Crypto Security: 12 Korean Exchanges Pass Self-Regulatory Check with Flaws

Hacked Bithumb as well as OKCoin Korea, Huobi Korea and Coinone met general standards but passed cybersecurity self-regulatory requirements at a minimum level with a big gap in their results.

Twelve Korean cryptocurrency exchanges have passed the self-regulatory standard checks with several deficiencies, the Korea Blockchain Association (KBA) said on Wednesday. The exchanges, including the hacked Bithumb, met the general requirements with no problems while the cybersecurity test was passed at a minimum level with a big difference between participating trading platforms.

The so-called general standards included anti-money laundering (AML) provisions, adoption of cold wallet, and minimum total asset requirements.

Some security flaws were found but KBA would not reveal any details, because they could be used by hackers for cyberattacks, Jhun Ha-jin, head of self-regulatory body said during a press-conference. However, Ha-jin, noted that there is a “huge gap in the level of handling cybersecurity risks” between the twelve exchanges. Meeting the security standard did not necessarily mean immunity from hacking attacks, he added as quoted by the Korean Herald newspaper.

The test, which included inspections and interviews made by third-party experts, was voluntary and included 14 out of 23 exchanges that are KBA members. Two of the companies, that had not met the requirements, Sunny7 and Komid, quitted the inspection.

Bithumb, OKCoin Korea, Huobi Korea, Upbit, Coinone, Dexko, Hanbitco, Neoframe, Gopax, Cpdax, Coinzest and Korbit passed the test.

The KBA check started in May and continued for two months. It covered the month of June when two Korean exchanges were hacked: Bithumb, a participant in KBA test, lost an estimated $31 million and Coinrail, which was not part of the test, lost around $40 million in an attack.

On Tuesday, the new revised anti-money laundering bank rules on cryptocurrency settlement were enforced by the country’s Financial Service Commission (FSC). Banks and other financial institutions are now obliged to expand due diligence procedures for cryptocurrency exchanges to their non-client accounts, to share information about overseas digital trading platforms with the FSC, and to halt immediately suspicious cryptocurrency transactions.

Last week, South Korea’s government released a new classification system for the crypto and blockchain industry, in line with G20 intentions for a common approach to virtual assets. The classification has ten categories, including blockchain system, decentralized application, and cryptocurrency exchange.