South Korea’s Digital Asset Exchange Alliance (DAXA) has approved a mandatory compliance standard requiring member exchanges to invalidate API keys suspected of being improperly shared between users. The move escalates regulatory oversight in one of the world’s most active crypto markets, where the Financial Supervisory Service (FSS) estimates that automated trading accounts for roughly 30% of domestic turnover.
According to official statements, the framework targets market manipulation practices such as spoofing—repeatedly placing and cancelling large buy orders to fabricate demand before executing sell orders. DAXA’s tiered response will begin with enhanced monitoring and user warnings, followed by mandatory re-authentication, and culminate in forced expiration of the compromised API credentials. In parallel, exchanges including Upbit, Bithumb, Coinone, Korbit, and Gopax will deploy IP whitelisting to restrict access to approved addresses only.
The initiative addresses a persistent operational risk highlighted by the 2022 3Commas breach, where roughly 100,000 API keys were exposed. While global platforms like Binance and Coinbase offer optional API permission controls, South Korea’s rules now shift toward mandatory enforcement under specific risk parameters. Industry analysts note that API credential abuse is frequently misclassified as generic hacks, masking deeper vulnerabilities in trading infrastructure.
