South Korean agency Digital Asset Exchange Alliance (DAXA) has introduced a new compliance standard. The crypto exchanges operating in the region will now have to invalidate API keys suspected of being improperly shared between users. This is part of the country’s move to improve regulatory oversight in one of the world’s most active digital asset markets.
This development comes as the Financial Supervisory Service (FSS) is pushing scrutiny of automated crypto trading. Regulators suggest that such trading now accounts for around 30% of domestic turnover. The global crypto market saw a massive sell-off over the last 24 hours. Bitcoin price dropped by more than 3%, while Ether dipped by almost 5%. The cumulative crypto market cap stands at $2.46 trillion.
South Korean agency to increase API surveillance
According to reports, the South Korean agency’s new framework is targeting emerging concerns among regulators and exchanges. One of them is the use of shared or compromised API credentials. It is being used to manipulate the markets and spoof orders. However, it can even coordinate trades across multiple accounts. The FSS also urged that some traders repeatedly submit and cancel large buy orders.
The South Korean FSS noted that the traders do this to create false demand signals. They later hit the sell button when the price goes up. However, the regulator did not disclose the number of accounts that are under investigation. The API keys trend has been hitting the market. It allows automated systems to connect directly to exchanges to access market data. Then it moves to execute orders, deposits, and hit withdrawals.
Under the new guidelines, DAXA member exchanges will implement harsh responses when suspicious API-sharing behavior is detected. After enhanced monitoring and user warnings, they will ask users to undergo mandatory re-authentication. Upbit, Bithumb, Coinone, Korbit, and Gopax are regulated by the South Korean agency. These exchanges will also deploy IP whitelisting systems that restrict API access to approved addresses.
Meanwhile, the group has not yet disclosed the precise detection methodology that’ll be used ahead. Back in 2022, 3Commas got linked to the large-scale exposure of access tokens. Reports suggest that around 100,000 API keys were exposed. However, these keys were associated with Binance and KuCoin accounts. Binance, Coinbase, OKX, and Kraken all support IP whitelisting and API permission management.
However, DAXA’s new rules appear to move toward mandatory enforcement in some scenarios. Security researchers have been warning that API credential abuse remains one of the least publicly discussed operational risks inside crypto trading infrastructure. Crypto infrastructure firm Sodot had noted that many API-related incidents are often categorized broadly as generic hacks. They need to be disclosed as credential compromises.
