South Korea’s DAXA Tightens Crypto Exchange API Controls

TLDR

• DAXA requires member exchanges to invalidate API keys suspected of improper sharing between users.
• South Korea’s FSS says automated trading forms about 30% of domestic crypto turnover.
• Upbit, Bithumb, Coinone, Korbit, and Gopax will strengthen API monitoring systems.
• Exchanges will require user warnings, re-authentication, and stricter checks after suspicious API activity.
• IP whitelisting will limit API access to approved addresses and reduce credential misuse.

South Korea’s crypto exchange group has moved to tighten API controls across local trading platforms. The Digital Asset Exchange Alliance introduced a new compliance standard for member exchanges. The rule targets API keys suspected of improper sharing or misuse.

The move comes as regulators review automated trading activity in the local crypto market. The Financial Supervisory Service said automated trading now makes up around 30% of domestic crypto turnover.

DAXA Moves Against Shared API Keys

DAXA’s new standard requires exchanges to invalidate API keys when suspicious sharing is detected. The rule applies to member exchanges operating in South Korea. These include Upbit, Bithumb, Coinone, Korbit, and Gopax.

API keys allow trading systems to connect with exchange accounts. They can support market data access and trade execution. In some cases, they can also allow deposits or withdrawals.

Regulators have raised concerns about shared or compromised API credentials. These keys can be used across several accounts. They may also help traders place or cancel orders at high speed.

The FSS said some traders placed large buy orders and canceled them later. It said this could create false demand signals. The regulator did not disclose how many accounts are under review.

Exchanges Add Monitoring and Re-Authentication

Under the new rules, exchanges will increase API monitoring. They will also warn users when unusual API activity appears. After that, users may need to complete re-authentication.

The process aims to confirm account ownership and trading control. It also gives exchanges a way to act before abuse spreads. DAXA has not released its full detection method.

Member exchanges will also use IP whitelisting for API access. This system allows only approved internet addresses to connect. As a result, stolen keys become harder to use from unknown locations.

Several major global exchanges already offer similar tools. Binance, Coinbase, OKX, and Kraken support IP whitelisting and API permission controls. DAXA’s rule moves closer to stronger enforcement in selected cases.

API Abuse Draws Wider Attention

API security became a wider concern after the 3Commas incident in 2022. Reports said about 100,000 API keys were exposed. Those keys were linked to Binance and KuCoin accounts.

Former Binance CEO Changpeng Zhao warned users during that incident. He said exposed API credentials carried clear risks for automated trading users. The event pushed more traders to review API permissions.

Security researchers have also warned about weak API controls. They say many API incidents get reported as broad exchange hacks. However, some cases may involve credential compromise instead.

Crypto infrastructure firm Sodot has also discussed the issue. It said API-related incidents often receive broad labels. The firm argued that markets need clearer reporting around credential misuse.

DAXA’s action places API security at the center of South Korea’s crypto oversight. The rules focus on account control, safer automation, and stronger exchange checks. Regulators are now watching automated trading more closely.

The post South Korea’s DAXA Tightens Crypto Exchange API Controls appeared first on CoinCentral.