Particle.news
Get it on Google Play
Download on the App Store
3 ARTICLES
·
12h ago

DAXA Orders South Korea Exchanges to Invalidate Shared Crypto API Keys

The policy forces member platforms to add IP whitelisting plus stepped re-authentication to curb automated trading that regulators say drives about 30% of domestic turnover.

Overview

  • DAXA announced the new compliance standard on May 28–29 that requires member exchanges to detect and invalidate API keys suspected of being shared or misused.
  • The rule compels Upbit, Bithumb, Coinone, Korbit and Gopax to roll out IP whitelisting so API access works only from pre-approved addresses registered by the account holder.
  • Exchanges must apply risk-based responses to suspicious API activity, beginning with monitoring and warnings, moving to re-authentication, and forcing key expiry in higher-risk cases.
  • Regulators warn that automated trading can be used to create false demand signals, and the Financial Supervisory Service says API-driven trades account for about 30% of domestic crypto turnover.
  • The standard responds to past credential exposures such as the 2022 3Commas breach but DAXA has not published the exact detection methods, leaving questions about implementation, false positives and regulatory oversight.