Cryptonews

DAXA Tightens API Key Rules to Curb Crypto Market Manipulation in South Korea

Source
CryptoNewsTrend
Published
DAXA Tightens API Key Rules to Curb Crypto Market Manipulation in South Korea

Table of Contents South Korea’s Digital Asset Exchange Alliance (DAXA) has introduced a new compliance standard targeting improper API key sharing among crypto exchange users. The policy responds to growing concerns about market manipulation and unfair trading practices. Major exchanges, including Upbit and Bithumb, fall under the new framework. Regulators note that automated trading now accounts for roughly 30% of domestic crypto turnover. DAXA announced the new standard policy on May 28, addressing the misuse of API keys on virtual asset platforms. These keys allow users to perform critical functions such as order placement, balance checks, and withdrawals. The concern arose after incidents where users lent or shared API keys with third parties to conduct unfair trades. Under the new rules, exchanges must apply risk-based responses when suspicious API-sharing activity is detected. These responses range from targeted monitoring and warning notifications to mandatory re-authentication. In higher-risk cases, exchanges will force the expiration of compromised API keys. Jaejin Kim, Executive Vice Chairman of DAXA, addressed the urgency of the new measures directly. “DAXA and its member companies will respond swiftly to new and emerging threats, and will take strong measures as needed to uphold the paramount value of user protection,” Kim said. DAXA member exchanges — Upbit, Bithumb, Coinone, Korbit, and Gopax — will also roll out IP whitelisting systems. These systems restrict API access to pre-approved IP addresses registered by the account holder. However, DAXA has not yet disclosed the exact detection methodology it will use. The Financial Supervisory Service (FSS) has been pushing for stricter oversight of automated crypto trading in South Korea. Regulators found that some traders repeatedly submitted and canceled large buy orders to create false demand signals, later selling once prices rose. The FSS has not disclosed how many accounts are under investigation. This crackdown comes against a broader backdrop of API credential misuse in global crypto markets. In 2022, platform 3Commas was linked to a large-scale exposure of around 100,000 API keys tied to Binance and KuCoin accounts. At the time, former Binance CEO Changpeng Zhao publicly cautioned users, warning that API credentials represented “a serious risk for automated trading systems.” Exchanges like Binance, Coinbase, OKX, and Kraken already support IP whitelisting and API permission management voluntarily. DAXA’s framework, however, moves toward mandatory enforcement in specific scenarios. Security researchers have long warned that API credential abuse remains one of the least-discussed risks in crypto trading infrastructure. Crypto infrastructure firm Sodot noted that many such incidents get broadly labeled as generic hacks rather than properly classified as credential compromises.