The impressive growth of Indonesia's cryptocurrency market presents promising potential. On the other hand, there are cybersecurity risks lurking. Pentahelix collaboration ranging from the Financial Services Authority (OJK) to business actors is a requirement so that this great potential can be maximized so that it brings more benefits than just the acquisition of transaction taxes as has been done so far.

This hope was expressed by the panelists of the discussion "The Future of Finance in the Digital Era: Crypto Asset Innovation and Transaction Security Challenges" which was part of the Indonesian Digital Financial Economy Festival x Indonesia Fintech Summit & Expo 2025 (FEKDI x IFSE 2025) organized by Bank Indonesia , in collaboration with the Coordinating Ministry for Economic Affairs and the Financial Services Authority (OJK) at the Jakarta Convention Center, Friday (31/10/2025).

Bank Indonesia Deputy Governor Filianingsih Hendarta emphasized that with the foundation of the digital economy ecosystem maturing and innovations continuing to be made, vigilance against the increasing risk of cyber attacks, personal data theft, and interoperability issues is a milestone to maintain public confidence in the digital financial economy pioneered over the years.

"Don't let the trust that has been formed, because of challenges that we cannot mitigate and solve, whether in the form of cyber attacks or interoperability issues, make people reluctant to use because they doubt the security of digital financial products," he said.

On top of this strong digital security foundation, crypto asset trading is one of the new areas that has the opportunity for great economic benefits, not only in terms of tax revenue, but also the benefits of crypto assets that can be further explored, including the tokenization ofreal worldassets(RWAs).

OJK's Executive Head of Financial Sector Technology Innovation Supervision, Digital Financial Assets, and Crypto Assets Hasan Fawzi revealed that with blockchain innovation, increasing investor interest, andcrypto-friendly financial policy dynamics, crypto assets have provided the foundation for new business models, ranging from decentralized finance(DeFi) to digital rupiah.

"Until September 2025, OJK noted that national crypto asset users reached 18.61 million consumers, with month-to-month growth of 3-5% and total year-to-date crypto asset transactions reaching more than Rp360 trillion. This situation makes Indonesia ranked 7th out of 151 countries in the Global Crypto Adoption Index," Hasan explained.

Reinforcing Filianingsih's explanation, Hasan said that the threat of platform hacking, the risk of infrastructure failure, market manipulation, and covert criminality practices are weak points that can disrupt the integrity of the crypto market. The value of losses due to cyberattacks on crypto assets in the first half of 2025 is estimated to have reached USD 2.3 billion.

"The implementation of good governance, risk management, cybersecurity, and compliance with anti-money laundering aspects is ultimately no longer an option, but a necessity. The success of industry development is not only determined by the rules, but the readiness of all of us to complete the puzzle of the digital financial ecosystem, especially crypto assets in the future," Hasan concluded.

New option: tokenization

In pursuit of the benefits of crypto assets, taxes on trading are considered not to produce a very significant amount. For this reason, Head of OJK's IAKD Regulation and Licensing Department Djoko Kurnijanto hopes that crypto products can also increase liquidity and increase investment instruments that can be accessed by all levels of society. Tokenization is the right choice.

"Tokenization democratizes ownership: someone who couldn't buy large amounts of crypto assets before, can now buy. We are pursuing the benefits to be maximized, by implementing pentahelix. OJK as a regulator invites four other parties, namely industry, academics, mass media, and associations to maximize these benefits," he said.

Djoko underlined that OJK has issued Cybersecurity Guidelines for Digital Financial Assets as a reference document for crypto asset trading with four most important points: cybersecurity governance, risk management, implementation, and data protection that crypto trading infrastructure providers must comply with.

Hara Token CEO Firnando Sirait confirmed Djoko's assessment. As an industry player, he has seen a shift in preference towards crypto assets, which was originally considered a speculation, is now a financial instrument that provides value creation to the surrounding ecosystem, including through tokenization of RWA through real resources.

"At Hara, we try to tokenize commodities, one of which is palm oil. You know our palm oil exports are hampered by European Union regulations. From there, we created a token that contains diligence of the origin of palm oil, by practicing multi-validation methodology, so that not only one person verifies," Firnando said.

After the token product is ready, transaction services through investment applications are the next gate. Pluang Jonathan's Head of Business Development Gregorius Tampubolon said, as an investment service application with a variety of assets, including crypto tokens, it always prioritizes service features that ensure users are able to make wise investment decisions.

"That discretion is manifested in: the adequacy of easily accessible information, advance order features, and web trading services. Beyond that, we are repeatedly reminded to remain compliant with laws and regulations, because it is the first factor for consumer protection," he said.

Responding to Jonathan's explanation, Firnando revealed that governance and user trust in crypto asset investment products and services are still a challenge. For this reason, he hopes that the efforts of crypto token industry players and investment services to build trust in RWA tokens individually will be improved towards regulation at the national level.

"Crypto innovation is a trustless technology. Because this innovation is expected to provide access to improve welfare, the end is not just profit, but economic justice, so that investment products can be accessed by everyone, and make this ecosystem collaborative," he said.

People, not technology

The hard work of regulators and crypto-asset trading industry players to maintain investor confidence implies one important aspect, namely that cybersecurity risks are more threatening to human users, not the infrastructure technology they use. For this reason, adequate information for users is as important as building a system that can ward off cyber attacks.

Chairman of the Board of Directors of the Communication and Information System Security Research Center (CISSReC) Pratama Dahlian Persadha revealed a number of dominant modes of crypto asset hackers, ranging from smart contract exploitation, utilizing code gaps after blockchain deployment, impersonation social engineering with deepfake AI, phishing, to digital Ponzi schemes.

"In fact, 80% of attacks on crypto technology are attacks on people, not the technology. Platform makers relatively understand securing the system and the blockchain is designed strong enough, asset users actually become the entrance to insecurity, starting from leaked passwords, clicking the wrong link carelessly, and so on," Pratama said.

Jonathan Gregorius Tampubolon from Pluang recognizes user negligence as an entry point for cybercrime. From a number of cases that have occurred, Pluang evaluates the weak points that occur most often, namely when hackers succeed in changing pins or numbers or when asset owners sendcrypto assets (crypto send).

Facing these challenges, biometric security such as face match is one of the development measures, although this effort is also threatened by deepfake AI that can authentically replicate voices and faces. In addition, Pluang also installed surveillance instruments on all office devices that can block suspicious links .

Read also:

From Crypto to Fintech, Digital Economy Tax Revenue Continues to Increase

The Ministry of Finance stated that the realization of tax revenue from the digital economy reached Rp 40.02 trillion as of July 31, 2025.

SUAR Inspires the Business WorldBenedictus Krisna Yogatama

To address this, together with OJK and BSSN, CISSReC has developed a crypto trading roadmap that maximizes benefits and maintains security, such as ensuring custody for RWAs, auditing smart contracts, and information-sharing among crypto trading infrastructure providers in the event of an attack. These things require full collaboration, in addition to mutual trust.

"Without literacy, without security awareness, any investment will be useless if the people are not educated to fight the enemies who take advantage of our psychological weaknesses. Rest assured, collaboration makes us equally strong, and will not take away each other's sustenance," he said.

Complementing Pratama's statement, Djoko Kurnijanto emphasized that OJK's supervisory standards will be an indicator of the extent to which industry players carry out risk assessment and cybersecurity risk management, in addition to ensuring the maturity of the system to be used to invest safely.

"Experience has taught us that smart contracts always need to be audited. Therefore, we return to the organizer, must show the results of an independent audit of the smart contract, because it is the 'heart' of the token asset. We will assess the audit results," Djoko concluded.