these cases involved hacking attacks targeting Web3 institutions, such as exchanges, investment firms, and decentralized projects, with total losses of about HK$990 million.”
He emphasized that while Web3 brings significant opportunities, it also presents unprecedented enforcement challenges. The police must act proactively to ensure innovative technologies are not exploited by criminals. With “public–private collaboration” as its core model, VAIT aims to promote a compliant and secure development of the virtual asset ecosystem, strengthening market integrity and asset protection.
Deputy Secretary for Security Michael Cheuk Hau-yip added that security, compliance, and innovation are not mutually exclusive. Effective collaboration among regulators, industry, and law enforcement — supported by clear regulatory frameworks, industry self-discipline, and efficient enforcement — is essential to protect investors and maintain market stability.
SlowMist Founder Invited to Attend the Forum
The summit featured an “Executive Dialogue” session joined by VAIT Chairperson and CSTCB Chief Superintendent LAM Cheuk-ho, Raymond, Deputy Commissioner of Customs (Control and Enforcement) WOO Wai-kwan, Mark, SFC Executive Director of Intermediaries Dr YIP Chee-hang, Eric, and HKMA Assistant Chief Executive (Regulatory and AML) CHAN King-wang, Raymond. The panel shared insights from enforcement, regulatory, and financial stability perspectives, outlining future directions for Hong Kong’s digital asset development.
The event also included thematic discussions focused on AML regulatory frameworks for VASPs and cybersecurity challenges and response strategies in Web3.SlowMist founder Cos was invited to speak at the panel on “Cybersecurity Challenges and Countermeasures for VASPs,” alongside experts from RD Wallet, Amber Group, OSL, and Beosin, where they discussed key challenges and best practices in building compliance-driven security systems for VASPs.
Cos noted that, based on SlowMist Hacked, a significant proportion of recent security incidents over the past month were directly related to poor private key management. The main causes fall into three categories:
- Insider compromise or infiltration — where team members turn malicious or are impersonated or recruited by hacker groups;
- Operational negligence — such as developers accidentally uploading private keys to public repositories or leaking them during debugging or outsourcing;
- Professional hacking attacks — including those by state-level actors such as North Korean hacker groups, who infiltrate teams via social engineering, malware, or fake conferences.
He stressed that projects should adopt a holistic defense strategy across human, technical, and procedural dimensions — for example, integrating multi-signature schemes with hardware wallets, establishing real-time security monitoring, and continuously training teams to raise security awareness.
Cos further revealed that the SlowMist team had observed at least three attacks exploiting Internet routing protocols such as BGP (Border Gateway Protocol). These types of attacks are exceedingly rare in the traditional Internet world but have been adapted to the Web3 environment due to the high potential financial gains.“This shows that in the crypto industry, attacks can emerge at any layer of the stack. We must adopt a comprehensive, multi-dimensional view of defense,” he said.
On the topic of risk management, Cos emphasized:
“Security should never be understood as a one-time audit or a post-incident investigation. True protection requires a full lifecycle approach — covering the stages before, during, and after incidents. Security is a dynamic process where offense and defense constantly evolve. Through research and intelligence sharing, we aim to push the industry to take a more proactive stance — prioritizing prevention over remediation.”
As one of the organizations participating in the summit, SlowMist remains committed to blockchain security. Since 2018, the team has assisted in multiple global blockchain asset tracing and freezing operations and has continuously advanced AML compliance, threat intelligence sharing, and security education initiatives.
Going forward, SlowMist will continue to work closely with regulators, law enforcement agencies, and industry partners to promote a safer and more resilient virtual asset ecosystem — supporting Hong Kong’s role as a global model in Web3 security governance.
About SlowMist
SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.
SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.
