Police have urged the public to be on their guard against new forms of cybersecurity threats, as total losses from hacking crimes surged nearly 70 percent in the first quarter of 2026.

Total losses from these crimes reached HK$21.2 million between January and March, with 11 cases recorded.

Senior Superintendent Carmen Leung from the Cyber Security and Technology Crime Bureau noted that a number of local financial organisations and virtual asset service platforms came under attack and suffered major losses.

The largest loss recorded was HK$20 million.

“In February this year, an employee of a software outsourcing contractor of a cryptocurrency trading platform – he was actually arrested for exploring a system vulnerability to access electronic wallet information of a platform for the customers, and transferring approximately HK$20 million worth of cryptocurrencies,” she said.

But the bureau said losses from technology-related crimes dropped 10 percent during the period compared to a year ago to HK$1.29 billion.

The number of such cases was also reduced by about 15 percent to 6,504.

Separately, the bureau said it identified more than 1.54 million cyber threats targeting the SAR in 2025 – more than double 2024's figure.

Superintendent Rachel Hui said companies should conduct regular checks to detect relevant threats.

“They have to check their internet-facing system to see whether there are any loopholes. The second recommendation is to properly manage their identities and privileges to make sure that there are no passwords leaked on the internet," she said.

“If there are any idle accounts or idle systems, they have to properly manage them to make sure that there are no unnecessary ports being opened on the internet.”

Looking ahead, the force noted that blockchain technology could be an emerging cybersecurity threat.

“Most commonly the risks we may [come across] are smart contract vulnerabilities, private key theft, cross-chain bridge exploits, such as fake deposit attacks. These attacks normally aim to steal the virtual assets or manipulate the decentralised applications,” chief superintendent Raymond Lam said.

Other potential threats include quantum technology and cloud computing, he added.


Edited by Aaron Tam