Best crypto insights delivered straight to your inbox.
South Korea tightens crypto API controls as DAXA targets shared key abuse
South Korea tightens crypto API controls as DAXA targets shared key abuse
- Digital Asset Exchange Alliance introduced rules forcing exchanges to block suspiciously shared API keys.
- South Korea’s Financial Supervisory Service said automated trading now makes up around 30% of crypto turnover.
- Exchanges including Upbit and Bithumb will add stricter API monitoring and IP whitelisting.
South Korea’s Digital Asset Exchange Alliance (DAXA) introduced a new compliance standard. The crypto exchanges operating in the region will now have to invalidate API keys suspected of being improperly shared between users. This action has escalated regulatory oversight in one of the world’s most active digital asset markets.
This comes in when the Financial Supervisory Service (FSS) is pushing scrutiny of automated crypto trading. Regulators suggest that such trading now accounts for around 30% of domestic turnover.
The global crypto market saw a massive sell-off over the last 24 hours. Bitcoin price dropped by more than 3%, while Ether dipped by almost 5%. The cumulative crypto market cap stands at $2.46 trillion.
DAXA escalates API surveillance
According to reports, DAXA’s new framework is targeting emerging concerns among regulators and exchanges. One of them is the use of shared or compromised API credentials. It is being used to manipulate the markets and spoof orders. However, it can even coordinate trades across multiple accounts.
The FSS urged that some traders repeatedly submitted and canceled large buy orders. This was done to create false demand signals. They later hit the sell button when the price goes up. However, the regulator did not disclose the number of accounts that are under investigation.
The API keys trend has been hitting the market. It allows automated systems to connect directly to exchanges to access market data. Then it moves to execute orders, deposits, and hit withdrawals.
Under the new guidelines, DAXA member exchanges will implement harsh responses when suspicious API-sharing behavior is detected. After enhanced monitoring and user warnings, they will ask users to undergo mandatory re-authentication.
Upbit, Bithumb, Coinone, Korbit, and Gopax are regulated by DAXA. These exchanges will also deploy IP whitelisting systems that restrict API access to approved addresses. Meanwhile, the group has not yet disclosed the precise detection methodology that’ll be used ahead.
API abuse sparks Korea crackdown
Back in 2022, 3Commas got linked to the large-scale exposure of access tokens. Reports suggest that around 100,000 API keys were exposed. However, these keys were associated with Binance and KuCoin accounts.
Binance, Coinbase, OKX, and Kraken all support IP whitelisting and API permission management. However, DAXA’s new rules appear to move toward mandatory enforcement in some scenarios.
Security researchers have been warning that API credential abuse remains one of the least publicly discussed operational risks inside crypto trading infrastructure.
Crypto infrastructure firm Sodot had noted that many API-related incidents are often categorized broadly as generic hacks. They need to be disclosed as credential compromises.
Former Binance CEO Changpeng Zhao also publicly warned users during the 3Commas incident. It was evident that API credentials represented a serious risk for automated trading systems.
The smartest crypto minds already read our newsletter. Want in? Join them.
FAQs
What is DAXA and which exchanges does it cover?
DAXA is South Korea's Digital Asset Exchange Alliance, a self-regulatory body whose members include the country's five largest exchanges: Upbit, Bithumb, Coinone, Korbit, and Gopax, along with smaller licensed operators.
What happens if an exchange flags my API key under the new standard?
Exchanges will apply escalating measures based on assessed risk, starting with intensified monitoring and warnings, then requiring re-authentication, and ultimately forcing the key to expire, cutting off all access until a new compliant key is generated.
How will exchanges detect improper API key sharing?
DAXA has not disclosed specific technical methods, but the framework points to behavioral analysis, unusual trading patterns, and access from unregistered IP addresses as likely detection signals, according to reporting from BloomingBit and Binance Square.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Ashish Kumar
Ashish Kumar is a crypto and financial journalist with eight years of newsroom experience. He covers what’s happening with crypto markets, regulation, DeFi, and exchange ecosystems. He has worked with Coingape, Todayq, and Newsroompost. Ashish holds a PGDP in English Journalism from the IIMC. He has also interviewed industry figures including Arthur Hayes, Yat Siu, Austin Federa, and more.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)