The Crypto Conundrum: Balancing Security, Regulation, and Trust with Coinhako's Pasi Koistinen.

Corinium’s Kashmira George spoke with Pasi Koistinen, Chief Information Security Officer at Coinhako, about the critical security issues shaping the crypto landscape in Singapore, 2025 and beyond.
The allure of decentralisation and innovation is often tempered by the undercurrent of significant security hurdles. As the industry matures, the importance of addressing cybersecurity risks, regulatory compliance, and the erosion of public trust during crises cannot be overstated.
The Crypto Sphere at a Glance
Cryptocurrency operates in a realm of high stakes and even higher risks. Among the most pressing challenges are state-sponsored attacks, particularly from North Korea.
Pasi notes, “State-sponsored attackers typically target centralised players or DeFi projects to get a lot of assets in one go,” and this has led to substantial financial losses across the industry. Simultaneously, cybercriminal gangs focus on end users, exploiting vulnerabilities in crypto wallets to syphon funds. These challenges are compounded by the anonymity and global reach of blockchain technologies, which make tracking and preventing such attacks increasingly complex.
Navigating Regulatory and Compliance Hurdles
Singapore has emerged as a global leader in crypto regulation, offering an advanced framework designed to protect consumers and ensure the integrity of financial operations. However, this regulatory rigour presents a mixed bag for businesses operating in the crypto space. While it enhances security and reliability, it also creates barriers that may drive companies to less-regulated jurisdictions.
Pasi observes, “Singapore has a quite advanced framework for regulation—a challenge and an opportunity. From a security perspective, users may appreciate the added reliability, but it’s definitely stricter than many other countries.”
Compliance with guidelines such as those issued by the Monetary Authority of Singapore (MAS) is non-negotiable. These include mandatory notices like the Cyber Hygiene Notice, which outlines essential practices for safeguarding operations, and more extensive guidelines like the Technology Risk Management Guidelines, which allow for risk-based control applications. Navigating these requirements demands expertise and rigorous internal assessments, highlighting the critical role of skilled cybersecurity professionals.
Emerging Threats and the Role of AI
The rapid proliferation of AI technologies has brought new complexities to the cybersecurity landscape.
As attackers become more sophisticated, AI is increasingly used in the reconnaissance and infiltration phases of cyberattacks. "AI is being used to generate believable phishing messages to users and even create realistic images," Pasi explains.
These advancements demand that companies strengthen their defences. Pasi highlights the necessity of employing advanced tools to detect AI-generated content while acknowledging the limitations of automation. Pasi adds, "Image analysis is as much an art as it is a science, and automatic detection will only take you so far. Skilled human analysts remain essential to interpreting and responding to these threats.”
Crisis Management and Trust Rebuilding
In an industry where trust is a rare commodity, a single data breach can have catastrophic implications. Effective crisis management is not just about mitigating immediate damage but also about long-term reputation rebuilding.
Companies should “staff support teams with everything you’ve got” to handle the surge in customer contacts and ensure “honesty and transparency” in communication to maintain trust and credibility, Pasi advises. Companies must invest in robust crisis communication strategies, ensuring transparency and timeliness in their interactions with stakeholders, regulators, and the public.
CISOs play a pivotal role in these efforts, coordinating internal recovery teams while senior executives handle external communications. The importance of honesty and accountability cannot be overstated; attempts to obscure facts or downplay breaches only exacerbate distrust and harm an already fragile reputation.
The Case for Industry Standards
The lack of standardised regulatory compliance across the crypto industry is a glaring issue. While frameworks like ISO 27001 and SOC 2 offer guidance, there is a pressing need for these standards akin to those in traditional banking.
Pasi remarks, "Without them, regulators may eventually step in and impose stricter rules that the industry might find challenging to adapt to." Such measures would not only enhance security but also provide a unified approach to protecting customer assets and maintaining operational integrity.
One practical step forward is the implementation of cold storage solutions for asset custody, ensuring that large reserves remain offline and impervious to cyberattacks. These measures, coupled with an industry-wide commitment to robust security practices, could usher in a new era of trust and stability.
Looking Ahead
The path forward is not without challenges, but by addressing these priorities head-on, the crypto industry can transform its vulnerabilities into strengths. For CISOs and other leaders, the mandate is clear: secure the present, adapt for the future, and build a foundation of trust that transcends market fluctuations and technological disruptions.
At CISO FSI Singapore 2025, leaders will convene to discuss cutting-edge offensive tactics, exchange best practices, and collaborate with peers to boost your organisation's defences against rising phishing and social engineering threats. It is an unmatched chance to obtain a tangible understanding of the urgent cybersecurity issues confronting the financial services sector. With dedicated sessions on leadership, AI-driven security, and public education initiatives, this conference equips CISOs with the tools to not only protect their institutions but to lead the charge in redefining cybersecurity in the financial world.
If you are interested to speak or partner with us at CISO FSI Singapore 2025, reach out to Kashmira George.