Fake MiCA (Markets in Crypto-Assets) asset-referenced-token / e-money-token white-paper notification lure — "ESMA white-paper notification deficient — 30-day cure or CASP suspended" via fake ESMA NCA portal harvests issuer treasury wallet creds + CASP authorisation submission credentials. MiCA Title III/IV (ARTs/EMTs) + Title V CASP (Crypto-Asset Service Provider) authorisation transitional ends Jul 1, 2026, lending the lure narrative immediate credibility. Real MiCA white-paper notifications go through esma.europa.eu / eba.europa.eu / member-state NCA (BaFin / AMF / CSSF / CONSOB) portals using NCA-issued credentials, never via inbound email link demanding cure within 30 days. B2B-CASP scope; SACRED `regulatory_filing` + crypto-cluster; cross-list R7 C1, R8 C6/C7. Source: GC1 R9 multiagent council P1 (S3 EU-reg specialist).

Fake MiCA (Markets in Crypto-Assets Regulation) asset-referenced-token / e-money-token white-paper notification deficiency lure targeting EU CASP (Crypto-Asset Service Provider) and ART/EMT (asset-referenced-token / e-money-token) issuers. The phish narrative arrives as: "ESMA white-paper notification deficient — 30-day cure or CASP suspended," or "MiCA Title III ART white-paper review reports a deficiency in your asset-referenced token notification — 30 day cure period or CASP authorisation withdrawn." MiCA Title III/IV (ARTs/EMTs) + Title V CASP authorisation transitional ends Jul 1, 2026 (the MiCA transitional period ran through Jul 1, 2026 for incumbent CASPs; the cliff drove a flurry of authorisation submissions and white-paper notifications across the EU NCA portals in 2025-26), lending the lure narrative immediate credibility for issuers and CASPs in mid-authorisation. Lookalike ESMA / NCA portals harvest issuer treasury wallet credentials (catastrophic — the issuer's ART / EMT reserve-asset wallet plus the CASP's treasury wallet are the highest-value crypto wallets in the regulated ecosystem) plus CASP authorisation submission credentials (post-compromise the attacker can withdraw the authorisation submission, modify reserve-asset attestation, or substitute fraudulent operating data). Real MiCA white-paper notifications go through esma.europa.eu / eba.europa.eu / member-state NCA (BaFin / AMF / CSSF / CONSOB) portals using NCA-issued credentials, never via inbound email link demanding cure within 30 days. B2B-CASP scope; SACRED `regulatory_filing` + crypto-cluster; cross-list R7 C1 (EIP-7702), R8 C6/C7 (EigenLayer / NFT royalty). Fires when body references MiCA / Markets in Crypto-Assets / ART / asset-referenced token / e-money token / EMT / CASP / crypto-asset service / ESMA / white paper / reverse solicitation AND contains deficient / cure / suspend / withdraw / notification / deadline / transitional / 30-days / action-required urgency. Excludes esma.europa.eu, eba.europa.eu, bafin.de, amf-france.org, cssf.lu, consob.it, and the broader .europa.eu umbrella. Auto-classified as danger via the `-lure` suffix. Source: GC1 R9 multi-agent council P1 (S3 EU-reg specialist).