The Digital Asset eXchange Alliance of Korea (DAXA) rolled out new compliance standards on May 29, requiring exchanges including Upbit, Bithumb, Coinone, Korbit, and Gopax to revoke API keys that are suspected of being improperly shared among users. DAXA confirmed it will deploy an IP whitelist system, but has not yet disclosed the specific method for detecting API sharing.
DAXA Confirms New Measures: Key Revocation, Re-Authentication, and IP Whitelisting
In its new rules, DAXA confirmed that once a member exchange detects suspicious API sharing behavior, it will take step-by-step actions: strengthen monitoring, issue warnings to users, then require mandatory re-authentication, and ultimately revoke the API keys suspected of being shared.
At the same time, member exchanges will deploy an IP whitelist system to restrict API access to connections only from addresses approved by themselves. Binance, Coinbase, OKX, and Kraken previously supported IP whitelisting and API permission management, and DAXA’s new rules mandate such controls among exchanges in South Korea.
Known Background of FSS-Confirmed Manipulation Patterns and API Abuse
FSS said that some traders create fake demand signals by repeatedly placing and canceling large buy orders, and then execute sell orders after the price is pushed up. FSS confirmed it has not disclosed the number of accounts currently under investigation.
As for historical context, during the March 3Commas incident in 2022, about ten thousand API keys leaked. The related keys were linked to Binance and KuCoin accounts. Crypto infrastructure company Sodot confirmed that many API-related incidents are often broadly categorized as general hacker attacks and are not properly disclosed as credential leakage incidents.
Frequently Asked Questions
What specific measures does DAXA’s new API rule require, and which exchanges does it apply to?
Based on DAXA’s confirmation, the new rules require the five exchanges—Upbit, Bithumb, Coinone, Korbit, and Gopax—to, after detecting suspicious API sharing, carry out: strengthen monitoring, issue user warnings, require mandatory re-authentication, ultimately revoke the API keys suspected of being shared, and deploy an IP whitelist system. DAXA confirmed it has not disclosed the specific detection methods.
What specific market manipulation technique did FSS confirm, and what type of violation does it fall under?
FSS confirmed that the flagged manipulation methods include: repeatedly placing and canceling large buy orders to create fake demand signals, and then executing sell orders after the price is pushed up—falling under market-deceptive quoting behavior (Spoofing). FSS confirmed it has not disclosed the specific number of accounts under investigation.
How is the 3Commas incident in 2022 related in background to DAXA’s new rules this time?
The 3Commas incident occurred in 2022, with about ten thousand API keys leaked, and the related keys were linked to Binance and KuCoin accounts. DAXA’s new rules aim, from a compliance perspective, to require exchanges to proactively detect and manage API sharing behavior, rather than waiting to respond only after a leak event occurs.
