South Korea’s DAXA Tightens Crypto API Key Rules Amid Automated Trading Scrutiny
According to reports, South Korea’s exchange alliance DAXA will require member platforms to revoke suspiciously shared API keys as the Financial Supervisory Service says automated trading makes up about 30% of domestic crypto volume.
South Korea’s Digital Asset Exchange Alliance, or DAXA, has introduced a new compliance standard requiring domestic crypto exchanges to revoke application programming interface, or API, keys suspected of being improperly shared between users. The measure comes as the Financial Supervisory Service, or FSS, intensifies scrutiny of automated trading, which it said accounts for about 30% of domestic crypto volume. DAXA member exchanges Upbit, Bithumb, Coinone, Korbit, and Gopax will implement stricter monitoring, user warnings, mandatory re-authentication, and IP whitelisting when suspicious API activity is detected. Regulators are concerned that shared or compromised API credentials can be used for market manipulation, including spoofing and coordinated trading across multiple accounts. The broader discussion follows industry concerns over API credential abuse after the 2022 3Commas incident, in which reports said about 100,000 API keys tied to Binance and KuCoin accounts were exposed.
- API key: A credential that lets software connect to an exchange to access data and perform actions such as trading or withdrawals.
- Spoofing: A market manipulation tactic in which traders place and cancel large orders to create false signals of supply or demand.
- IP whitelisting: A security control that limits account or API access to pre-approved internet addresses.